What is a ransomware Attack?

It is the kind of external cyber attack where the attackers lock in sensitive digital assets of a business in exchange for a ransom. They may use malware to gain control of the network and access sensitive company-specific files such as financial, personal, or sensitive information.

Why are ransomware attacks worrying organizations globally?

As cyber attackers continue targeting businesses, new methods of cybercrime emerge. Ransomware-attack-as-a-service has grown to be prevalent in recent years.

 

It is a business model often used by cybercriminals, individual or state, involving a transaction where affiliates pay ransomware attackers for their services.

 

Here are some of the shocking ransomware attack numbers:

 

• By 2030 there will be a ransomware attack every 30 seconds.
• Over 71% of businesses faced a ransomware attack last year.
• Over 54% of ransomware attacks are phishing mail based.
• The average cost of a ransomware attack is around $4.62 million.
• Over 61% of SMBs faced ransomware attacks in 2021.
• Only 41% of organizations are concerned about a ransomware attack in 2023.
• 80% of organizations that paid ransom faced another ransomware attack.

Biggest ransomware ever paid

One of the highly damaging outcome of ransomware attacks

 

UCSF – $1.14 m

 

Netwalker ransomware – US

 

Costa Rica – $$20m

 

The sector paying the most ransom

Among all the sectors that paid the ransom, the manufacturing and production sector paid the highest ransom. It is primarily due to the recent IoT and OT technology integration to make operations more efficient and give way for productivity in manufacturing.

 

The second sector that paid the most ransom was energy/oil/gas and utilities.

10 of the biggest ransomware attacks in History

• WannaCry (Net loss: $4 billion)
• NotPetya (Net loss: $10 billion approx)
• locky (Net loss: $393,692,400)
• Cryptolocker (Net loss: $300 payout each)
• Bad Rabbit (Net loss: Unknown)
• Cerber (Net loss: At least $2.3 million annually)
• Jigsaw (Net loss: $1b globally)
• LockBit (Net loss: Approx $3b globally)
• SamSam (Net loss: $6 million)
• Cl0p MOVEit (Net loss: $3b)

Not so recently, we did a blog on some of the most dangerous ransomware attacks in 2024. Now let us look at some of the biggest ransomware attacks of all time.

 

More about the Biggest Ransomware Attacks

 

1. WannaCry

About the victim

WannaCry impacted many high-profile companies like the National Health Service in the UK, Boeing, Russian railway systems, telecom providers, interior ministry, and more than 200000 computers in 150 countries worldwide.

 

What happened

It was a ransomware worm that spread across multiple computer networks in 2017. It infected Windows computers and made it impossible for users to access the hard drive.

 

When it happened

2017

 

What did it cost

• Over $4 billion in losses worldwide
• Sensitive data in more than 2 million computers across 150 countries at risk

 

2. Petya/NotPetya/GoldenEye/ExPetr

About the victim

It impacted 400,000+ customers across multiple Ukraine businesses, and over 90% of public services. Apart from Ukraine, The UK, India, the US, Russia, France, Germany, and Korea were also impacted.

 

What happened

It is one of the most evolved forms of ransomware attacks that infect boot loaders with malicious code and lock up/encrypt hard drives of computers all at once instead of going one by one. It specifically targeted Microsoft Windows-based computers.

 

When it happened

2016

 

What did it cost

• Global cost – $10 billion approx
• FedEx – $400 m
• Maersk – $300 m

 

3. locky

About the victim

Locky was part of 17% of all ransomware attacks around the world. It had more than 400,000 victims at the first week of detection and 30 devices getting infected every minute across multiple countries.

 

What happened

Locky is a Microsoft Windows-based ransomware that infects computers, scanning all the drives and networks for specifically targeted files and encrypts them using AES encryption. Once done, it will change the wallpaper to ransom note and display the website on the default web browser.

 

When it happened

2016

 

What did it cost

• Yearly global cost – $393,692,400

 

4. Cryptolocker

About the victim

Although Cryptolocker made no specific targets, they had targeted a high number of entities across the globe (around five million victims).

 

What happened

It is considered one of the toughest ransomware to crack, so tough that governments had to form a task force to crack it. It is usually via malware installed through a phishing email, locking out all the critical files of the victim on network storage.

 

When it happened

• 2013
• What did it cost
• 500000+ victims ($300 payout each)

 

5. Bad Rabbit

 

About the victim

It has targeted organizations from multiple businesses across Ukraine, Russia, Germany, Turkey, Korea, Japan, and Poland. There were at least 200 infected targets that were all hit at the same time.

 

What happened

It is a ransomware that shares similarities with WannaCry and Petya. It slides into the system of its victims by disguising itself as an Adobe Flash installer through compromised websites. Once the victim clicks the installer, their systems display a ransom note with a deadline.

 

When it happened

2017

 

What did it cost

• Thousands of compromised systems across Ukraine, Russia, Japan,Germany and Turkey .
• 200 companies infected

 

6. Cerber

About the victim

Cerber ransomware as a service runs over 161 active campaigns across the world, running mini-campaigns targeted towards high net worth businesses across the United States, Australia, China, Japan, and other countries.

 

What happened

Cerber is a ransomware-as-service where the attacker issues a license of the Cerber ransomware over the dark web and splits the ransom derived from it. It eases finding and spending time on targets by outsourcing the job to someone else.

 

When it happened

2017

 

What did it cost

At least $2.3 million annually

 

7. Jigsaw

About the victim

Jigsaw has targeted individuals from around the world unspecifically at large.

 

What happened

Borrowing the name from the Saw movie series, Jigsaw ransomware makes its way to the system by spamming emails. Once the victim clicks on the infected link, it locks the files and deletes them automatically within a given period.

 

When it happened

2016

What did it cost

• Approx $1b globally

 

8. LockBit

About the victim

Since 2019, a series of Lockbit attacks perpetrated by ransomware gangs rumored to be from Russia. LockBit ransomware attacks have affected hundreds of businesses across multiple countries like Australia, New Zealand, Canada, the United Kingdom, and the United States.

 

What happened

LockBit is another ransomware that profits by offering the ransomware-as-a-service to affiliates on the darknet, where the gang earns the cut from victims targeted by affiliates.

 

When it happened

2019

 

What did it cost

Approx $3b globally

 

9. SamSam

About the victim

SamSam’s victims include critical infrastructure institutions like power, healthcare, transportation, and businesses across industries in multiple countries like the UK, France, the Middle East, Australia, Canada, Israel, and the Middle East. They engaged in more than 200 attacks in the US and Canada alone!

 

What happened

SamSam attackers use Remote Desktop Protocols (RDP) to access server, specifically Windows, and once they gain unauthorized and unlawful access to the servers engages in infecting it with malware, escalating admin rights, and running executable file, encrypting all the files of the victims.

 

When it happened

2015

 

What did it cost

• $6 million total in ransom payments
• $3b global cost to businesses

 

10. Cl0p MOVEit

About the victim

Cl0p or Clop has affected more than 150 organizations and 16 million individuals worldwide. It has become so dangerous that the U.S State Department has offered a $10 million bounty

 

What happened

Ransomware gang named Cl0p/Clop has exploited MOVEit Transfer, a tool used by organizations to transfer large files over the internet. They then infected it with malware and locked out the files of users using remote code execution attacks on servers.

 

When it happened

• 2019 – active
• What did it cost
• Estimated global cost – $3b
• Actual cost – Unknown

Wrapping it up

We have seen how dangerous ransomware attacks can be, causing a global catastrophe, impacting millions of businesses worldwide. As cyber criminals continue to evolve their techniques and ransomware strains keep getting tougher to decipher, it is critical to take proactive measures against ransomware.

 

We are a global cybersecurity vendor with our SOCs running 24×7. We have the perfect blend of human expertise and technology to solve some of the most immediate cybersecurity needs of an organization.

 

Through a robust open architecture platform, we intend to offer what it takes to keep an organization’s cybersecurity posture resilient against the most notorious cybercriminals.

 

Partner with us to experience next-gen cybersecurity.