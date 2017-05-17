News

Learning from the ROI of WannaCry

A look at the numbers and why they need to matter for security

ransomware man pointing gun out of computer security
Credit: Shutterstock
More like this

In the same way that the number of infected organizations continued to grow, the total payout on the WannaCry ransomware has increased since the widespread attack was first reported.

Somewhat. By comparison, the earnings seem meager when looking at the scope of impact. Overall, the low return on investment indicates that either the majority of those affected are getting security right, or they realize that they are up a creek without a paddle and a payout won't get them any closer to shore.

According to research from Udi Yavo, an Israel-based cyber researcher and co-founder of enSilo, the ROI is relatively low. As of late evening on May 12 UK time, we had only seen a total of 11 transactions totaling about $3.5K. 

By end of day May 15, those numbers had jumped to approximately $44,316. In only 24 hours, those numbers changed significantly, reaching an approximate total of $74,184 according to the bitcoin wallets being monitored.

  • 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 - 6.9948511 -> 16.14156882 BTC
  • 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn - 5.17934856 -> 10.83744744 BTC
  • 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw - 9.24698597 -> 14.98062824 BTC

enSilo said there are three confirmed wallets, and one more that they know of which seems to be related but it didn’t change for several days and contains only  3.25249956 BTC.

It's not wholly surprising that the payouts increased, Yano said. "An uptick--no matter how small--in payouts was inevitable given the large pool of infected machines. Overall, it's a relatively small fraction of overall infected machines."  

Still, there are lots of questions that must be mulled over if security practitioners are to learn from this first globally reaching attack. Surely, there are more to come.

Yano said, "The potential attack size was quite large and, at the end of the day, $74,184.65 is nothing to complain about, but the bigger question is this: How will the next strains of ransomware try to learn from this episode and adjust their tactics to try and scare up more money?"

Finding an answer to that bigger question will hopefully inform security programs to be better prepared so that enterprises aren't scared into paying the ransom.

If the number of payouts is so low, why does this attack matter so much? Yano said, “I do not think the ransomware authors expected to create so much uncontrolled damage. If they did, then I assume that sabotage was the real target, versus payment."

Another possibility is that the global attention worked against the authors as many experts immediately recommended that victims not pay. Yano said, "While ransomware attacks use strong psychological plays around fear and extortion, no one wants their business or organization to just cave-in.”

There are thousands of businesses that, in fact, did not cave in. Given that there are an estimated 200,000+ organizations infected, this payout seems low. I am no math expert, but my calculations show that approximately 250 companies paid. That's a little more than 1 percent.

To me, those numbers suggest that a lot of companies are doing security right. Yano said the reason for the mismatch of the malware's virulence and the ROI is simple.

"Many security technologies out there are not effective against attacks able to exploit gaps like the Microsoft SMB vulnerability," Yano said. Unpatched systems remain a massive problem.

"Even organizations that patch more frequently still need to make sure they not only have strong data back-ups but also practice full restoration for affected systems as well. No user can rely on attack ‘prevention’ technologies, alone,” Yano said.

There are a couple reasons why the ransom payouts appear. First, said Yano, with so much visibility, no one wants to bend to the attackers’ demands. Secondly, it is being reported that even users who do pay are not able to recover their files.”

The takeaway for those who chose to pay, said Yano, is to be certain that they have more advanced security solutions for ransomware prevention. "It is always best to have robust backups, period. Backups are useful well beyond facing ransomware attacks,” Yano said.

Backups, though, are not the panacea. They can reduce damage by allowing for a quicker return to production time with lesser losses, but they don't make a company impervious to future attacks. 

This article is published as part of the IDG Contributor Network. Want to Join?

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:

Kacy Zurkus is a contributing writer for CSO covering a variety of security and risk topics.

Healthcare records for sale on Dark Web
You Might Like
Most Popular
img 20170512 095943
Microsoft patches Windows XP and Server 2003 due to WannaCrypt attacks

On Friday evening, Microsoft released patches for Windows XP, Server 2003, and Windows 8, after those...

screen shot 2017 05 13 at 11.28.04 am
Dealing with WannaCry on Monday morning, and the days ahead

It's Monday. Across the globe organizations are likely having the same conversation: What happened?...

nordvpn
Get 72% off NordVPN Virtual Private Network Service For a Limited Time - Deal

NordVPN has discounted their popular VPN software 72%. Use our link and see the discount applied when...

BrandPosts
Learn more
Popular Resources
Featured Stories
3 keychain keys
Outsourcing security: Would you turn over the keys to a third party?

Years ago it would have been unthinkable to give up control to securing your most valuable assets. But...

solar charger
28% off Dizaul 5000mAh Portable Solar Dual USB Power Bank - Deal Alert

Great for hikes, trips to the beach, or any sunny place you find yourself, this waterproof and...

tatu ylonen
Unmanaged, orphaned SSH keys remain a serious enterprise risk

car mount
36% off iOttie Easy One Touch 2 Car Mount Holder - Deal Alert

Averaging 4.5 out of 5 stars from over 17,000 people on Amazon, this popular smartphone car mount locks...