sb-nz logo
Story image

ESET: A breakdown of 2017’s ransomware epidemic - and what to expect next

14 Dec 2017

​Given the digital plague around the world in 2017, it would be unseemly not to give ransomware its own dedicated piece.

According to ESET, ransomware is growing at a yearly rate of 350 percent and is showing no signs of slowing down. The attack method of illegal encryption of files or devices and then holding them to ransom has become increasingly popular among cybercriminals.

2017 saw ransomware outbreaks in more than 150 countries and the advent of the ‘ransomworm’, where in a few very notable cases, conventional file or disk encrypting ransomware techniques were paired with rapidly spreading network worm functionality.

The result was hundreds of thousands of computers around the globe fell victim to the virulent ransomware strains within just a few hours.

Senior research fellow at ESET, Nick FitzGerald says in the new year businesses are likely to be faced with continuing ransomware incidents, an upswing in DDoS attacks and an increased number of attacks against connected devices, on a much larger scale. 

“We have seen the cybersecurity landscape shift significantly over the course of 2017, with global attacks like WannaCryptor (aka WannaCry) and DiskCoder.C (aka NotPetya) setting disturbing high-water marks for the number of users and companies around the world whose data was maliciously encrypted in one campaign,” says FitzGerald.

“Cybersecurity awareness and vigilance must remain at the forefront of business agendas. Businesses small and large alike must develop cohesive, organisation-wide cybersecurity policies, but more importantly, they need effective, well-rehearsed response and recovery plans.”

Here’s ESET’s indepth look into the most popular strains of ransomware from 2017:


Easily one of the biggest cybersecurity stories of 2017, WannaCry wreaked unprecendented havoc across more than 150 countries where the attack spread like wildfire with its worm-like capabilities on May 12 2017.

The attack demanded $300 worth of bitcoin in ransom, affecting more than 230,000 users including the UK’s NHS and Spain’s Telefonica. ESET labelled this cyberattack as the worst of 2017.


This cyberattack affected banks, power companies, public transport, and postal, courier and shipping companies globally on June 27 2017.

The attack was seeded through the subversion of a software update mechanism built into an accounting program widely used by companies working in Ukraine or with Ukrainian partners – consequently a large number of Ukrainian organisations were affected.

Once run on one PC the malware spread rapidly across an organisation’s LAN either via the EternalBlue exploit against unpatched Microsoft Windows devices or through credential stealing and the use of two Windows system administration tools. Like WannaCry, the attack demanded $300 worth of bitcoin.

Bad Rabbit

First spotted on October 24 2017, this cyberattack’s victims were mainly in Russia and Ukraine and was the third major distributed ransomware incident to have occurred in 2017.

This ransomware spread through "drive-by downloads", where insecure websites are compromised and their content altered to distribute malware, either directly or by redirecting the potential victim to another site controlled by the hacker. 

Compared to WannaCry and NotPetya, Bad Rabbit did not spread as widely, but it was still a notable size and speed of attack for a ransomware campaign.

Looking ahead to 2018

According to ESET, digitisation is a double-edged sword as today’s cloud‑ and app-based environments provide an easy target to sidestep traditional network security, meaning the perimeter of protection has expanded. As organisations continue to embrace digitisation, the threat landscape in 2018 will only increase.

Working closely with IT teams to make smarter cybersecurity investments will be the key to ensuring every facet of the business is protected in the long run.

Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More
Story image
Education sector most at risk of DNS attacks - with a steep cost
84% of education organisations surveyed have been hit by DNS attacks, with each suffering an average of eight attacks.More
Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More