PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

File-Wiping Malware Targets Networks at Winter Olympics

The malware is similar to the BadRabbit and NotPetya ransomware outbreaks from last year, according to Cisco Talos.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Malware designed to wipe computer systems may be behind a cyber attack that briefly disrupted the 2018 Winter Olympics on Friday.

As The Guardian reports, the Olympic stadium's Wi-Fi and the PyeongChang 2018 website went offline right before the opening ceremony, preventing customers from printing out tickets, among other things.

On Sunday, Olympic organizers blamed a cyber attack, but declined to elaborate. However, security researchers at Cisco's Talos group identified the possible culprit: a strain of Windows malware they've dubbed "Olympics Destroyer."

"The malware author knew a lot of technical details of the Olympic Game infrastructure such as username, domain name, server name and obviously password. We identified 44 individual accounts in the binary," Cisco Talos said in a Monday blog post.

Olympic Destroyer Sample

Once it infects, the malware will try to harvest additional passwords from the computers in an effort to spread to other protected systems on the network. It'll also proceed to brick the entire machine.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

The malware does so by first deleting the backup copies of the Windows systems state, preventing file recovery. It'll then modify the machine's configuration, disabling the boot-up processes, before finally shutting the computer down.

"The sole purpose of this malware is to perform destruction of the host and leave the computer system offline," the researchers said.

So far, it isn't clear how the malware—a Windows file—is delivered to computers. Cisco Talos noticed the malware over the weekend when a sample was uploaded to Virus Total, an online library for malware. The team then corroborated its findings with data taken from the company's security products.

It also isn't known who was behind the attack, but the malicious code is similar to two ransomware attacks from last year called BadRabbit and NotPetya. All three use the same communication channel technique to execute the infection process, Cisco Talos said. Both strains affected PCs in Ukraine; authorities there blamed Russian state-sponsored hackers.

In 2016, suspected Russian hackers also targeted the World Anti-Doping Agency, and leaked medical files from US Olympians.

Russia has denied any involvement with state-sponsored hacking. Last week, the Kremlin went as far to predict that Western media would blame the country for any cyber attacks that disrupted the Olympic Games. Russia itself has been banned from this year's Olympics over doping allegations.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio