The Wannacry worm burned through the world's unpatched IT systems, hitting more than 80 countries in 24 hours, taking down hospitals, airlines, banks and logistics companies, until a hidden killswitch was able to halt its spread.
The Wannacry worm owed its virulence to its use of leaked NSA cyberweapon — a defect in Windows that the NSA discovered but kept secret so they could use it to attack their adversaries. For this to work, it meant that everyone in the world had to be kept vulnerable to exploitation of that defect, too.
We normally think of powerful weapons being wielded by "rational actors" — people who are trying to find an angle that lets them win without getting caught or harmed in the process. That's why there's so much fear at the thought of North Korea's Kim family getting long-range nukes, as they are painted in the western press as unhinged dictators (the reality is that they're ruthless and terrible war criminals, but they're actually pretty "rational" in terms of the risks they take on).
The Wannacry worm is what happens when a superweapon gets into the hands of dum-dums — like a junkie who breaks car windows to steal change out of ashtrays getting their hands on a tactical nuke.
These supervillains stole whole hospitals, but the ransom they demanded was a mere $300. That's why the total payout from a global worm infection that cost billions was a mere $140K, which the dum-dums in question just cashed out of their Bitcoin wallets.
In the months since the attack, the Bitcoin wallets containing the money extorted by WannaCry were left untouched, but August 3 saw them suddenly start to be emptied.
At the time of withdrawal, the value of the wallets totalled $140,000 thanks to changes in the valuation of Bitcoin.
Three separate withdrawals between 7.3 Bitcoin ($20,055) and 9.67 Bitcoin ($26,435) were made in the space of a minute at 4:10am BST, accounting for around half of the total value of the extorted funds.
Five minutes later, three more withdrawals of between 7 Bitcoin ($19.318) and 10 Bitcoin ($27,514) were made in the space of another 60 seconds. Ten minutes later, a final withdrawal was made, emptying the remaining bitcoin from the WannaCry wallets.