3 Most Expensive Cyber-Attacks in 2017 and what they cost

Adam Ong 14.11.2017

With the number of Cyber-attacks unfortunately on the rise, the importance of organisations prioritising their IT Security investment has never been more significant. Let’s take a look at some of the most damaging attacks this year.


When did this happen?

According to reports, the breaches may have occurred as far back as December 2016. When did the public find out? March 2017

What happened?

According to Equifax’s CEO the incident occurred due to a combination of human and technical failures. Essentially the organisation was using Apache Struts as its tool for developing applications. A flaw had developed where ‘non-privileged users’ were able to gain access to administrative functions. Equifax, despite presumably being aware that Apache had advised of vulnerabilities on their framework, had allegedly failed to implement fixes in an adequate timeframe. Long story short, personal information (including Social Security Numbers, birth dates, addresses, even drivers' license numbers) of 143 million consumers were exposed.

COST? Estimates say up to USD $4 Billion!


2.      WannaCry – Was ‘THE BIG ONE’!

When did this happen?

WannaCry first appeared on Friday, May 12 2017.

What happened?

The way in which WannaCry works, is that it is equipped to search for, and encrypt multiple file types. Once encrypted, it will block access to these files and demand users pay a US$300 ransom in bitcoins and threatening users that the payment amount will be doubled after three days. If payment is not made after seven days, it claims the encrypted files will be deleted. Once WannaCry was unleashed, it spread to more than 100 countries in less than 24 hours. Although the creators of this ransomware only ever received around $140,000 in bitcoin from the operation, losses incurred by effected organisation were enormous.  

The happy ending here is that Microsoft, the ‘knight in shining armour’ they no doubt are, have implemented a kill-switch which has seemingly ended the debacle.

COST? Estimates also say up to USD $4 Billion!


3.      Petya/NotPetya/Nyetya/Goldeneye etc. etc. etc. – A Wannabe ‘WannaCry’?

When did this happen?

Not long after Wannacry. 27 June 2017 to be precise.

What happened?

This was another ransomware attack, possibly inspired by the resounding success of WannaCry. It functions quite similarly to WannaCry, by encrypting certain file types and demanding USD$300 in Bitcoins as a donation. There are, however, a few differences. Unlike WannaCry, ‘Petya/Not Petya’ has no single kill switch, making it harder to unilaterally stop. Also, it is a more targeted operation focused more on spreading through internal systems. This means that it didn’t breach as many organisations however, the impact it had on those it did breach was enormous. FedEx and Maersk both estimate $300M in lost earnings. ​

Cost: $300 Million (for both Maersk & FedEx) – the rest is unknown!

So what does all of this mean? (apart from potentially being an exercise in Schadenfreude - admit it…) – This is all to underline the importance of organisations recognising the very real threat posed by cyber-attacks, with Accenture reporting that the average cost of cybercrime for large enterprises is now averaging USD$ 11.7 million per organisation. Given the increased number of attacks, this number is more than likely only going to grow.


Obviously, this article has focused on the potential financial costs, but of course it would be remiss to underestimate the legal implications of having the data your company holds breached (Another article for another day!)

In recognition of this, organisations will need to be investing in time, physical resources and in people to ensure they are as well prepared as possible to avoid or at least mitigate against any future attack.

If you would like an introduction to some of the best talent in IT Security, please click here and visit my profile.

Don’t let your organisation be the next headline.

Adam Ong's picture
Consultant | IT