Computer viruses and other malware can create a nightmare scenario for users, potentially causing computer crashes, lost data, and stolen personal information. When they infect thousands—or even millions—of devices, they can also create some serious financial damage. Here’s a look at some of the most expensive malware attacks to date. 

Key Takeaways

  • The term “malware” applies to viruses, worms, trojan horses, and spyware.
  • The most expensive malware infection to date was the MyDoom worm, which resulted in roughly $38 billion of total damage. 
  • In order to minimize the risk of a cyberattack, computer owners should keep their antivirus software up to date and avoid opening suspicious email attachments.


Estimated cost: $38 billion

Year initiated: 2004

The most devastating malware to date may have been MyDoom, which caused more than $38 billion in estimated damages. The effects of MyDoom were far-reaching and fast-moving—when computers were infected with the worm, it created network openings that allowed others to access those machines. In addition, the malware also had the ability to open random programs. In 2004 an estimated 25% of all emails had been infected by MyDoom.


Estimated cost: $37 billion

Year initiated: 2003

In 2003 the SoBig virus caused more than $37.1 billion in devastation. This fast-spreading malware circulated through email as viral spam. If you were exposed, the virus had the capability to copy files, emailing itself to others and causing serious damage to computer software and hardware.


Estimated cost: $31 billion

Year initiated: Early 2000s

Sasser and Netsky were two of the deadliest computer worms in history, and they share an author: German teenager Sven Jaschan. Sasser proliferated by scanning IP addresses on connected computers and directing them to download a virus, whereas Netsky spread through malicious emails. Combined, the worms created a devastating $31 billion of damage in the early 2000s, according to security software firm Norton.


Estimated cost: $15 billion

Year initiated: 2000

One of the first major cyberthreats to use email as its delivery system, ILOVEYOU created major financial damage—and a lot of frustrated email users. Victims received an email with an attached “love letter.” What they were really opening was a visual basic script that contained a program that overwrote any computer files with common extensions such as .doc or .mp3. Adding insult to injury, ILOVEYOU then sent the pernicious email to 50 of the victim’s contacts. All told, the malware created an estimated $10 billion in damages.


Estimated cost: $10 billion

Year initiated: 2017

NotPetya first poked its head up in Ukraine in 2017, but its damage wasn’t limited to that country. It soon began infecting the computer systems of several multinational corporations, including Merck, FedEx, and the shipping giant Maersk. Intelligence agencies in the U.S. and U.K. have suggested that the Russian military created the malware in order to damage Ukraine’s enemies, although the consequences were much more far-reaching.

A computer virus is a file that installs a copy of itself in an existing program and spreads from computer to computer. Worms are similar, but they don’t require a host program and do not need human intervention to spread.


Estimated cost: $10 billion

Year initiated: 2007

The name StormWorm is something of a misnomer—the malware is actually a trojan horse, which is deceptive software that allows criminals to obtain access to sensitive data and spy on you. The malicious file preyed on curious email users, who clicked on a link that purported to be an article about a massive storm devastating Europe.


Estimated cost: $9.1 billion

Year initiated: 2008

Part of what made the Conficker worm so pernicious was that it prevented victims from contacting Internet security firms, the very places where they would seek help. The worm infected as many as seven million computers, creating a vast botnet with the ability to steal sensitive data from its victims. Oddly enough, it didn’t do much once it attacked a computer, though it created a real-enough threat to those with infected machines.


Estimated cost: $4 billion

Year initiated: 2017

For four tense days in 2017, the WannaCry ransomware left a path of destruction that affected roughly 150 countries around the globe. The malware even found its way onto hospital IT systems, where in many cases it put vital equipment out of service. Oddly, its creators asked Britain’s National Health Service for a minuscule $300 ransom to unlock its computers; that’s pretty small for an attack that cost about $4 billion in total financial losses.

Code Red

Estimated cost: $2 billion

Year initiated: 2001

One of the most well-known viruses to date is the Code Red virus. It caused more than $2 billion in damages in 2001 and had the ability to break into computer networks and exploit weaknesses in Microsoft software. Once the virus infected a machine, it actively looked for other machines on the network to attack.


Estimated cost: $1.2 billion

Year initiated: 2003

It’s hard to top Slammer when it comes to inflicting the most damage in the least amount of time. When the worm reared its head in 2003, it infected half of the servers connected to the web in just 15 minutes. The malware was potent enough to cause flight cancellations and temporarily disable 911 centers.

How did it spread so quickly? Slammer exploited vulnerable code embedded in Microsoft’s SQL servers. Once a server became infected, the worm was able to replicate itself within a few seconds. 

The Bottom Line

Oftentimes, the malware that finds itself on computers or servers fails to do serious damage. On several occasions, however, bad actors have managed to inflict serious financial damage. The best way to protect yourself is to be careful when opening email links and attachments and make sure you have antivirus software that can help detect dangerous files before it’s too late