The Worst Malware of 2017

Like viruses in the natural world, malware variants are constantly evolving. Their creators update them to better penetrate cyber security software and evade detection. Some of the worst (i.e., best-designed) malware of 2017 follows this pattern, in some cases with surprisingly rapid evolution over the course of just a few months.

2017 has been a breakout year for ransomware

Ransomware is nothing new. It has been around since at least the 1980s, and its basic premise has remained mostly the same: It takes files hostage using encryption and then demands payment in exchange for a decryption key to safely retrieve them.

However, 2017 saw major advances in ransomware efficacy. Three headline-grabbing threats demonstrated this progress:


This piece of ransomware emerged in May 2017. It infected more than 400,000 machines and caused trouble for Spanish telco Telefonica and the U.K. National Health Service, among others. Very few of its victims actually paid the ransom.

WannaCry had several notable capabilities. First, it exploited outdated and unpatched operating systems. Most of its victims were running Microsoft Windows 7, which was originally released in 2009, or the even older Windows XP. All of them were also missing the patch for a flaw in the pivotal Server Message Block (SMB) protocol, which WannaCry took advantage of to spread.

Another novel feature of WannaCry was its mysterious inclusion of a kill switch. A security researcher was able to shut down the threat by registering a specific URL listed in WannaCry’s code, according to Wired.

Ransomware has loomed large n 2017.Ransomware has loomed large n 2017.


Following in WannaCry’s footsteps, NotPetya emerged in the summer of 2017. It targeted the same Windows weakness – known as EternalBlue – as WannaCry but added a few twists of its own.

Most importantly, it included a password-harvesting feature that enabled it to steal credentials from the local filesystems and memories of machines as it jumped between them, according to Forbes. It also lacked the convenient kill switch inexplicably contained in WannaCry.

Bad Rabbit

The latest of the bunch, Bad Rabbit emerged in October 2017 in Russia and Ukraine. Unlike WannaCry and NotPetya, it didn’t take advantage of EternalBlue.

However, it was designed to spread through SMB (like WannaCry), and it could harvest usernames and passwords (like NotPetya). One of its defining features was its ability to infect devices by tricking their users to install a fake update to Adobe Flash Player, according to Vice.

This attack angle has nothing to do with the many flaws in Flash documented over the years. Instead, it is designed to compromise the machines of visitors to specific sites – a process sometimes called drive-by downloading.

Beyond ransomware: A look at malware embedded in CCleaner

There are many lessons to be learned from these ransomware threats, with the main ones being:

  • Keep all software up-to-date with the latest security fixes.
  • Don’t pay the ransom since there’s no guarantee you’ll get your data back.
  • Ignore links and instructions from untrusted sources.

These best practices as well as cyber security software are essential to overall data protection. But what if even your defensive tools were themselves infected with malware?

Such a situation arose this year when the widely used CCleaner application – a popular utility for clearing browser cookies and protecting privacy, which has been downloaded more than 2 billion times according to its developer – was discovered to contain a corrupted installer. The servers that delivered signed (i.e., official) downloads had been compromised, resulting in malware being delivered alongside the app.

The threat in CCleaner was apparently disarmed before it did any widespread harm, despite an estimated 2.27 million infections, according to The Verge. The episode highlights the importance of vetting any security vendor before entrusting them to protect your most important online information.

Cloudbleed: Malware for the age of cloud computing

Many websites rely on third-party cloud service providers to supply and manage essential IT infrastructure and services. Ideally, this business relationship is mutually beneficial, since the sites get reliable assets while the CSPs receive steady subscription revenue.

“Sensitive data from FitBit and Uber may have been exposed by Cloudbleed.”

Security mishaps can jeopardize this equilibrium, though. In February 2017, a critical flaw was identified in the solutions of internet infrastructure company CloudFlare. The vulnerability was quickly patched, but it might have been exposed for months prior to its discovery. During that time, sensitive data from major sites such as FitBit, Uber and OkCupid may have been exposed.

Changing the passwords on these sites is a good first step in reducing risk. Installing comprehensive cyber security software for identity theft protection, automatic virus detection and anti-phishing defense makes you even safer. Find out more about Ultimate Internet Security to get started.