Hackers behind the popular WannaCry ransomware cyber-attack started to move their earned digital currency. In May, the malware began spreading, causing chaos at hospitals, logistics firms, and businesses in more than 150 countries around the world. It encrypts the targeted computer and asks to pay a bounty of digital currency Bitcoin to unlock them and was halted when a British researcher accidentally activated its “kill switch.”

The British NHS (National Health Service), Spanish telecoms firm Telefonica, Nissan, and FedEx were among the organizations affected. British investigators have blamed the North Korean hacking group “Lazarus Group” which was also linked to the 2014 hack of Sony Pictures. The hackers made $140,000 (£105,000) from the attack in bounties – but for more than two months, they didn’t touch it.  Now they started to move their money but It’s not clear where it is being sent, or how it will be used. This money was withdrawn in seven transactions in the duration of the 15 minutes.

The moves were first highlighted by a Twitter bot built by Quartz reporter Keith Collins.