Ransomware attacks pose an ever-growing threat to both individuals and organizations.
In this article, we’ll walk you through 7 famous and absolutely terrifying ransomware examples that have caused immense financial damage to their victims in the past 30 years. And it goes without saying that ransomware is, indeed, as black as it’s painted.
What is Ransomware?
Ransomware is a common type of malware that breaks into your computer or network, encrypts your files or systems, and denies you all access to them unless you pay a ransom. In theory, if you choose to pay up, you will receive a decryptor that will release your files held hostage.
Why “in theory”? Because, in many cases, the paying victim doesn’t even receive the key, or they do, but the key is not effective.
The hackers will usually require you to make the illicit payment in cryptocurrencies, such as bitcoin or monero. The reason is as shady as you may guess: this makes the cybercriminals much harder to track down.
Both FBI and Europol highlight ransomware as today’s digital world’s biggest threat.
7 Famous Ransomware Examples
Check out the following ransomware examples and the jaw-dropping damages they caused to their victims.
1. Ryuk – 2019 and 2020
Ryuk is a nasty ransomware that spreads through email phishing campaigns. It’s one of the most expensive and damaging ransomware in history, requiring well above the average ransom payments of over $300,000 and having caused more than $60 million in damage worldwide.
This ransomware is enterprise-focused and developed and run by the Wizard Spider cybercrime group. It uses spear-phishing techniques to target high-ranking individuals within an organization. Following the infection, the victim will receive a note named RyukReadMe.txt with details regarding the ransom amount and where to send it, like in the image below:
2. SamSam – 2018
SamSam was identified in 2015, and it stands out on our ransomware examples list because of the fact that it uses both remote desktop protocol exploits and brute-force strategies to exfiltrate credentials. I
In 2018, two Iranian hackers allegedly used SamSam against more than 200 organizations from various sectors in the US and Canada, causing losses worth $30 million.
What makes SamSam particularly scary is its ability to assume administrator rights before downloading the malware onto a system, meaning that you don’t even have to download anything to become a victim.
What’s intriguing and somewhat ironic is the hackers’ attempt at reassuring the victims they’re honest. The victim is asked to make the first payment for a first key, which would unlock only a few machines.
3. Wannacry – 2017
WannaCry is unique because it duplicates itself without modifying any files or affecting the boot sector once it sneaks into a system. It was responsible for one of the most devastating ransomware attacks launched in 2017 and infected 230,000 computers in less than a day, resulting in $4 billion in losses.
It spreads mainly via email scams and exploits a vulnerability in older Windows versions.
It’s interesting that even today, some phishing emails are claiming that you’ve been infected with WannaCry. But they’re plain emails with no files, trying to trick you into paying a ransom.
4. Petya – 2016
Petya was first discovered in 2016 when it started spreading through phishing emails. Petya is actually a family of various types of ransomware, responsible for estimated damages of over $10 million.
It affected different organizations all over the world, from banks to transportation companies and healthcare providers. To regain access to your computer or network, you need to pay a ransom of approximately $300 for each user.
Petya targets Windows-based systems and infects the master boot record. It encrypts the Master File Table of the NTFS file system and then displays the message below:
Locky was initially released in 2016, and it propagates itself mainly through emails containing a malicious Microsoft Word document. If you’re targeted and open the infected file, you will see unintelligible data and the phrase “Enable macro if data encoding is incorrect.” If you proceed with enabling macros, the ransomware will be downloaded onto your system and start encrypting your files. Following the encryption, you will receive a message containing instructions regarding the ransom payment.
6. CryptoLocker – 2013
CryptoLocker is a milestone for its time. It was launched in 2013, and it used a large, non-standard encryption key that puzzled even cybersecurity specialists.
It is a trojan horse that would gain access to and encrypt files on a system. Hackers would deploy social engineering tactics to trick employees into downloading the ransomware onto their computers and infect the entire network.
CryptoLocker has since been taken down, and it is believed that the cybercriminals behind it managed to infect over 200,000 Windows-based computers and extort approximately $3 million from the affected organizations.
7. AIDS Trojan or PC Cyborg – 1989
AIDS Trojan or PC Cyborg is the first ransomware ever. Its developer, Joseph Popp, is considered the father of ransomware, with many following his lead in the years to come.
It spread through infected floppy disks. They were sent to the World Health Organization’s international AIDS conference participants in 1989.
This ransomware would hide file directories and block file names, then ask you to pay $189 to a mailbox in Panama to recover your data. It had weak encryption, so it didn’t cause major problems.
Protect Your Company from Ransomware Attacks with ATTACK Simulator
The majority of the ransomware examples above have one thing in common: their infectious vector – phishing emails.
The best way for your employees to learn to spot and deflect a phishing attempt is to experience one. Mistakes are really the best teachers. Employees will be exposed to real-life simulations. The purpose of these simulated attacks is to help your staff develop efficient defense mechanisms and acquire valuable decision-making skills.
Here at ATTACK Simulator, we put ourselves in the attacker’s shoes as we believe that understanding their thinking and actions is vital in designing an accurate simulation.
Here’s our comprehensive approach to phishing simulations:
- Automated attack simulation – we simulate all kinds of cyberattacks.
- Real-life scenarios – we evaluate users’ vulnerability to give company or pesonal data away using realistic web-pages.
- User behaviour analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
- Malicious file replicas – our emails contain malware file repilcas, to make the simulation as realistic as it can be.
- Interactive lessons – if employees fail to recognize our traps and fall into one, they will discover lessons on the best security practices.
As they say, better to be safe than sorry. Choose to be safe and request your quote today.