Krebs on Security reports that the WannaCry ransomware attack has netted the bad guys a total of just US$26,000. That might not sound like much, but it’s probably a drop in the ocean compared to what it has cost businesses around the world.
At the moment, reports suggest about 200,000 systems have been hit across around 150 countries. With the ransom being demanded running at about US$300, the bad guys are chasing US$60,000,000. So the payoff is quite small so far.
But the real cost for businesses is going to be measured at far more than that I think.
Aside from interruptions to business – more than a dozen hospitals in the UK alone have had to shut down or divert patients – recovery from backups requires manpower. That effort will probably cost as much as paying the ransom.
Businesses that think paying the ransom will fix their problems should consider a couple of things. An attack on a US hospital last year resulted in about 900 machines being infected. Following a negotiation with the threat actors, the hospital was able to negotiate and pay less that US$20,000 to unencrypt their data. The hackers delivered a spreadsheet with 900 seperate decryption keys – each computer had to be manually fixed using its own unique key, greatly increasing the recovery time and cost.
Aside from patching systems and using up-to-date software having effective backups that have been tested and are quarantined from the rest of your computing environment are critical so you can recover without paying a ransom.