As the scale of the WannaCry cyber-attack continues to astound security experts and law-enforcement officials, we need to realize that its unprecedented spread, spanning more than 150 countries, occurred over the weekend. Within hours of its initial discovery, which was originally concentrated in Europe, the ransom attack spread to more than 70 countries within 10 hours affecting some of the largest companies around the world, such as FedEx, Spain’s Telefónica, among many other systems in both the public and private sectors. What the WannaCry exploit underscores is the speed, and geographic spread that cyber threats can have giving them a quality more akin to systemic risk than traditional siloed threats. As the work week nears and with it the opening bell for not only global trading, but also global commerce as millions of employees return to work, it is very likely we will see round two of this attack and begin to understand its true scale.
So far, a small sum of the ransom demands of $300 per locked computer have been paid. Experts estimate that no more than $30,000 in Bitcoin has been paid into accounts linked to this attack. However, with Monday nearing and with the ransom countdown clock of 3 days coming to an end, it is very likely that the attackers will get away with millions of dollars in financial demands. The true economic spoils of the largest ransomware attack thus far may only be known to the perpetrators. Worst yet, it is very likely that the spread of this attack will continue unabated as businesses turn on their lights on Monday morning. In short, the WannaCry ransomware attack underscores how cyber threats are no longer the esoteric domain for IT security professionals and government officials, but rather a top of mind business and societal concern.
While this exploit has been made possible in large part due to sensitive information that was ill-gotten from the National Security Agency (NSA), it begs the question what other payloads can be delivered through such gaping security flaws using such a powerful delivery mechanism?