The ransomware trend of 2016 shows no signs of slowing down in 2017. If anything, this favorite tool of hackers seems to be gaining steam domestically and internationally. Preying on a vulnerability in Microsoft systems that was reportedly first discovered (but not confirmed) by the NSA , hackers last week infected hundreds of thousands of computers with interconnected ransomware attacks in almost 100 countries. The attack spread quickly – targeting, locking out and blackmailing a broad swath of users such as the UK’s public health system, Russia’s Interior Ministry and FedEx in the U.S. A second-wave of attacks crippled more computers, but not at the rate seen on May 12.
The cost to unlock individual computers was about $300 per computer paid in hacker-preferred Bitcoin, an amount that doubled if the ransom was not paid within 3 days. Had most affected users paid up, the hackers would have had a good payday. But reports put their collections at about $70,000. It is still unclear how many victims paid ransom, accepted their fate or had back-up systems in place.
Why was this particular attack so pervasive? Some experts point to the hackers’ use of an encrypted file that, once downloaded, allowed the ransomware to take over the host computer, locking access to data until ransom was paid. The encrypted file was particularly crafty because the ransomware was undetected until opened and downloaded by the user. By that point, it was too late to react because the ransomware was replicating across the already-infiltrated network.
This latest attack is a sobering wake-up call about the vulnerability of all systems and yet another reminder that it is better to have cyber insurance before you need it.