Ransomware has featured prominently in the news over the last few years. Hospitals, municipalities, businesses, law enforcement agencies, individuals and even entire regions of the world have been affected by it. Some have paid the ransom and recovered their computer data; others have lost their data forever.
- In March 2018, the city of Atlanta, Georgia was hit by SamSam ransomware which prevented city residents from paying their bills and accessing court information online. The demand was for $51,000 but it ultimately cost the city several million dollars from other costs to rectify. SamSam also infected the Colorado Department of Transportation twice in February 2018. Numerous other U.S. municipalities and healthcare organizations have been hit by this ransomware1.
- WannaCry wreaked havoc on the world in May 2017. With its worm-like, self-propagating behaviour, it spread to thousands of systems within hours using the Eternal Blue exploit to target Windows machines. WannaCry resulted in an estimated $4B in economic losses to the affected businesses and infected 30,000 machines worldwide2.
- In June 2017 we also saw Petya and NotPetya which used the same exploit as WannaCry, but were more intent on destruction rather than ransom. NotPetya targeted systems specifically in the Ukraine3. FedEx ended up reporting a $300M loss, not from the ransom payout but due to the downtime and economic loss sustained by its Ukrainian subsidiary, TNT Express4. Petya caused Danish shipping giant AP Moller $300M in lost revenue5. Other large global enterprises sustained similar types of economic losses.
- Global economic loss in 2017 was estimated at $5B, up from $325M in 20156, and is predicted to be about $11.5B in 20197. Attacks on the healthcare sector are estimated to quadruple by 20208. Average ransomware payouts have decreased to $549 per infected machine in 2017 from $1,071 in 20169. However, since hundreds of machines can be involved, the total ransom payout can range from $2,500 to $50,000 or more.