Cyberattacks using computer viruses or malware have been costing billions of dollars each year in cleanup and repair costs. Having been in this industry for almost three decades, I still recall some of the most notable and devastating computer viruses from the past. Today, I am listing some of those that I have witnessed and that were global in nature. Here, I am avoiding comparisons to data breaches that have occurred earlier. Instead, I am focusing on global cyber threats that infected thousands and millions of computers worldwide, avoiding targeted cyberattacks that breached specific databases and caused financial damages.
The figures listed below are from multiple published sources. I have tried to include figures where most experts have reached a consensus after years of research and studying different sources. The estimates sometimes differ due to the various complexities involved in calculating the losses. The costs include financial losses to businesses due to attacks, such as operational losses, remediation costs, and restoration costs. Often, the costs do not include reputation damage costs and other indirect expenses. Many of the customers of impacted businesses cover most of the bill themselves, which is often missed in the final calculations.
Here are the cyberattacks that I remember, along with the year, month, and the estimated amount of losses that were incurred:
February 2004
Malware: MyDoom (Worm)
MyDoom became a rapidly spreading worm via email and P2P networks, causing widespread damage by initiating DDOS attacks.
Estimated damage: Around 38 Billion USD
October 2001
Malware: Klez (Worm)
This was a self-spreading worm that used to drop highly polymorphic executable malware on infected computers.
Estimated damage: Around 20 Billion USD
May 2000
Malware: ILOVEYOU (Computer Worm)
In May 2000, a computer worm by the name of ILOVEYOU spread at lightning speed using email and IRC channels, infecting more than 10 million computers worldwide.
Estimated damage: 10-15 Billion USD
June 2017
Malware: NotPetya (Malware)
NotPetya was malware designed to attack and cause damage to Ukraine during the Russia-Ukraine conflict.
Estimated damage: 10+ Billion USD
May 2017
Malware: WannaCry (Ransomware)
In May 2017, we saw a global IT outage caused by WannaCry ransomware, which spread to more than 150 countries in just a few hours.
Estimated damage: Around 4 Billion USD
July 2001
Malware: CodeRed (Worm)
CodeRed was an automatic, fast-spreading computer worm that exploited an IIS server vulnerability, causing global disruption.
Estimated damage: 2 to 3 Billion USD
January 2003
Malware: SQL Slammer (Worm)
This 376-byte malware exploited a buffer overflow vulnerability in SQL Server and holds the record for the fastest-spreading malware, causing a global internet outage in minutes. It never got written to any file and spread only through wires/connections.
Estimated damage: 1 to 1.2 Billion USD
June 1998
Malware: CIH (Virus)
CIH, also known as the Chernobyl virus, was one of the most destructive malware that overwrote hard disks and BIOS on April 26th, making the PCs inoperable.
Estimated damage: Around 250 Million USD
March 1999
Malware: Melissa (Worm)
One of the early email worms, Melissa kept sending itself via email to people in your contact list, along with pornographic images attached to the message.
Estimated damage: 80 Million USD
There are a few more notable malware that caused significant damage. I have listed those widespread attacks that had a substantial impact and on which I personally witnessed the outages and worked on the malware detection and protection for our users. There were a few more I could mention just by name, as the estimated losses caused by these malware were not recorded or studied thoroughly and are from an older era. Viruses to name a few include PCStone, Cascade, DIR2, and Michelangelo.
The photo I am sharing is from 3rd May 2002 from Pune Times page of The Times of India, the news and discussion was about the new variant of Klez Worm that was causing disruption globally.
The recent IT outage, which was widespread, was not caused by any virus or malware. The damage caused by this IT outage was so devastating that it brought back memories of similar damages caused by viruses earlier. The current IT outage was caused by a faulty update by CrowdStrike and can go down in history as one of the biggest outages not caused by any virus or cyberattack.
The figures for the estimated damage caused by the latest IT outage are not yet calculated, but they will be revealed soon. I am sure the estimated losses will be upwards of 20 Billion USD or more.
