The 5 worst ransomware attacks to date

In the Wild West, moving valuables from town to town was a dangerous business. At any moment, stagecoaches could be ambushed by bandits, causing the victims to lose months of wages in one swift attack. In the 21st century, the outlaws are played by online ransomware attackers, and the victims are multinational corporations.

Unfortunately, not only Fortune 500 companies are being targeted. Therefore, it’s vital to learn more about this type of online threat. To help you out, we’ve made a list of the top 5 examples of ransomware attacks. Like the Wild West bandits, these attackers have strained cybersecurity systems to the breaking point, showing no signs of stopping anytime soon.

1. The 2016 Petya ransomware attack

Until 2016, Petya was just a traditional Bulgarian baby name. But when security analysts baptized the year’s most severe ransomware attack, the name quickly lost its cuteness element.

The Petya attack easily could have cost $10 billion or more globally as it targeted the largest organizations. For example, some of the victims included the shipping giant Maersk, British industrial group Reckitt Benckiser, law firm DLA Piper, and – most worryingly of all – the systems monitoring the Chernobyl nuclear site.

The attack focused on the Microsoft Windows booter, which provided access to the target system’s master bootloader. By triggering a reboot, it could launch directly into ransomware software. This software then encrypted user files and demanded payment in Bitcoin to release them.

In a stunning twist, the original attack was followed in 2017 by the “NotPetya” attack. A close cousin of Petya, this follow-up used a Windows backdoor called EternalBlue, which was created by the NSA – a case of blowback from the ever-expanding security state.

2. The Wanna Cry ransomware attack

The Wanna Cry ransomware attack overshadowed Petya when it appeared out of nowhere in May 2017. WannaCry spread using the same EternalBlue exploit, which allowed hackers to propagate “cyberworms” across unpatched Windows systems.

This ended in a slaughter. In the UK, hospitals were denied access to their IT systems, putting the lives of patients at risk. Major corporations like Nissan, Telfonica, FedEx, and Deutsche Bahn were also targeted. In all instances, core IT services were knocked out of action, as hackers demanded huge Bitcoin payments to restore functionality.

It’s estimated that Wanna Cry caused around $5 billion in damage. The worst part is that we still cannot say who started it. While the blame was initially directed at North Korea, it was the NSA that developed the EternalBlue exploit that Wanna Cry used to spread itself.

It could actually have been even worse if not for one researcher. He discovered a “kill switch” in the cyberworm’s code, which allowed targeted organizations to restore their systems. But at that point, Wanna Cry had already caused a significant amount of damage both in the online and real world.

3. The Atlanta (SamSam) ransomware attack

Some of the most mind-blowing ransomware attacks have exposed the vulnerability of entire cities. In March 2018, Atlanta, the Capitol of Georgia, had its systems fall into the hands of hackers.

With security experts struggling to solve the issue, city clerks were forced to revert to paper and pens when handling vehicle licenses or taxes. Footage from Police dash cams was deleted, while a third of the council’s software was taken offline.

The Atlanta threat, named SamSam ransomware, is still known for its uncommon form of attack. Instead of waiting for the staff members to open phishing emails, SamSam used “brute force” to access Atlanta’s IT infrastructure.

In the run-up to the attack, the city government had been bashed for using outdated IT technology, and SamSam ransomware attack proved the point. Old security systems left accounts across the government wide open, and the hackers didn’t hesitate to accept such an invitation.

For individuals and SMBs, this is a textbook example of why they should update their software on a regular basis. Failing to do so will put you at risk of a similar brute force attack similar to that of Atlanta.

4. The 2017 Bad Rabbit ransomware attack

In September 2017, security analysts noticed a new type of ransomware attack. Named as Bad Rabbit ransomware, it disguised itself as a Macromedia Flash update.

Most of us have encountered these updates when clicking on embedded videos on websites. Over the years, Flash has continued to be known for security weaknesses, and Bad Rabbit wasn’t the first instance when users got more than they bargained for after watching a video.

Instead of launching a legitimate Flash update process, Bad Rabbit almost instantly locked up targeted computers, demanded a $280 payment in Bitcoin, and gave users 40 hours to comply. If not, victims could bid farewell to the content of their hard disk drives.

Luckily, the Bad Rabbit ransomware attack didn’t spread wide. Instead, the attack was mostly confined to Russia and Ukraine, where it presumably originated. Microsoft was quick to release patches for the affected systems and infected Flash files were in most cases removed.

Bad Rabbit stands as an example of how cautious we need to be when dealing with .exe downloads. Anyone could click on these links, and without proper protection, this can have devastating results.

5. The 2016 Locky ransomware attack

The 2016 Locky ransomware attack provides us with another angle on the problem. This time, hackers used fake invoices that were emailed together with a Word file attachment.

Just like the owls, this attachment wasn’t what it seemed. When opened, it looked like a stream of nonsensical text. But this apparent nonsense was prefaced with the instruction “Enable macro if data encoding is incorrect.”

You don’t need to guess what happened when users enabled Word macros. Instead of decoding the invoice, enabling macros triggered the Locky ransomware download.

That was followed by the usual demands – requiring victims to download the Tor browser and transfer 1 Bitcoin, which was worth thousands of dollars back in 2016. Many complied. For example, Hollywood Presbyterian Hospital in California sent $17,000 to hackers. And, as it’s become a norm in case of a major ransomware attack, most victims decided to wash their dirty laundry in private.

Protect yourself against a serious ransomware attack

Everyone should be concerned about falling victim to a ransomware attack. As these examples show, since 2016, the world has been rocked by successive attacks, and law enforcement bodies have very few answers about how to prevent them.

As individuals and businesses, there are things we can do. For example, installing a Virtual Private Network (VPN) is an excellent idea. This can encrypt your data and anonymize your online identity, making you less vulnerable to phishers.

But common sense and vigilance are just as important. Be cautious about email attachments and .exe downloads. And install the latest OS patches. It’s easy to put off updating due to time constraints or costs, but those updates can make all the difference. And when you factor in the cost of losing your data and systems, it’s a no-brainer.