Famous Malware Attacks

Although malware is projected to cost the US government $5 trillion by the end of 2021, most malware attacks don’t end up making the headlines. However, sometimes a malware attack is so large in size or sophistication that it can’t fail to garner global attention. In this post, we cover 5 of the most famous malware attacks to ever occur. Let’s get into it!

Before we start, not sure what malware is exactly and want to learn more? Click here to know!

#1 — WannaCry


The WannaCry ransomware attack was a worldwide cyberattack that occurred in May 2017. The attack targeted computers running Microsoft Windows by encrypting data and demanding that ransom payments be made in Bitcoin.

The attack leveraged EternalBlue — a Windows exploit which was developed by the NSA. The group believed to be the perpetrators of the attacks, Lazarus Group (a cybercrime group with strong ties to North Korea), obtained the exploit when it was leaked around a year prior to the attack.

WannaCry is estimated to have infected 300,000+ computers. Most of those computers belonged to organizations that were running older Windows systems that either hadn’t received the update that Microsoft had previously released that patched the EternalBlue exploit or were past their end-of-life.

At the time, the attack was unprecedented in scale, with the total damages estimated to be between several hundreds of millions to billions of dollars.

Fortunately, WannaCry was halted when British computer security researcher Marcus Hutchins registered a kill switch that was able to stop the spread of the ransomware.

#2 — TeslaCrypt


When the TeslaCrypt ransomware attacks were at their height back in 2015, gamers everywhere were worried. Discovered in February 2015, TeslaCrypt aimed to infect typical gaming files such as user profiles and game save files.

Once on a computer, the malware would search for 185 file extensions relating to 40 different games, including those from the Call of Duty series, StarCraft 2, and Minecraft. If found, TeslaCrypt would encrypt the files and demand that the victim pay 1.5 Bitcoins (about $430 at the time).

Fortunately, the malware is now defunct, and the developers released the master key in May of 2016.

#3 — NotPetya


Similar to WannaCry, the NotPetya attacks also leveraged the EternalBlue exploit. Beginning on 27 June 2017, NotPetya quickly began spreading throughout international organizations. The majority of the infections occurred in Ukraine, where the attack originated from, although attacks were also reported in France, Italy, Germany, Poland, Russia, the United Kingdom, the United States, and Australia.

Although it was masquerading as ransomware (which actions can be reverted when the decryption key is entered), NotPetya was designed to cause maximum harm and its effects could not be reversed.

The attack was not long-lived, however, with the Ukrainian government announcing that the attack had been halted just a day after it had begun. Even though its campaign was brief, NotPetya is considered to be the costliest cyberattack of all time, with damage estimates being around $10 billion.

#4 — DarkHotel


The DarkHotel spyware attacks have been ongoing since at least 2007. Targeting high-profile hotel guests in Asia and the United States, DarkHotel aims to steal their valuable personal data.

The cybercriminals visit a hotel several days prior to the targeted guest and introduce the spyware into the network. When the guest connects to the hotel’s Wi-Fi network, they will be presented with a message saying there is a new Adobe software update available. When the guest clicks to download the update, their device becomes infected with the spyware.

Once the spyware is on the victim’s device, the attackers will be able to see logged keystrokes and conduct targeted phishing attacks on the victim.

Several days after the victim leaves the hotel, the spyware is removed from the hotel’s network.

Currently, no arrests have been made regarding the DarkHotel attacks.

#5 — Mirai


Since its emergence in 2016, the Mirai botnet has been a constant threat. Originally developed to conduct distributed denial of service (DDoS) attacks on Minecraft servers, the botnet has since been used in some of the largest and most disruptive DDoS attacks ever seen.

The Mirai botnet has been used to temporarily bring down the online services of some of the biggest companies in the world including Amazon, BBC, Spotify, Starbucks, and many more.

Although Mirai is still at large, it does include a table of IP addresses that it will not infect, including the private networks and IP addresses allocated to the Department of Defense and the United States Postal Service.

Enjoyed the read?


Great! We’ve got lots of other awesome content on the site about malware (and other super interesting topics)! You can check out our other articles about malware below:

What Is Malware and How Does It Work? (Is It the Same as a Virus?)
How to Prevent and Remove Malware
How to Detect Malware on iPhone