Dozens of people on Tuesday and Wednesday sent a hacker hundreds of dollars in the hope of getting back their encrypted files. Over the past day, a new wave of ransomware has spread across the globe, infecting computers in law firms, media companies, and a slew of other private businesses.
The malware demands victims hand over $300 worth of bitcoin. In roughly 24 hours, whoever is behind this wave of infections has managed to rack up $10,000 and counting.
"If you see this text, then your files are no longer accessible, because they are encrypted," the ransom text reads. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."
The ransom note includes a bitcoin address, which judging by multiple images shared online and provided to Motherboard by sources, is the same address across the publicly reported infections. At the time of writing, that address has received around 3.99 bitcoin, or $10,038.80.
However, earlier on Tuesday, the email provider the hacker happened to choose blocked the attacker's account, meaning that victims have little hope of trying to get hold of their decryption keys.
Researchers have speculated that the ransomware attacks may not be financially-motivated at all. The researcher known as The Grugq pointed to the ransomware's poor structure for handling payments, and how some targets were infected via malicious updates from ME Doc, a piece of Ukrainian financial software.
Victims of the attack include international law firm DLA Piper, UK-based advertising and public relations firm WPP, and even a supermarket in Ukraine.
If you still want to follow the cash dripping in, Keith Collins, a reporter at Quartz, has made a bot that automatically tweets whenever someone sends the hacker some bitcoin.