Three months on from the global WannaCry cyberattack Attack.Ransom , someone has withdrawn funds acquired when victims paid ransoms Attack.Ransom . Almost three months on from the WannaCry ransomware outbreak Attack.Ransom , those behind the global cyberattack Attack.Ransom have finally cashed out their ransom payments Attack.Ransom . The WannaCry epidemic hit Attack.Ransom organisations around the world in May , with the file-encrypting malware -- which used a leaked NSA exploit -- attacking Attack.Ransom Windows systems . It infected over 300,000 PCs and crippling systems across the Americas , Europe , Russia , and China . The UK 's National Health Service was particularly badly hit Attack.Ransom by the attack Attack.Ransom , with hospitals and doctor 's surgeries knocked offline , and some services not restored until days after the ransomware hit Attack.Ransom . WannaCry continued to claim victims even after the initial outbreak : June saw Honda forced to shut down a factory due to an infection and speed cameras in Victoria , Australia also fell victim to the ransomware . While the attack Attack.Ransom was certainly high profile , mistakes in the code meant many victims of WannaCry Attack.Ransom were able to successfully unlock systems without giving into the demands Attack.Ransom of hackers . A bot tracking ransom payments Attack.Ransom says only 338 victims paid Attack.Ransom the $ 300 bitcoin ransom demand Attack.Ransom - not exactly a large haul for an attack which infected hundreds of thousands of computers . In the months since the attack Attack.Ransom , the bitcoin wallets containing the money extorted Attack.Ransom by WannaCry were left untouched , but August 3 saw them suddenly start to be emptied . At the time of withdrawal , the value of the wallets totalled $ 140,000 thanks to changes in the valuation of bitcoin . Three separate withdrawals between 7.3 bitcoin ( $ 20,055 ) and 9.67 bitcoin ( $ 26,435 ) were made in the space of a minute at 4:10am BST , accounting for around half of the total value of the extorted funds . Five minutes later , three more withdrawals of between seven bitcoin ( $ 19.318 ) and 10 Bitcoin ( $ 27,514 ) were made in the space of another 60 seconds . Ten minutes later , a final withdrawal was made , emptying the remaining bitcoin from the WannaCry wallets . There 's no official confirmation of who carried out the attack , but both private cybersecurity firms and investigating government agencies have pointed to North Korea as the culprit . A month after WannaCry Attack.Ransom , companies around the world found themselves being hit Attack.Ransom by another fast-spreading cyberattack in the form of Petya , which like WannaCry is still causing issues for some of those affected . Unfortunately , the success of WannaCry and Petya infection rates means many cybercriminal groups are attempting to copy the worm-like features of these viruses for their own ends .

Companies and individuals in Japan are finding their computers are increasingly targeted by ransomware campaign Attack.Ransom that bar victims from accessing important files unless they pay money Attack.Ransom . “ Attacks on Japanese businesses have been particularly large in number , ” said Masakatsu Morii , a professor of information and telecommunications engineering at Kobe University ’ s Graduate School of Engineering . Ransomware typically infects computers when its user opens a file attached to spam mail from a sender pretending to be Attack.Phishing a legitimate entity such as a parcel delivery company , according to the government-affiliated Information-Technology Promotion Agency . The malicious programs encrypt the infected computers ’ files , and users can only open them after paying Attack.Ransom the perpetrators money to obtain a special key to unlock them . Yoshihito Kurotani , a researcher at the agency ’ s engineering department , said the programs employ basic encryption technologies . Kurotani ’ s agency has received numerous inquiries asking for help from victims who can not access their photos or business files . The bogus emails “ used to be written in English or unnatural Japanese , but we have seen increasing attacks using natural Japanese recently , ” Kurotani said . Computer security firm Trend Micro Inc. said it received 2,810 reports of ransomware attacks Attack.Ransom nationwide in 2016 — a 3.5-fold jump from the previous year . “ Tactics are expected to be even more sophisticated in 2017 , ” a Trend Micro official said . A survey conducted by the firm last June shows that about 60 percent of companies that were attacked Attack.Ransom paid ransoms Attack.Ransom . The payment in one case exceeded ¥10 million ( $ 88,000 ) . The extortion Attack.Ransom and the transactions in the ransomware programs themselves have become a profitable business for cybercriminals . The programs are traded on online black markets that can not be accessed without the use of special software . In the “ dark web ” networks , various programs are sold , including multilingual ones and one that can be used for a “ lifetime ” for just $ 39 . The people who post the programs make profits by taking a share of ransoms collected Attack.Ransom . Firms undertaking the delivery of unsolicited emails do business there , too . Katsuyuki Okamoto , a security “ evangelist ” at Trend Micro , said it has become easier and easier to be involved in or become a victim of cybercrime . Cybersecurity experts warn that users should protect their computers by always keeping operating systems and anti-malware software up-to-date and should constantly back up their data . They said victims should never pay ransoms Attack.Ransom as there is no guarantee their files will actually be restored . “ If you pay money Attack.Ransom to the criminals , that will only help them create a new virus , ” Okamoto said .