Malware attacks happen more often than you’d think and hit without any warning. The term “malware” encompasses a wide array of nasty cyber threats, one worse than the other.
This article will walk you through the 10 most famous and ravaging malware examples ever to give you goosebumps.
What is Malware?
Attackers use it for crimes such as stealing sensitive data, monitoring users’ activity, compromising or deleting information from the device.
The stolen information can vary from emails, financial and healthcare data, passwords – nowadays, possibilities are endless regarding the kind of information attackers can compromise or steal.
And it all boils down to one question: Why? The intention may vary, as cybercriminals can use malware to steal money, prevent a business from running, obtain strategic advantages, or even just for fun. Yes, hackers sometimes act for pleasure or out of boredom.
10 Famous Malware Examples
The famous malware examples listed below show how malware attacks can work and give you a glimpse of the damage they cause to businesses and individuals.
1. CovidLock, ransomware, 2020
When everyone nearly shut operations down, hackers became more active than ever. They have heavily exploited the fear created by the pandemic context (COVID-19). CovidLock ransomware infects targets through malicious files claiming to offer information about the disease.
After installation, the ransomware encrypts all data on Android devices and denies the user access. To recover your files, you’re required to pay a ransom of $100 per device.
2. Emotet, trojan, 2018
Emotet became known in 2018 after the US Department of Homeland Security deemed it the most threatening and devastating malware. Emotet is a trojan used for financial information theft, such as bank logins and cryptocurrencies.
Emotet propagates itself via malicious emails in the form of spam and phishing emails. Two remarkable Emotet malware attacks are the case of the city of Allentown, Pennsylvania, with damages rising to $1 million, and the case of the Chilean bank Consorcio, with losses worth $2 million.
3. WannaCry, ransomware, 2017
WannaCry‘s particularity is that it duplicates itself without modifying any files or affecting the boot sector once it sneaks into a system. It was used for one of the most devastating ransomware attacks launched in 2017 and infected 230,000 computers in less than a day, resulting in $4 billion in losses.
It spreads mainly via email scams and exploits a vulnerability in older Windows versions.
It’s interesting that even today, some phishing emails are claiming that you’ve been infected with WannaCry. But they’re plain emails with no files, trying to trick you into paying a ransom.
4. Petya, ransomware, 2016
Petya was first discovered in 2016 when it started spreading through phishing emails. Petya is actually a family of various types of ransomware, responsible for estimated damages of over $10 million.
It acts by taking hostage the entire operating system, unlike most ransomware.
It affected different organizations all over the world, from banks to transportation companies and healthcare providers. To regain access to your computer or network, you need to pay a ransom of approximately $300 for each user.
5. CryptoLocker, ransomware, 2013
CryptoLocker stands out among the malware examples of its time. It was launched in 2013, and it used an unusually large encryption key that cybersecurity specialists scratching their heads.
It is a trojan horse that would gain access to and encrypt files on a system. Hackers would engage social engineering tactics to trick employees into downloading the ransomware onto their computers and infect the entire network.
CryptoLocker has since been taken down, and it is believed that the cybercriminals behind it managed to infect over 200,000 Windows-based computers and extort approximately $3 million from the affected organizations.
6. Stuxnet, worm, 2010
Stuxnet was first discovered in 2010 when it was used in a political attack launched on Iran’s nuclear program. It is a very complex worm that exploits numerous Windows zero-day vulnerabilities and infects devices through USB drives.
Once installed, Stuxnet takes control of your computer’s entire system. It is widely believed that the worm is a cyberweapon built jointly by the USA and Israel.
7. Zeus, trojan, 2007
Zeus is a trojan horse malware package that runs on Windows and spreads malicious email attachments and websites in cases involving phishing. It’s known for its rapid propagation and for copying keystrokes. Zeus is used for credentials theft, such as email accounts and bank accounts.
Zeus malware attacks hit large organizations, and the list includes Amazon, Bank of America, and Cisco. The damage caused by it is jaw-dropping: over $100 million since its launch in 2007.
8. ILOVEYOU, worm, 2000
The ILOVEYOU worm deserves a special mention on our list for its creativity. It disguised itself as a love letter, received by email. It’s estimated that ILOVEYOU infected more than 45 million people back in the 2000s, causing losses worth a little over $15 million.
The worm is one of the first malware examples to have used social engineering in cyber attacks.
9. Melissa, virus, 1999
The Melissa virus was distributed automatically via email, using an infected Word attachment and a deceiving subject: “Important Message from (someone’s name).”
Experts consider Melissa one of the earliest malware attacks to use social engineering in history. It affected many organizations and individuals, causing damages worth approximately $80 million.
10. MyDoom, worm, 2004
The MyDoom worm rose to fame in 2004, when it attempted to hit big names in the technological field, such as Google and Microsoft. It was spread through emails with eye-catching subjects, “Error,” “Test,” and “Mail Delivery System.”
MyDoom was used for DDoS malware attacks, and it worked as a back door to allow remote control. Reports estimate the losses in millions of dollars.
How do I defend my company against Malware Attacks?
You should take the battle against malware to two fronts: choosing the right antivirus solution for your company and implementing solid security awareness training for your employees.
ATTACK Simulator can help with the latter.
The majority of the malware examples listed above spread through phishing emails. The best way for your employees to learn to detect a phishing attempt is to experience one.
Here at ATTACK Simulator, we put ourselves in the attacker’s shoes as we believe that understanding their thinking and actions is vital in designing an accurate simulation.
Our Security Awareness Training Program uses 4-Step Phishing Simulations:
- Automated attack simulation – we simulate all kinds of cyberattacks.
- Real-life scenarios – we evaluate users’ vulnerability to give company or pesonal data away using realistic web-pages.
- User behaviour analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
- Malicious file replicas – our emails contain malware file repilcas, to make the simulation as realistic as it can be.
- Interactive lessons – if employees fail to recognize our traps and fall into one, they will discover lessons on the best security practices.
Prevention is better than cure, especially if we’re talking cybersecurity. Choose to prevent and request your quote today.