The cybersecurity news cycle that unfolded recently has been unlike any before it. WannaCry, once a National Security Agency cyberweapon, and more recently, a variant on the Petya ransomware with similar capabilities unleashed two separate global crises. In both, the ransomware infected hundreds of thousands of computers, phones and mobile devices in more than 150 countries. These were the first cybersecurity dramas to unfold in real time; network media outlets provided coverage as though it were an epidemic or a natural disaster. In a sense, they were both, demonstrating both the ease with which malware can penetrate seemingly critical infrastructure (e.g., the National Health Service in the UK or the DeutscheBahn railway system in Germany) and the helplessness of the average person to do anything about it.
Yet in another way, both ransomware outbreaks were more of a whimper than a roar. Of the many thousands who were hacked, a fraction of a percent actually paid the requested ransom of $300 in Bitcoin around one tenth of 1 percent of affected users. One reason for this low percentage, perhaps, was the fact that ransomware typically attacked Windows XP, a 16-year-old operating system. Thus, the universe of potential victims was limited to those who had not updated their devices in quite some time. Another limiting factor was that Microsoft, this past March, had already issued a curative "patch" for the vulnerability that WannaCry exploited, shrinking further the universe of those who would initially be affected. Admittedly, the Petya variant that plagued Ukraine and parts of Europe worked around the patch, but the effects were limited nevertheless. Cybersecurity experts are engaging in some self-congratulations, positing that the attack was a bust, and that the world's swift response stemmed the potential harms.
Perhaps the better explanation is that we were lucky. EternalBlue, the weaponized program stolen from the NSA, is a far more potent weapon than either the WannaCry or Petya attacks would suggest, and could have wrought a far greater degree of harm in the hands of different cybercriminals. It may be that those behind the ransomware attacks were insufficiently prepared for their success, or it may be that they were simply amateurs. The latter theory has some merit the average Windows XP user is unlikely to know how to get Bitcoins (or, indeed, what Bitcoins are), and Bitcoin accounts themselves are easily monitored, making withdrawal of any ill-gotten gains risky. These ransomware attacks were not the work of criminal masterminds, it would seem. That is not to say the culprits were not wildly successful in their attack, merely that their financial gain was, fortunately, not proportional to the scope of the hack.