Cybersecurity is an issue of great concern for most companies worldwide. Business owners and company executives are trying to stay a step ahead of cybercriminals by implementing high-security measures. Staying a step ahead of cybercriminals is not easy. Business owners and company executives need to understand cybercrime from the perpetrator’s viewpoint. Doing so will help understand the thinking patterns of cybercriminals, making it a little bit easier to stay proactive in the fight against cybercrime. With that being said, here are the most famous cases of malware attacks to help you understand the thinking behind most cybercriminals.
WannaCry
The Lazarus group reshaped the cybersecurity field by attacking organizations spread out in 150 different countries. Around 300 organizations are estimated to have been affected by WannaCry.
At this time in the history of cybersecurity, all large corporations carefully looked into innovative ways to prevent malware from sophisticated hackers. The damage caused by WannaCry reached approximately $4 billion. Some of the companies that were infected include Renault, FedEx, and Nissan. In the U.K, NHS experienced financial loss amounting to £92 million. This attack still caused damage even after the kill-switch was found.
Petya
Large corporations still fear the name Petya today. This ransomware attack is regarded as one of the biggest of its kind. It works differently from ransomware attacks that were common back when it was first used. Instead of encrypting files on the hard drive, it infected the entire Windows system.
There is nothing companies could do to gain access to their company files. Since 2016, different Petya variations are continually being developed to terrorize companies and individuals. This sophisticated attack is estimated to have caused damage reaching $10 billion.
NotPetya
NotPetya can be safely regarded as a variant of the Petya attack. Just like Petya, this attack focused on large infrastructure organizations. For example, NotPetya attacked airports, banks, and energy companies across Europe.
The effects of these attacks reached $10 million. This attack was very sophisticated because it infected the Master File Table rendering the Master Boot Record null and void. From then, NotPetya spreads to other computers within the same network of the initially infected computer. This attack was launched in mid-2017 and has been called one of the most devastating cyberattacks in history.
CryptoLocker
First released in 2013, CryptoLocker malware mostly spread across personal computers. The virus was initially spread through malware mule techniques. Targets were sent an email with what seemed like a PDF attachment.
Downloading and opening the PDF executed the virus and led to a system-wide ransomware system shut down. For users to gain access to their files, they had to pay a ransom from their crypto investments to the wallets of the perpetrators. Decrypting the encryption key used on CryptoLocker was very challenging because it was large.
Sodinokibi
Although Sodinokibi attackers have been found and are behind bars, this group of hackers caused a lot of damage. The cybercriminals gained access to corporate systems without being detected. Once it was inside the system, it stole information. For example, one of Apple’s manufacturing plants in Taiwan got infected.
When the hackers demanded a ransom, it wasn’t paid, so they released MacBook schematics publicly. Sodinokibi had several targets across the world in countries such as the U.S, India, and Europe. What made this attack more dangerous was its evasion techniques. It was very hard to detect and deal with this malware which caused a lot of damage to its targets.
CovidLock
One of the most recent cyberattacks is CovidLock which originated after the COVID-19 pandemic went global. This attack focuses mainly on personal devices. Users are tricked into thinking that they are downloading resources to help them understand the virus better.
Once the target downloads this information, the malicious files have an encryption key that encrypts all data. CovidLock targets Android devices by locking all files, preventing targets from using their phones. Access was reinstated after the targets paid a ransom fee of about $100. Several cybercriminals exploited this cyberattack which makes it hard to estimate the amount of damage it caused.
Emotet
Emotet focused greatly on financial information theft. Targets were sent emails with trojan malware to infect computers. After the trojan spread and came into full effect, cybercriminals used it to determine financial account information.
This attack took place back in 2018, and the Department of Homeland Security defined it as one of the most destructive attacks. Emotet was very dangerous because it leveraged social engineering to exacerbate its effect on the intended targets. The city of Allentown in Pennsylvania also fell victim to Emotet and lost approximately $1 million.
Bad Rabbit
Bad Rabbit used a unique way of spreading malware across the target’s computer. Instead of using social engineering attacks like phishing, Bad Rabbit hijacked websites. Once the hackers hijack the website, they use a popup notification with a link to introduce malware into the target’s computer.
Cybercriminals asked targets to download Adobe Flash Player for the site to load. Unfortunately, the link did not have Adobe Flash Player. Instead, it had malware, and users could not access their files before paying a ransom.
Stuxnet
Stuxnet was primarily designed to attack the Iranian government facilities back in 2007 to destabilize the country’s political system. The virus was used to infect the country’s nuclear program system. Once the malware is inside a computer system, it grants control to the cybercriminals.
This malware does not originate from phishing attacks or other common online exploits. Instead, the attacker has to plug in a USB on the target’s computer, and it will start infecting that computer’s system. This virus is very sophisticated, and it caused real damage when it was first used against Ukraine.
Zeus
Zeus first attacked its targets back in 2007 and gradually grew to hit large companies such as Amazon and Cisco. Throughout its life cycle, there have been different variations of this trojan malware attack.
The damages caused by Zeus and its variants are estimated to be around $100 million. Zeus focuses on keystroke cloning which allows cybercriminals to gain access to sensitive accounts. The credentials of targeted individuals and companies were stolen and used to steal money or fund carding scams. This malware was spread using malicious files on emails and fake websites.