Famous Ransomware Attacks
In the previous two parts of this series on ransomware, we looked at what ransomware is and how to prevent it from infecting your devices, as well as how to safeguard your devices from being infected. In this third and last section, we’ll look at ten of the most significant and well-known ransomware attacks that have occurred so far this century.
Locky was initially used in an attack in 2016 by a hacker collective known as the Shadow Brokers. They were able to encrypt more than 160 file types and propagate their malware using phishing emails that contained infected attachments. Users fell for the email ruse and had the malware installed on their systems as a result. This way of disseminating information is known as phishing, which is a type of social engineering. The ransomware known as Locky targets file types that are frequently used by designers and developers, as well as engineers.
WannaCry is widely considered to have transformed cybersecurity forever on May 12, 2017, according to many experts. It was the largest cyberattack the world had ever seen, and it had widespread ramifications in the worlds of business, politics, hacking, and the cybersecurity industry. It was the most devastating attack the world had ever witnessed.
WannaCry infected over 300 businesses in 150 countries, causing widespread damage. Even after the kill-switch was discovered, the virus continued to torment all systems and data that it had come into touch with until it was discovered. According to estimates, the overall cost will exceed $4 billion, with the NHS in the United Kingdom alone facing losses of more than £92 million. Even though the Lazarus Group, which has significant ties to North Korea, was identified as the perpetrator of the attack, the specifics of what happened
3. Bad Rabbit
Bad Rabbit was a ransomware assault that took place in 2017 and propagated through drive-by attacks on computers. The victim of a drive-by ransomware attack is a user who visits a website without realizing that it has been hijacked by hackers. All that is required in most drive-by attacks is for a user to visit a page that has been hacked in this manner — rather like Little Red Riding Hood and her grandmother/wolf in the story of Little Red Riding Hood. Bad Rabbit instructed the user to run a bogus Adobe Flash installation, which resulted in the computer being infected with malware.
Ryuk ransomware is an encryption Trojan that first appeared in the summer of 2018 and has since prevented the recovery functions on Windows operating systems from working. As a result, restoring encrypted data was impossible without the use of an external backup. In addition, Ryuk encrypts network hard discs. The consequences were devastating: according to reports, the majority of the US firms that were attacked paid the ransom amounts. The overall amount of damage is expected to be more than $650,000.
5. Sodinokibi (Ravil)
In 2019, the ransomware Sodinokibi (also known as Ravil) made its debut appearance. This ransomware is distinguished by its advanced evasion capabilities as well as the enormous number of efforts it employs to avoid being detected and stopped. It was used to infect a wide variety of targets all around the world with ransomware. Europe, the United States, and India were the primary targets of the strikes. Its various infection channels include the use of known security vulnerabilities as well as the use of email phishing operations, among other things.
In April 2021, the group responsible for Sodinokibi claimed to have hacked into the computer network of Quanta, a Taiwanese business that manufactures MacBook laptop computers. They demanded $50 million in exchange for the encryption key, but Quanta refused to budge. The gang followed through on its threats and posted several MacBook schematics and component descriptions shortly after the public back-and-forth had concluded. Two of the cybercriminals were apprehended and arrested just a couple of weeks ago.
CryptoLocker was another Trojan that tormented the internet throughout the 2013/14 year period. It was distributed through the use of phishing emails (and malicious attachments). It acted in the same way as many viruses do: by encrypting victims’ data and then demanding a ransom in exchange for the ability to decrypt the contents (normally 400 USD or Euro).
Eventually, it was brought down by several agencies, including the FBI and Interpol, as part of Operation Tovar. However, estimating the economic harm has proven difficult because the numbers of those who paid the ransom appear to be considerably varied depending on the source; nonetheless, it was in the millions of dollars.
Ransomware assault Petya occurred in 2016 and was reborn as GoldenEye the following year. Instead of encrypting specific files on the victim’s computer, this malignant ransomware encrypted the entire hard disc of the victim. This was accomplished by encrypting the Master File Table (MFT), making access to the data virtually impossible. Petya ransomware spread to corporate human resources departments with a bogus application that contained a Dropbox link that was infected with the ransomware. Petya 2.0 is the name of another variation of the virus, and both are equally lethal to the victim’s electronic gadget.
The resurgence of Petya as GoldenEye resulted in a widespread ransomware infestation throughout the world in 2017. GoldenEye, often known as WannaCry’s “deadly sister,” was responsible for more than 2,000 attacks. Among the victims were major Russian oil producers as well as several financial institutions. Because they were locked out of their Windows operating system by GoldenEye, the staff at the Chernobyl nuclear power facility were forced to physically check their radiation levels.
It was revealed in in June 2017 that a new ransomware strain had emerged. NotPetya spread fast throughout Europe, primarily targeting financial institutions, airports, and energy organizations. Because this ransomware attack is expected to have caused $10 million in damage, it has been dubbed “one of the most damaging ransomware attacks in history.”
It manually restarts victims’ computers, encrypts the hard-master disk’s file table (MFT), and then makes the master boot record (MBR) inoperable, preventing access to the system. NotPetya does this by stealing the victim’s login credentials and the location on the physical disc of the victim’s computer. When NotPetya has finished infecting one computer, it scans the rest of the local network and infects all other machines connected to the same network.
SamSam ransomware was first discovered in late 2015 and has grown in scope significantly over the years since. Its creators are extremely picky about the organizations they choose as targets: in short, they choose those that are most likely to pay to have their data returned, such as hospitals and universities. The ransoms requested are significantly more than the market average, with the most recent demand reaching $6 million in ill-gotten gains.
SamSam ransomware exploits security flaws to get access to the victim’s network; alternatively, it employs brute-force tactics against weak passwords to acquire access to the victim’s data. Following their entry into the network, cybercriminals use a variety of hacking techniques to improve their privileges until they reach the domain administrator account.
It is our wish that you have enjoyed reading this essay, everyone. As always, if you found it useful and/or interesting, please SHARE it with your family and friends to assist in keeping the internet community safe and secure.