The WannaCry ransomware attack has quickly become the worst digital disaster to strike the internet in years, crippling hospitals and transportation. However, it appears that this is not the work of hacker masterminds. Instead, cybersecurity experts see in the recent meltdown a sloppy scheme, one that shows signs of an amateur’s work at practically every turn.

Infecting more than 200,000 machines Monday morning, the hackers demanded a $300 Bitcoin ransom from each victim within 72 hours or the price would go up and the computers would be locked permanently.

As of early Monday, only about $50,000 had been paid in ransom, in a report by Elliptic Enterprises Ltd., a London-based company that tracks the illicit use of bitcoin. The firm calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands.

Considering the damage the WannaCry ransomware caused, the amount paid so far is fairly small. Security experts and government agencies have been urging people not to pay the ransom. Of course, it’s still possible that the sum will grow substantially as the ransomware deadlines approach. Many computers were affected Friday, meaning businesses and end users still have several days to pay up before WannaCry starts deleting files.

Why payments have been slow

As law enforcement agencies scramble to apprehend the unidentified culprit, the WannaCry cyberattack has already started to change the way people think about cryptocurrency. One of the major reasons for the slow payment is due to the lack of knowledge regarding the use of bitcoin – many people still don’t know how to obtain and pay using cryptocurrency.

Furthermore, nothing has yet been withdrawn from any of the bitcoin accounts, and law enforcement agencies watching them say the perpetrators could be difficult to trace until they access some of the ransom money.

Mikko Hypponen of the Finnish cybersecurity firm F-Secure says that many who have paid the ransom have regained control of their computers and their files.

But paying is ill-advised, especially since the hackers behind the attack reportedly have to approve each decryption. There’s no guarantee whatsoever that paying will actually work.

Bitcoin transactions could help track hackers

Bitcoin transactions are not anonymous, but pseudonymous at best. There are a number of blockchain analysis tools currently available on the market that allow law enforcement agencies and financial institutions to track Bitcoin transactions and even identify the parties involved. These very tools are expected to be implemented by global law enforcement agencies to determine the ones responsible for spreading WannaCry.

A couple of days after the attack, a security expert discovered an efficient kill switch, which shielded unaffected machines against new infections, provided that their systems were patched. This led to slowing down the spread of the ransomware.