The cybersecurity news cycle that unfolded recently has been unlike any before it. WannaCry, once a National Security Agency cyberweapon, and more recently, a variant on the Petya ransomware with similar capabilities unleashed two separate global crises. In both, the ransomware infected hundreds of thousands of computers, phones and mobile devices in more than 150 countries. These were the first cybersecurity dramas to unfold in real time; network media outlets provided coverage as though it were an epidemic or a natural disaster. In a sense, they were both, demonstrating both the ease with which malware can penetrate seemingly critical infrastructure (e.g., the National Health Service in the UK or the DeutscheBahn railway system in Germany) and the helplessness of the average person to do anything about it.
Yet in another way, both ransomware outbreaks were more of a whimper than a roar. Of the many thousands who were hacked, a fraction of a percent actually paid the requested ransom of $300 in Bitcoin—around one tenth of 1 percent of affected users. One reason for this low percentage, perhaps, was the fact that ransomware typically attacked Windows XP, a 16-year-old operating system. Thus, the universe of potential victims was limited to those who had not updated their devices in quite some time. Another limiting factor was that Microsoft, this past March, had already issued a curative “patch” for the vulnerability that WannaCry exploited, shrinking further the universe of those who would initially be affected. Admittedly, the Petya variant that plagued Ukraine and parts of Europe worked around the patch, but the effects were limited nevertheless. Cybersecurity experts are engaging in some self-congratulations, positing that the attack was a bust, and that the world’s swift response stemmed the potential harms.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
