SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

ESET: A breakdown of 2017’s ransomware epidemic - and what to expect next

Thu, 14th Dec 2017
FYI, this story is more than a year old

​Given the digital plague around the world in 2017, it would be unseemly not to give ransomware its own dedicated piece.

According to ESET, ransomware is growing at a yearly rate of 350 percent and is showing no signs of slowing down. The attack method of illegal encryption of files or devices and then holding them to ransom has become increasingly popular among cybercriminals.

2017 saw ransomware outbreaks in more than 150 countries and the advent of the ‘ransomworm', where in a few very notable cases, conventional file or disk encrypting ransomware techniques were paired with rapidly spreading network worm functionality.

The result was hundreds of thousands of computers around the globe fell victim to the virulent ransomware strains within just a few hours.

Senior research fellow at ESET, Nick FitzGerald says in the new year businesses are likely to be faced with continuing ransomware incidents, an upswing in DDoS attacks and an increased number of attacks against connected devices, on a much larger scale.

“We have seen the cybersecurity landscape shift significantly over the course of 2017, with global attacks like WannaCryptor (aka WannaCry) and DiskCoder.C (aka NotPetya) setting disturbing high-water marks for the number of users and companies around the world whose data was maliciously encrypted in one campaign,” says FitzGerald.

“Cybersecurity awareness and vigilance must remain at the forefront of business agendas. Businesses small and large alike must develop cohesive, organisation-wide cybersecurity policies, but more importantly, they need effective, well-rehearsed response and recovery plans.

Here's ESET's indepth look into the most popular strains of ransomware from 2017:


Easily one of the biggest cybersecurity stories of 2017, WannaCry wreaked unprecendented havoc across more than 150 countries where the attack spread like wildfire with its worm-like capabilities on May 12 2017.

The attack demanded $300 worth of bitcoin in ransom, affecting more than 230,000 users including the UK's NHS and Spain's Telefonica. ESET labelled this cyberattack as the worst of 2017.


This cyberattack affected banks, power companies, public transport, and postal, courier and shipping companies globally on June 27 2017.

The attack was seeded through the subversion of a software update mechanism built into an accounting program widely used by companies working in Ukraine or with Ukrainian partners – consequently a large number of Ukrainian organisations were affected.

Once run on one PC the malware spread rapidly across an organisation's LAN either via the EternalBlue exploit against unpatched Microsoft Windows devices or through credential stealing and the use of two Windows system administration tools. Like WannaCry, the attack demanded $300 worth of bitcoin.

Bad Rabbit

First spotted on October 24 2017, this cyberattack's victims were mainly in Russia and Ukraine and was the third major distributed ransomware incident to have occurred in 2017.

This ransomware spread through "drive-by downloads", where insecure websites are compromised and their content altered to distribute malware, either directly or by redirecting the potential victim to another site controlled by the hacker.

Compared to WannaCry and NotPetya, Bad Rabbit did not spread as widely, but it was still a notable size and speed of attack for a ransomware campaign.

Looking ahead to 2018

According to ESET, digitisation is a double-edged sword as today's cloud‑ and app-based environments provide an easy target to sidestep traditional network security, meaning the perimeter of protection has expanded. As organisations continue to embrace digitisation, the threat landscape in 2018 will only increase.

Working closely with IT teams to make smarter cybersecurity investments will be the key to ensuring every facet of the business is protected in the long run.

Follow us on: