WannaCry’s Decryptor interface – Image shows WannaCry providing two methods of communication with the attackers: the “Contact Us” link and the “Check Payment” button on the main decryptor interface (Source: McAfee)

An extensive analysis of WannaCry seems to indicate attackers would be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis. In other words, those behind the campaign would not (or could not) decrypt victims’ data once they received payment. The research team from McAfee that conducted the analysis finds the flaw to be somewhat puzzling given the WannaCry campaign’s incredibly effective propagation techniques, reasonable key and data management, and a working anonymous communication fabric with Bitcoin payments.

— Odd negligence: “The WannaCry authors demonstrated good technical governance, for example, the key handling, buffer sanitization, and private key security on disk using a strongly encrypted format. It is odd that with such good governance, the same group neglected to include something as essential as a unique ID for a user (or instance of attack) because this is mandatory to decrypt a specific user’s files. While much of the initial analysis described the WannaCry campaign as ‘shoddy,’ the use of good technical governance suggests that there are elements of this campaign that are well implemented.”

— Shoddy campaign: “This competence raises doubts that the campaign was shoddy. Given the level of capability demonstrated, we would expect the developers would have found and fixed basic errors. Indeed, could the inclusion of these basic errors be an attempt to make the campaign appear amateur? Without apprehending those behind the campaign, it is impossible to know their motivation; yet a thorough analysis of the technical artefacts questions the shoddy theory.”