cyber security

How WannaCry caused global panic but failed to turn much of a profit

The cyber-attack hit 200,000 computers and a number of big global organisations. But it has only made $82,000 in ransom so far.

The recent WannaCry cyber-attack led to panic across the globe, showing just how important it is for organisations to have secure operating systems. This was not even the most sophisticated malware around. Numerous networks could easily cope with it and it largely hit legacy operating systems such as Windows XP.

In most corporate infrastructures, there would be no sign of Windows XP – and it seems unbelievable from a security perspective that the national health service of an advanced economy like the United Kingdom would run its critical infrastructure on such an unsafe, antiquated system.

Perhaps the most striking aspect of this recent attack is how unsuccessful it has been in terms of generating a ransom. As well as the National Health Service in the UK, it hit French car manufacturer Renault, US delivery service FedEx, Russia’s interior ministry and Spanish telecoms and gas companies. Yet, ransom payments currently total only around $82,000.

The chart shows the current balance of the three Bitcoin addresses known to be associated with the WannaCry ransomware. Source: Elliptic.
The chart shows the current balance of the three Bitcoin addresses known to be associated with the WannaCry ransomware. Source: Elliptic.

This is minuscule when we compare it to other ransomware attacks. CryptoWall made its author $325 million with over 406,000 attempted infections.

The interesting thing about the WannaCry ransomware is that it mostly hit large organisations with legacy networks – and they will often not pay ransoms as they have back-ups or run their data from a central server. Thus, despite more than 200,000 infections worldwide, there have been fewer than 200 payments.

The weak impact is because this is a different type of ransomware. The most successful ones spread through spear phishing emails and target individuals and small businesses, which often do not have back-ups. This ransomware was different in that it spread of its own accord through unpatched systems (systems that had not followed recent warnings to protect against a virus and back-up their files) – as a worm. But it is humans that are generally the weakest link when it comes to information security.

The perfect crime?

Ransomware is almost the perfect information technology crime. If an online criminal can trick you into installing malware, they can then lock your files and hold them ransom until you pay them a release fee. Only a secret encryption key, which they hold, can release the files.

It is simple, but highly effective. No virus scanner or law enforcement professional will be able to unlock your files unless they have the magic encryption key, and the longer the target takes to pay for it, the greater the risk there is to their business. As with any malware, though, there might be bugs in the software, so there’s no guarantee that you’ll get your files back, even if you do as the blackmailers say. And there’s always the risk that they will just ask for more money once you pay them. Some malware increases its ransom demands over time, ultimately deleting all the files affected.

Nonetheless, it means that the success rate of the crime is incredibly high – at around 65%, as sensitive and important documents are often the target of the infection.

Success rate for ransomware. Source: Trent Micro - New Research: Uncovering the Truth About Ransomware.
Success rate for ransomware. Source: Trent Micro - New Research: Uncovering the Truth About Ransomware.

Increasing infections

Computer security firm Trend Micro surveyed over 300 information technology decision makers in the United Kingdomin September 2016 and found that 44% of businesses have been affected by ransomware over the last two years. The same survey found 79 new types of ransomware in the first nine months of that year. This compared to just 29 in the whole of 2015.

This is a great worry for many companies. The impact on those affected by the infection can be costly, with an average of 33 person hours taken to fix it.

In around 20% of the cases, £1,000 was requested, with an overall average of £540. Some large organisations faced demands of as much as £1 million. But for many companies, this is the tip of the iceberg as it can be costly for a company in terms of reputation as customers could start seeing them as untrustworthy.

Perhaps the most frightening statistic that Trend Micro found was that in one in five cases, even when the company paid the ransom, they were unable to recover their important files – indicating that the ransomware service is not quite as robust as it should be.

If you ask many security professionals, the recent WannaCry ransomware was fairly easy to defend against, and was fairly unsophisticated. What it clearly shows is that there is still more success in tricking individuals than in spreading malware across large networks. The National Health Service does, though, need to make sure that not one unpatched computer ever goes near its network, and that employees understand that they shouldn’t click on suspicious links.

Meanwhile, with law enforcement agencies focused on the three Bitcoin wallets associated with WannaCry to try and find out who profits, there will be a whole lot more ransomware that goes unreported and unnoticed.
This article first appeared on The Conversation.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Children's Day is not for children alone

It’s also a time for adults to revisit their childhood.

Most adults look at childhood wistfully, as a time when the biggest worry was a scraped knee, every adult was a source of chocolate and every fight lasted only till the next playtime. Since time immemorial, children seem to have nailed the art of being joyful, and adults can learn a thing or two about stress-free living from them. Now it’s that time of the year again when children are celebrated for...simply being children, and let it serve as a timely reminder for adults to board that imaginary time machine and revisit their childhood. If you’re unable to unbuckle yourself from your adult seat, here is some inspiration.

Start small, by doodling at the back page of your to-do diary as a throwback to that ancient school tradition. If you’re more confident, you could even start your own comic strip featuring people in your lives. You can caricaturise them or attribute them animal personalities for the sake of humour. Stuck in a boring meeting? Draw your boss with mouse ears or your coffee with radioactive powers. Just make sure you give your colleagues aliases.

Pull a prank, those not resulting in revenue losses of course. Prank calls, creeping up behind someone…pull them out from your memory and watch as everyone has a good laugh. Dress up a little quirky for work. It’s time you tried those colourful ties, or tastefully mismatched socks. Dress as your favourite cartoon characters someday – it’s as easy as choosing a ponytail-style, drawing a scar on your forehead or converting a bath towel into a cape. Even dinner can be full of childish fun. No, you don’t have to eat spinach if you don’t like it. Use the available cutlery and bust out your favourite tunes. Spoons and forks are good enough for any beat and for the rest, count on your voice to belt out any pitch. Better yet, stream the classic cartoons of your childhood instead of binge watching drama or news; they seem even funnier as an adult. If you prefer reading before bedtime, do a reread of your favourite childhood book(s). You’ll be surprised by their timeless wisdom.

A regular day has scope for childhood indulgences in every nook and cranny. While walking down a lane, challenge your friend to a non-stop game of hopscotch till the end of the tiled footpath. If you’re of a petite frame, insist on a ride in the trolley as you about picking items in the supermarket. Challenge your fellow gym goers and trainers to a hula hoop routine, and beat ‘em to it!

Children have an incredible ability to be completely immersed in the moment during play, and acting like one benefits adults too. Just count the moments of precious laughter you will have added to your day in the process. So, take time to indulge yourself and celebrate life with child-like abandon, as the video below shows.

Play

This article was produced by the Scroll marketing team on behalf of SBI Life and not by the Scroll editorial team.