10 biggest malware campaigns & high-profile cyberattacks of 2017

Julie Spitzer - Print  | 

In just one year, the sale of ransomware on the dark web grew more than 2,500 percent, meaning cybercrime has become a game everyone wants to play.

In 2016, the ransomware market on the dark web was $249,287, but by October 2017, it exceeded $6 million. And, in 2016, ransom payments totaled roughly $1 billion, up from $24 million in 2015, according to a Carbon Black report.

Although not all of the notable cyberattacks from this year can be attributed to ransomware, a type of malware that encrypts files until the victim pays hackers the requested ransom, malware campaigns and other vulnerabilities exposed data on millions of consumers in 2017.

Here are the 10 biggest malware campaigns and high-profile cyberattacks, reported by Becker's Hospital Review, that affected business operations around the globe in 2017. The incidents are listed in the order they were reported on.

1. HealthNow Networks. A former developer at HealthNow Networks — a shuttered healthcare telemarketing company in Boca Raton, Fla. — uploaded an unencrypted backup database to a virtual server on Amazon Web Services, exposing 918,000 healthcare consumers' records.

2. WannaCry. In May, a worldwide ransomware attack hit organizations across multiple continents, infecting FedEx and bringing down operations for at least 16 of the U.K. National Health Service's facilities. WannaCry exploited a vulnerability discovered and developed by the U.S. National Security Agency. Hackers requested at least $300 in bitcoin to unencrypt victims' files, and in August, they cashed out more that $143,000 from online wallets associated with the hacks. In the wake of the incident, NHS has committed nearly $26 million to boost security operations at NHS Digital, its information and technology arm.

3. Washington State University. The names and personal data of nearly 1 million people throughout Washington state were comprised when a back-up hard drive was stolen from a safe belonging to WSU's Social and Economic Sciences Research Center in April.

4. NotPetya. A worldwide cyberattack attack originally believed to be a ransomware variant called "Petya" infected computer systems in more than 60 countries June 27. Security researchers later determined Petya is not a ransomware and instead it's a "wiper," dubbing the attacks "NotPetya." The attacks compromised government systems in Ukraine, operations at pharmaceutical giant Merck and business at a Pennsylvania health system, as well as Nuance Communications, a voice and language solutions provider, which attributed nearly $68 million in losses to NotPetya throughout its latest fiscal year. Merck said it lost an estimated $135 million in sales to the cyberattack.

5. Verizon. Roughly 14 million Verizon customers' records were potentially jeopardized when a security researcher discovered customer files on an Amazon S3 storage server operated by an employee of Ra'anana, Israel-based Nice Systems, a third-party vendor used by Verizon in June. The company called the breach "overstated," adding there has been no loss or theft of Verizon or Verizon customer information. The company also emphasized customer PINs were not linked to accounts and were only used to verify customers at call centers.

6. Defray. Proofpoint threat researchers identified a "previously undocumented ransomware strain" in August that demands up to $5,000 in bitcoin from its targets. Researchers observed two targeted attacks involving the Defray variant, one struck the healthcare and education industries and another hit the manufacturing and technology industries.

7. Locky. A Gulf Breeze, Fla.-based cybersecurity firm observed more than 23 million emails delivering Locky ransomware in just 24 hours in August. AppRiver noted the emails included a ZIP attachment containing a file that initiated a sequence of events, eventually downloading the latest Locky ransomware. Locky was one of the most frequently detected ransomware variants in 2016, although it had waned in prevalence in recent months.

8. Equifax. The massive cyberattack that rattled Atlanta-based consumer credit reporting agency Equifax in July affected nearly 145.5 million people globally. Since the company waited until September to notify customers to the breach, lawmakers pushed for legislative reform and a number of senior-level and C-suites stepped down amid suspicious share selling activity. The company said it spent $87.5 million in the third quarter on recovery efforts.

9. Bad Rabbit. Bad Rabbit is a ransomware variant similar to NotPetya that affected media outlets in Russia and transportation and infrastructure organizations in Ukraine in late October. Computers became infected when users downloaded a fake Adobe Flash installer from infected websites, and hackers requested 0.05 bitcoin, or $284, at the time of the attacks.

10. Uber. Uber paid hackers $100,000 to cover up a cyberattack that affected 57 million riders and drivers in October 2016. The attack remained under wraps for just over a year until the ride-hailing company ousted its chief security officer and one of his deputies for their roles in the cover-up. 

More articles on cybersecurity:

11 of the biggest healthcare cyberattacks of 2017

OCR: 8 tips to ensure former employees don't leak PHI

McAfee: 5 cybersecurity trends to watch in 2018

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.