« Back to Blog

Cylance vs. Olympic Destroyer

By The Cylance Team


All was not fun and games at the Pyeongchang Olympics when a worm called Olympic Destroyer took center stage. The malware disrupted wi-fi, shut down several display monitors, and crashed the official website on Friday, shortly before the opening ceremonies.

Early analysis indicates Olympic Destroyer is engineered to destroy data and disable workstations, not exfiltrate data. The intent, presumably, was to embarrass the Olympic committee by disrupting the commencement of the games.

VIDEO: Cylance vs. Olympic Destroyer

Why is Olympic Destroyer Important and Why Should I be Concerned?

Olympic Destroyer races through an environment corrupting boot records, halting services, and rebooting machines as it travels. It uses WMI and PSExec to traverse the environment, a method previously utilized by BadRabbit and NotPetya. The malware attempts to steal browser credentials in a bid to maximize its destructive reach across a domain.

One silver lining – Olympic Destroyer contains numerous clues indicating the specific nature of its task. The malware has hardcoded user credentials and references the Olympic Games domain and internal servers by name. Olympic Destroyer appears to be written with the narrow purpose of targeting the games.

Cylance Stops Olympic Destroyer

If medals were awarded for preventing future malware, Cylance would win the gold. Our Threat Research team put Olympic Destroyer head-to-head with an old version of CylancePROTECT®, released in November of 2015. The malware never had a chance. Cylance, driven by artificial intelligence and machine learning, was prepared for a threat like Olympic Destroyer nearly two years before it emerged.

The results are clear: Olympic Destroyer cannot score a win against the preventative powers of Cylance. Whether we field today’s version, or our champion from 2015, Cylance prevails against Olympic Destroyer and always comes out on top.