The Global Hack Could Have Been Much, Much Worse

On the morning of May 12, computer systems were held for ransom as a cyberattack on companies and critical infrastructure began to pinball around the world, rolling through Spain’s Telefónica SA, French carmaker Renault SA, and Russia’s interior ministry and crippling U.K. hospitals. The rogue code has reached more than 300,000 computers that run on Microsoft Windows in thousands of companies in 150 countries. It all sounds grim. In fact, we’ve been lucky.

The WannaCry ransomware, the code in question, was fairly shoddy work. It achieves the basics: spreading through the computers on a network, encrypting everything on the machines, and demanding payment to return the contents to their original form. But it can’t evade investigators the way sophisticated malware can—which is designed to avoid systems used to test for dangerous code. WannaCry is also more obvious in going about its work of destroying backup contents on a computer, so it’s easier to stop, according to Allan Liska, a ransomware expert at cybersecurity firm Recorded Future. Another stroke of luck: Within hours, a security researcher in the U.K. discovered an unregistered web address in the malware. He was able to register the domain, disabling a key mechanism the code used to spread to more computers. The amateurishness also shows in WannaCry’s bottom line. The hackers demanded payment in the digital currency bitcoin, but the wallets they set up for the ransoms show they’d gathered just a bit more than $71,000 as of May 16.