The Wannacry ransomware epidemic was especially virulent, thanks to its core: a weaponized vulnerability in Windows that the NSA had discovered and deliberately kept a secret so that they could use it to attack their adversaries.
Despite the incredible havoc Wannacry wreaked around the world, it made a pittance for its wielders: they walked away with a mere $140,000 in $300 payouts for unlocking the systems that were hijacked by a self-spreading superweapon in the hands of dum-dums.
Among the most prominent ransomware victims were NHS facilities, including hospitals, across the UK. All told, the epidemic cost the cash-starved health system £92m (£19 in lost output, £73m in IT expenses in the aftermath).
We talk a lot about cyberwarfare being asymmetrical in that the attackers can use comparatively little resources and get very large effects, but it is also asymmetrical in that attackers eke out pretty small gains from their attacks, while costing their victims much larger sums.
Following the attack, the NHS has pledged to bite the bullet and upgrade all of its systems to Windows 10 after it was found that the service's outdated, and unpatched Windows XP and Windows 7 systems were largely to blame. It has also so far spent £60m to bolster its security defences since WannaCry stuck, and said it plans to spend a further £150m more over the next three years. The NHS has increased infrastructure investment of £60m this year to the most vulnerable services, such as major trauma centres and ambulance services, and UK gov has committed £150m to upgrade NHS technology systems over the next three years.
WannaCry attack cost cash-strapped NHS an estimated £92m [Carly Page/The Inquirer]
(via Memex 1.1)