In pretty much all cases, this was nothing more than a nuisance to end users. I have not read any reports of any entities losing money as a result of that attack (some may have lost potential revenue as a result of not being able to accept 0 confirmation transactions, but I would not consider that in the scope of 'losing money as a result of that attack')

Subsequent to that 'attack' the majority of nodes have been "programmed" to not relay high s-value signature transactions, so malleability has more or less been fixed for the end-user. The only way that I am aware that a high s-value signature transaction to get confirmed is for a miner to accept such transaction directly and the only type of business that remains vulnerable to malleability are gambling establishments that allow for on-chain gambling (businesses that tentatively accept 0-confirmation transactions can ignore transactions in which there is an unconfirmed input to the funding transaction in order to prevent fraud).