Our list takes out top 5 among all of them. The top 5 have been selected based on damage done, the number of devices affected and remediation cost.
1. WannaCrypt
This “ransomware” shook the internet during 2017. This ransomware targeted computers running Windows. On infecting a computer it encrypted all the files and asked for $300-600 in Bitcoins as ransom. This malware used an exploit leaked by hacktivist group Shadow brokers called eternal-blue which was developed by NSA. The eternal-blue exploit was released in 2016 and Windows came up with a security update soon that patched the vulnerability behind the exploit. It was only when Wannacrypt outbreak started and infected around 2,00,000 computers across 150 countries, it was discovered that most of the computers used in organizations were running unpatched versions of Windows. Things came under control after Microsoft released an emergency update to protect uninfected systems and a kill switch was found by a hacker known as malwaretech.
2. NotPetya
This was a successor to Petya, that targeted Windows systems and executed the payload by infecting the MBR to encrypt the file system table of the hard drive. This prevented OS from loading. NotPetya used the same exploit as Wannacry: the EternalBlue. NotPetya worked almost the same as Wannacry except that its objective was to disrupt critical systems by stagnating the computers used. This attacks originated from Ukraine and was termed as a political attack against the country. This malware successfully affected many of the unpatched computers, which were not updated even after emergency patches were released by Microsoft when the world was hit by Wannacry. A hacker named Amit Serper found a “kill switch” to prevent computers from getting encrypted after being infected.
In a report published by Wired later, a White House assessment stated the total damages from NotPetya to be more than $10 billion.
3. Zeus
Zeus or Zbot is a “Trojan Horse” that is used by cybercriminals to steal sensitive financial data of victims. Upon installation, it can use the internet connectivity of the host and download updates and configuration files to update itself against the new defenses. This malware uses Man-in-the browser and other stealth techniques to log keystrokes and capture form data. This malware was active during 2007-2010 and affected around 3.6 million personal computers in the US during 2009. It spread through email attachments and rogue download links. FBI in 2010 announced that this evil software emerged from Europe and around 100 people were arrested on charges of bank fraud, money laundering, and conspiracy. In which 90 people were arrested from the US and others from the UK and Ukraine.
4. Mirai
Mirai is a malware that targets devices running Linux distros, mainly IoT devices. Malware infection turns these devices into “zombies” that can communicate with a controller which also controls other such devices forming a “botnet”. This botnet was used in 2016 to carry out massive cyber attacks on DNS providers. Mirai malware targeted IoT devices because they are usually less secure than computer systems. In 2017 an article published in Kerbs on Security stated that the malware was created by a man named Paras Jha. Who initially denied the allegation. Later he and two other men Pleaded guilty in the court.
5. Locky
Locky is ransomware which uses email as its delivery mechanism and Microsoft Office macros as its infection mechanism. The victim receives a mail regarding some payment to be due and a word document as an attachment, which is referred to as “invoice” in the mail. The word file shows garbage on opening it and the title says “enable macros if having trouble viewing the document”. If the user enables macros, the evil macros download and install the malware on the host. The malware then quickly encrypts the files and demands the victim to pay a ransom of 0.5-1 bitcoin. This malware was released in 2016 and around millions of people got affected by it for one year.