Aside from dissuading victims from handing over money that may help fund further such attacks, they caution that it is not guaranteed the attackers will return control of people’s computers even if they pay the assailants in bitcoin, a digital currency favored in such ransomware attacks that can be difficult to trace.
Officials also note that the attackers, who have yet to been named, have provided only three bitcoin addresses — similar to a traditional bank routing number — for all global victims to deposit the ransom, so it may prove difficult to know who has paid the digital fees.
This haphazard planning has led many victims to hold off paying, at least until they can guarantee they will get their data back.
So far, roughly $80,000 has been deposited into the bitcoin addresses linked to the attack, according to Elliptic, a company that tracks online financial transactions involving virtual currencies.
F-Secure, a Finnish cybersecurity firm, has confirmed that some of the 200 individuals that it had identified, who had paid the ransom, had successfully had their files decrypted. Yet that represented a small fraction of those affected, and the company said it still remained unlikely that people would regain control of their computers if they paid the online fee.
The tally of ransom payments may rise ahead of Friday’s deadline, but cybersecurity experts say the current numbers — both total ransom money paid and machines decrypted — are far short of early estimates forecasting that the digital attack may eventually cost victims hundreds of millions of dollars in combined ransom fees.
“I predict this may be an epic failure,” said Kim Peretti, a former senior litigator in the Department of Justice’s computer crime and intellectual property division who now is co-chairwoman of the…