Why should they necessarily make any mistake?
They were sane enough to craft such a virus in the first place capable of bringing down thousands if not millions of computers across the whole world (obviously, only a tiny fraction of affected users paid the ransom), so they should be pretty seasoned in such affairs (after all, MakeMeCry might not be their first accomplishment) and thus there are not many chances that they will get caught eventually. How many exchange hackers got caught in the end? And the number of bitcoins at stake is simply incomparable (just in case, over 120k bitcoins had been stolen from Bitfinex)
word is they made some amateur mistakes: one was that hardcoded kill switch url. and only 3 btc addys? no unique id per computer?
my theory is it was some script kiddies and it went way over what they expected.
those addys most likely will be watched by more law enforcement than any in history..
Obviously, only time will tell
Apart from that, did anyone get caught last years after hacking numerous exchanges out there? I don't mean the times of Ross Ulbricht (who was engaged in real criminal activity like drug dealing and similar things after all), I refer to more recent times, when, for example, Bitfinex had been hacked almost a year ago. Some Taiwanese student who created Chernobyl virus got off really cheap despite the fact that his virus likely wiped out as many drives in 1998 as this CryAgain virus