ExPetr, also known as NotPeta, is a complex sort of malware that spread throughout the world using many exploits — scripts that take advantage of a software weakness or security fault – despite solely targeting Ukraine at first. According to specialists, the global Petya/ExPetr malware epidemic wasn't a ransomware campaign, but rather wiper software intended at disruption. ExPetr malware isn't a ransomware assault; rather, it's a wiper attack that damaged PCs all over the world, permanently overwriting their Master Boot Record.

The vulnerabilities EternalBlue and EternalRomance, as well as the Mimikatz research tool and the insecure business software MeDoc, were exploited by the crooks. The malware was delivered as an update via the MeDoc update service. Infected PCs were locked, and users couldn't access any files unless they paid a $300 Bitcoin ransom. ExPetr was a costly cyberattack, with hackers stealing $10 billion (£7.9 billion) in 2017. This breach became one of the most expensive cyber attacks in history because of these synchronized efforts. Our objective as cyber specialists is to prohibit new attacks from ever joining this list as cybersecurity evolves and improves.

Cost: £7.9 billion

Hackers targeted email marketing business Epsilon in 2011, stealing thousands of identities and email addresses. The hack has been dubbed "the worst of its type." Unknown attackers stole into one of Epsilon Interactive's email servers, gaining access to the identities and email accounts of some of its 2,500 business clients, according to the company. The number of accounts compromised in the hack has not been revealed by Epsilon. According to some reports, it is the greatest data breach ever, with tens of millions of email addresses potentially exposed.

Scammers will be able to create authentic-looking email communications that appear to come from a bank or other business with which the user has an established connection using the stolen information. The emails will attempt to persuade recipients to divulge personal information such as usernames and passwords for bank accounts and other internet accounts, or to download malware onto their computers. Epsilon's clients, including Best Buy, JPMorgan Chase, and Target, incurred approximately $5 million in consumer notification, settlement, and compliance fees as a result of this. As a result of the attack, Epsilon has lost up to $4 billion (£3.1 billion).

Cost: £3.1 billion

A 15-year-old called Michael Calce carried out a distributed denial-of-service (DDoS) assault on many high-profile websites around the turn of the century. Michael Calce (also known as MafiaBoy) is a security expert and former computer hacker from Île Bizard, Quebec, who launched a series of highly publicized denial-of-service attacks against large commercial websites in February 2000, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. He also tried and failed to target nine of the thirteen root name servers at the same time. Calce, who went by the online handle Mafiaboy, exploited a series of university networks to flood these sites with data, costing corporations $1 billion (£801 million) to becoming one of the most expensive cyber attacks at that time.

"Government and commercial computer systems are so inadequately safeguarded today that they may virtually be regarded vulnerable - an Electronic Pearl Harbor waiting to happen," computer specialist Winn Schwartau said during a hearing before members of the US Congress. The notion that a 15-year-old could make the world's largest website unavailable caused significant worry. The internet had already become an important element of the North American economy at this point. Consumers lost faith in internet commerce, and the American economy took a hit as a result. Craig Guent, a former CIA operative, attributes the major gain in online security over the last decade to Mafiaboy.

Cost: £801 million

According to an internal watchdog, the Veterans Affairs Department has been routinely transferring veterans' personal data, including medical information and Social Security numbers, through unprotected Internet connections, leaving the information exposed to hackers and fraud. The names of veterans and their dependents, Social Security numbers, dates of birth, and protected health information were among the data exchanged across unencrypted networks by the VA Office of Information Technology (OIT), according to the IG.

According to the article, high authorities granted security rule exemptions to enable unencrypted transmissions. The inability to safeguard the information was in violation of the VA's own security policies as well as provisions of the American Recovery and Reinvestment Act of 2009, which required "the encryption of electronically transmitted health information." The database holding all of these details was stolen after the Veterans Administration failed to encrypt the records of 26.5 million veterans, military people, and their families in 2006. To make matters worse, the unencrypted data was left on a laptop and an external hard drive, resulting in not only a massive public outcry but also projected expenditures ranging from $100 million to $500 million (£400 million).

Cost: £400 million

In 2007, a Russian/Ukrainian hacking gang targeted Hannaford's main servers, successfully spreading malware to all 300 of the company's stores as well as a handful of independent stores that sold Hannaford items. The thieves who stole up to 4.2 million credit and debit card details from Hannaford Bros. Co.'s networks did so by placing malware programs on servers at each of the grocer's stores in New England, New York, and Florida, according to the supermarket.

According to a letter filed to Massachusetts regulators, the malicious software was used to intercept credit card data while it was being transported from Hannaford's point-of-sale systems to approve transactions. According to the letter, which was signed by Emily Dickinson, Hannaford's general counsel, the virus subsequently transferred the stolen card information as well as their expiration dates to an offshore location. 4.2 million Hannaford customer credit card details were taken in the massive data breach, with at least 1,800 of them being used fraudulently. The attack is believed to have cost $252 million (£201 million) in total. It's one of the most expensive cyber attacks in the world.

Cost: £201 million

The 2011 PlayStation Network outage (also known as the PSN Hack) was caused by an "external intrusion" into Sony PlayStation Network and Qriocity services, which resulted in the compromise of personal information from approximately 77 million accounts and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack took place between April 17 and 19, 2011, leading Sony to shut down the PlayStation Network on April 20. Sony stated on May 4 that each of the 77 million accounts' personally identifiable information had been compromised. The outage was 23 days long.

With 77 million registered Sony PlayStation Network accounts at the time of the outage, it was not just one of the greatest data security breaches, but also the longest PS Network downtime in history. It surpasses the 45 million consumers impacted by the TJX breach in 2007. Government authorities from a number of nations expressed alarm about the theft and Sony's one-week delay in notifying consumers. The data breach cost Sony $171 million (£137 million), with identity theft insurance, security enhancements, customer assistance, and an investigation accounting for the losses. However, the company's reputation was shattered, and billions in sales were lost as a result.

Cost: £137 million

Hackers gained access to TK Maxx's wireless LAN and stole 45 million customer records from the retailer's parent business. TJX, the parent company of TK Maxx, has protected its wireless network with Wired Equivalent Privacy (WEP), one of the weakest kinds of wireless LAN security. In the second part of 2005 and into 2006, hackers hacked in and stole the information, which contained millions of credit card numbers.

Hackers hacked the WEP encryption standard used to send data between price-checking equipment, cash registers, and computers at a Minnesota retailer, according to The Wall Street Journal. The thieves then stole usernames and passwords from employees connecting to the company's core database in Massachusetts. As a result, the hackers were able to obtain millions of credit card details in 2005 and 2006, costing the company $118 million (£94 million) in damages at the time, however, this amount has subsequently escalated to $162 million (£129 million) due to the fallout.

Cost: £129 million

Heartland Payment Systems, the sixth-largest payments processor in the United States, reported on Monday that its processing systems were hacked in 2008, potentially exposing an unknown number of customers to fraud. Meanwhile, Forcht Bank, one of Kentucky's top ten banks, advised its clients that it will begin reissuing 8,500 debit cards after learning of a probable compromise from its own card processor. While Heartland is still assessing the extent of the damage caused by the assault, Robert Baldwin, the company's president, and CFO, says law enforcement has already identified the incident as part of a larger cyber fraud operation.

After infiltrating their system in 2008, the virus was able to steal more than 130 million debit and credit card data, although Heartland didn't realize it until 2009. It was the most costly data breach at the time, with a total cost of $140 million (£112 million), and hacker Albert Gonzalez was sentenced to 20 years in jail for his involvement in the cyberattack.

Source: £112 million