"WannaCry" ransomware attack losses could reach $4 billion

Tue May 16, 2017 14:21:06

Global financial and economic losses from the "WannaCry" attack that crippled computers in at least 150 countries could swell into the billions of dollars, making it one of the most damaging incidents involving so-called ransomware.

(CBSnews) -- Cyber risk modeling firm Cyence estimates the potential costs from the hack at $4 billion, while other groups predict losses would be in the hundreds of millions. The attack is likely to make 2017 the worst year for ransomare scams, in which hackers seize control of a company's or organization's computers and threaten to destroy data unless payment is made.

In 2016, such schemes caused losses of $1.5 billion, according to market researcher Cybersecurity Ventures. That includes lost productivity and the cost of conducting forensic investigations and restoration of data, said Steve Morgan, founder and editor-in-Chief of Cybersecurity Ventures.

"The massive WannaCry attack will be a major contributor" to those losses he said in an email to CBS MoneyWatch.

Cybersecurity firms report a spike in concerns from customers worried about WannaCry since reports of the malware infecting computers surfaced this weekend. Indeed, security companies saw their stock price rise after news of the hack.

While the potential losses from reduced productivity and efforts to mitigate the damage from WannaCry are expected to be significant, the actual ransom collected through the attack is likely to be modest. Cybercriminals behind the scam are typically demanding $300 in Bitcoin to unlock a company's computers.

Matthew Anthony, vice president of incident response at security firm Herjavec Group, said that as of Friday the total amount paid by victims to regain access to their information systems was under $100,000. In part, that's simply because of the logistical complications involved in paying ransom to unlock thousands of computers within the short time frame demanded by the hackers behind the WannaCry attack.

"Most of the organizations won't pay," he said. "They will rebuild and recover from their backups or other sources."

Though a few companies in North America were hit by WannaCry, such as FedEx (FDX), U.S. businesses were largely able to avoid the malware because a 22-year-old British security researcher accidentally found a "killswitch" that halted its spread. Computers with an out-of-date version of Microsoft Windows were appeared to have been hit especially hard. 

According to Rob Wainright, director of the European Union Agency for Law Enforcement Cooperation, more than 200,000 computers are affected by WannaCry, most of which are outside the U.S.  Both the scale of the attack and the virulence with which it spread from computer to computer surprised many cybersecurity experts.

string(340) "[{"id":"1967855","sort":"4476436","contenttypeid":"21","pic":"/2017/05/14/alalam_636303590515929476_25f_4x3.jpg","title":"Next cyber-attack could be imminent, warn experts"} ,{"id":"1968645","sort":"4476435","contenttypeid":"21","pic":"/2017/05/16/alalam_636305173981685216_25f_4x3.jpg","title":"US behind the global cyber attack: Putin"} ]"