The WannaCry ransomware attack infected over 230,000 computers across the world starting last Friday morning. The attackers demanded a $300 ransom to be paid within a week for each affected device, but so far not many are paying. With just hours left before the deadline arrives, only about 300 people have paid the WannaCry ransom. This amounts to a little over a tenth of one percent of all victims.
Are Victims Through With Paying Ransoms?
There are no official statistics for what percentage of victims pay ransoms after a ransomware infection. However, the take by the WannaCry attackers seems shockingly small for such a massive attack.
European and Asian Laws Forbid Payment of Ransoms
There are several plausible theories as to why this is the case. The first reason will surprise many Americans. In most European and Asian countries, it’s illegal to pay a ransom. These laws are designed to discourage terrorism by preventing ransom seekers from making any money.
Britain’s National Health Service was one of the biggest victims of the attack, and they cannot legally pay the WannaCry ransom. Other governmental agencies in Europe are in the same situation.
Ransomware Awareness Discouraged WannaCry Ransom Payments
The second explanation is that these types of attacks have become more widely known and understood. That has led to a number of cascading effects, such as:
- More people understand the importance of backing up data.
- People realize that payment of the ransom doesn’t guarantee restoration of files.
- Victims understand that paying ransoms emboldens the attackers.
The combination of these three factors could lead victims to accept some amount of data loss and forgo paying the ransom.
Bitcoin Scares People Away
Another likely factor in the low response from victims is that people are still largely unfamiliar with bitcoin. Even those who know what it is don’t necessarily know how to use it.
WannaCry has an even bigger issue with its ransom demand. Most ransomware generates a particular bitcoin wallet for each victim. This way, the attackers know who paid the ransom and therefore, who should get a decrypter.
WannaCry has only three bitcoin wallets for all victims (which is one of the reasons it has been so easy to track the total paid ransoms). That leave experts wondering how the attackers would know who paid and who didn’t. There have been no confirmed reports of victims paying and having their files successfully decrypted.
WannaCry Attack Is Another Reminder to Protect Your Information
WannaCry may not have raised the money its developers intended, but it caused incalculable losses for the companies and organizations it affected. The attack proved that using unsupported operating systems (such as Windows XP) is a dangerous business move and that much of the world remains vulnerable to ransomware. Hopefully, organizations will learn a lesson and make moves to protect themselves and their information.