One week ago, a malware attack known as WannaCry was launched and reportedly affected hundreds of thousands of computers worldwide. The malware encrypted files on an infected machine and then posted a ransom demand for $300. Upon payment of the ransom, the files would be decrypted and all would be well. The deadline for payment was seven days, and those seven days end Friday, May 19.
Just before noon on Friday, some 311 payments totaling $94,437 have been made to the anonymous attackers. Not close to early estimates that costs could be in the tens of millions.
All along, advice from cybersecurity experts has been not to pay. For one thing, in most ransomware attacks, payment does not translate into recovered files.
For another, a French security expert has published a free tool called Wannakey that, under certain circumstances, can retrieve the encryption. The Wannakey tool is available on Github, but it works only on computers that are running Windows XP and that have not been rebooted since the ransom message was displayed.
Overall, however, it appears that the damage from WannaCry will be limited. Cyber researcher Gary Warner noted in Dark Reading, the CryptoLocker ransomware collected $209 million in ransom fees in the first quarter of 2016. Warner also puts the latest attack in context:
Sure, a handful of companies that didn’t patch their Windows systems got hit hard, but organizations that were broadly impacted were, in many cases, using outdated, unsupported computers that were not patched. … Remember that most of the ransomware that is actually being paid out is still being delivered by phishing email. Make sure that your employees know what to do when they see a suspicious email.