Computer malware is not a new problem. It has been around almost as long as computers themselves. But the internet turned into what was once a local nuisance, into a global industry, and a highly profitable one at that. Security researchers now detect and catalogue over 350,000 new malicious programs every single day. Most come and go without making headlines. A handful, however, caused damage so severe they permanently changed how governments, hospitals, and ordinary people think about staying safe online.
This is the history of computer viruses, or at least, the chapters nobody forgot.
Before we get into the three most iconic examples, it helps to understand what we are actually talking about, because “malware” is an increasingly broad term, and not all of it works the same way or needs the same response.
Read our full guide: What is malware and how does it work? →
The world’s most notorious malware attacks
1. WannaCry (2017) – The attack that hit hospitals while the world watched
WannaCry is the one everyone remembers, and for good reason. In May 2017, it spread to 300,000 computers across 150 countries in just a few days. Hospitals, banks, factories, government offices, all locked out of their own systems, all staring at the same Bitcoin ransom demand on their screens.
WannaCry was a ransomware cryptoworm, which means it didn’t wait for someone to click something stupid. It actively hunted for vulnerable machines on the same network and spread itself automatically. Once inside, it encrypted your files and demanded $300 in Bitcoin to unlock them. Miss the deadline and the price went up.
The tool it used to spread was called EternalBlue, allegedly developed by the NSA, stolen by a hacker group, and leaked online just weeks before the attack. It exploited a flaw in older Windows versions that let the worm jump between computers with zero user interaction. No dodgy email, no suspicious download. Just being on the same network was enough.
Here’s the kicker: Microsoft had already patched that exact vulnerability two months earlier. Millions of systems just hadn’t updated their computers.
The damage
The NHS got hit hard, patient records locked, MRI scanners offline, thousands of appointments cancelled. Global damages landed at around $4 billion, with the NHS alone taking a $100 million hit.The attack was eventually stopped by a researcher who found a hidden kill switch in the code, a domain name that, when registered for about $10, halted the entire thing. One person. Ten dollars. Done.
The US and UK later blamed North Korea. North Korea denied it. Everyone else went and updated Windows.
2. CryptoLocker (2013) – The malware that invented a business model
If WannaCry was the attack everyone saw on the news, CryptoLocker was the one that quietly changed the whole game.
It arrived as an email attachment, a zip file with what looked like a harmless PDF inside. One click and it silently encrypted everything on your machine and any connected drives. Then the message appeared: pay between $400 and $1,000 for the decryption key, or lose your files forever. Wait too long and the price goes up.
Why CryptoLocker was genuinely different
Fixed prices and deadlines, no negotiation, clear pressure
An actual working decryption service for people who paid
Organised, consistent, and profitable, basically a criminal subscription service
It spread through a botnet called Gameover Zeus until the FBI shut the entire operation down in May 2014 through Operation Tovar. By then it had already infected over 200,000 computers and extorted millions.
The reason it still matters
Every modern ransomware group is running a version of the playbook CryptoLocker wrote in 2013. Average ransom demands have since climbed to $2.2 million, with some organisations paying tens of millions in a single attack. CryptoLocker was the proof of concept that made all of it possible.
3. Stuxnet (2010) – The one that crossed into the physical world
Stuxnet is in a category of its own. It wasn’t built to steal money or lock up files. It was built to physically destroy machinery.
Believed to have been developed jointly by the US and Israel, Stuxnet was a computer worm aimed squarely at Iran’s nuclear programme. It spread through infected USB drives, got inside industrial control systems, and then did something nobody had seen malware do before: it physically manipulated the centrifuges used to enrich uranium while simultaneously feeding false readings to the operators. Everything looked fine on their screens. Meanwhile, the machines were quietly tearing themselves apart.
By the time it was discovered, Stuxnet had destroyed roughly one-fifth of Iran’s nuclear centrifuges and set the programme back by years.
Before Stuxnet
Malware stole data, locked files, or disrupted systems, purely in the digital world.
After Stuxnet
Code could cause real, physical destruction. No bombs, no troops, just a USB drive and some very clever software.
What made it a turning point wasn’t just the damage, it was what it proved. Stuxnet was the first widely documented case of malware being used as a weapon of war. Code that caused real, physical destruction in the real world.
If WannaCry and CryptoLocker represent the financial side of what malware can do, Stuxnet represents something more unsettling: the moment it crossed into the physical world. Governments and militaries have been thinking differently about cyber operations ever since.
So what’s changed since?
Short answer: things got worse. Faster, bigger, and a lot more organised.
Ransomware as a Service (RaaS)
Over 5,400 ransomware attacks were recorded in 2024 alone, up 11% from the year before. You no longer need any technical skills to pull one off. You can literally rent ransomware infrastructure, point it at a target, and let someone else handle the technical side. It comes with customer support. Cybercrime has a helpdesk now.
Groups like LockBit, RansomHub, and Akira have gone after hospitals, schools, logistics companies, and local governments. Healthcare has been hit especially hard, we’re talking about attacks that delay surgeries and lock doctors out of patient records. Real consequences for real people.
The famous ransomware attacks of 2017 were supposed to be a wake-up call. The cybercriminal world woke up, took notes, and built a bigger operation.
How to actually protect yourself
Most malware gets in through the same doors every time. Close those, and you’re genuinely hard to hit.
Update everything
WannaCry used a hole Microsoft had already patched. Turn on automatic updates and let them do their thing.
Back up your files
Ransomware has no power over you if you have another copy. Keep a backup disconnected from your device, an external drive or cloud storage with version history works fine.
Don’t trust unexpected attachments
CryptoLocker spread through a PDF that wasn’t a PDF. If you weren’t expecting it, don’t open it. If an email is pushing urgency, go to the website yourself instead of clicking anything.
Use antivirus, strong passwords, and 2FA
Not glamorous advice, but it blocks the majority of attacks before they start.
Protect your connection with ZoogVPN
Your device can be perfectly clean and you can still get burned, just by being on the wrong network. Public Wi-Fi in cafes, airports, and hotels is an easy target. Someone on the same network can intercept your traffic, redirect you to fake sites, and grab your login details without touching your device at all.
ZoogVPN fixes that by encrypting your connection before it leaves your device. Here’s what that actually means for you:
✓
No interception: your traffic is unreadable to anyone watching the network
✓
No redirects: fake login pages can’t be slipped in between you and the real site
✓
Private browsing: your ISP can’t see what you’re doing, and neither can advertisers
✓
Safe remote work: access company tools from anywhere without exposing sensitive data
✓
Works everywhere: Windows, Mac, iPhone, Android, one subscription, up to 10 devices
Whether you’re streaming from a hotel room, working from a coffee shop, or just want your browsing to stay your business, ZoogVPN runs quietly in the background and handles it.
- Roksolana KogutRoksolana dives deep into online privacy, security, and the tools that make the internet work better for everyone. She has a natural taste for taking technical subjects and making them feel approachable, useful, and worth reading.
