Story image

ESET: A breakdown of 2017’s ransomware epidemic - and what to expect next

14 Dec 17

​Given the digital plague around the world in 2017, it would be unseemly not to give ransomware its own dedicated piece.

According to ESET, ransomware is growing at a yearly rate of 350 percent and is showing no signs of slowing down. The attack method of illegal encryption of files or devices and then holding them to ransom has become increasingly popular among cybercriminals.

2017 saw ransomware outbreaks in more than 150 countries and the advent of the ‘ransomworm’, where in a few very notable cases, conventional file or disk encrypting ransomware techniques were paired with rapidly spreading network worm functionality.

The result was hundreds of thousands of computers around the globe fell victim to the virulent ransomware strains within just a few hours.

Senior research fellow at ESET, Nick FitzGerald says in the new year businesses are likely to be faced with continuing ransomware incidents, an upswing in DDoS attacks and an increased number of attacks against connected devices, on a much larger scale. 

“We have seen the cybersecurity landscape shift significantly over the course of 2017, with global attacks like WannaCryptor (aka WannaCry) and DiskCoder.C (aka NotPetya) setting disturbing high-water marks for the number of users and companies around the world whose data was maliciously encrypted in one campaign,” says FitzGerald.

“Cybersecurity awareness and vigilance must remain at the forefront of business agendas. Businesses small and large alike must develop cohesive, organisation-wide cybersecurity policies, but more importantly, they need effective, well-rehearsed response and recovery plans.”

Here’s ESET’s indepth look into the most popular strains of ransomware from 2017:


Easily one of the biggest cybersecurity stories of 2017, WannaCry wreaked unprecendented havoc across more than 150 countries where the attack spread like wildfire with its worm-like capabilities on May 12 2017.

The attack demanded $300 worth of bitcoin in ransom, affecting more than 230,000 users including the UK’s NHS and Spain’s Telefonica. ESET labelled this cyberattack as the worst of 2017.


This cyberattack affected banks, power companies, public transport, and postal, courier and shipping companies globally on June 27 2017.

The attack was seeded through the subversion of a software update mechanism built into an accounting program widely used by companies working in Ukraine or with Ukrainian partners – consequently a large number of Ukrainian organisations were affected.

Once run on one PC the malware spread rapidly across an organisation’s LAN either via the EternalBlue exploit against unpatched Microsoft Windows devices or through credential stealing and the use of two Windows system administration tools. Like WannaCry, the attack demanded $300 worth of bitcoin.

Bad Rabbit

First spotted on October 24 2017, this cyberattack’s victims were mainly in Russia and Ukraine and was the third major distributed ransomware incident to have occurred in 2017.

This ransomware spread through "drive-by downloads", where insecure websites are compromised and their content altered to distribute malware, either directly or by redirecting the potential victim to another site controlled by the hacker. 

Compared to WannaCry and NotPetya, Bad Rabbit did not spread as widely, but it was still a notable size and speed of attack for a ransomware campaign.

Looking ahead to 2018

According to ESET, digitisation is a double-edged sword as today’s cloud‑ and app-based environments provide an easy target to sidestep traditional network security, meaning the perimeter of protection has expanded. As organisations continue to embrace digitisation, the threat landscape in 2018 will only increase.

Working closely with IT teams to make smarter cybersecurity investments will be the key to ensuring every facet of the business is protected in the long run.

AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.