Globally, ransomware has evolved from isolated incidents into a widespread cyber threat that affects individuals, businesses, and governments. These attacks use malicious software to encrypt a victim’s files, making them unusable until the ransom payment is made. Over the years, ransomware attacks gained fame due to the impact they had and the lessons that were learned.
1. WannaCry 2017
WannaCry, a ransomware that was launched in May 2017, became one of history’s most notorious cyberattacks. The ransomware, which exploited a vulnerability known as EternalBlue in Microsoft Windows, spread quickly across 150 countries and infected over 200,000 computer systems. The ransomware attack affected services across many sectors. In the UK, NHS (National Health Service) was heavily affected. This led to cancelled appointments and ambulances being diverted. Total damage estimated to be up to $4 billion. The Lazarus Group, which has ties to North Korea, was blamed for the attack.
2. NotPetya (2017)
NotPetya was also an important destructive force in 2017. It primarily targeted Ukraine, but affected organizations around the world. It was initially marketed as ransomware but its real intent seemed to be data destruction, not financial gain. The malware spread via a corrupted Ukrainian tax software update. It crippled critical infrastructure and businesses. Total damages are estimated to be over $10 billion. This is one of the costliest cyberattacks ever. The Russian state-sponsored actor is credited with the attack, but this is still a matter of debate.
3. Colonial Pipeline (2021)
Colonial Pipeline in May 2021 was the largest refined product pipeline in the U.S. and was attacked by ransomware. The attack is attributed to DarkSide. The attack caused the shutdown of Colonial Pipeline for several days. Fuel shortages and panic-buying across the East Coast were the result. The ransom was reportedly $4.4 million. However, a portion of the money was recovered by U.S. Department of Justice. This incident brought to light the vulnerability of critical infrastructure, and led to increased cybersecurity measures within the energy sector.
4. JBS Foods (2021)
JBS Foods was the target of a ransomware assault in June 2021. The attack is attributed to REvil. The ransomware attack caused disruptions in North America and Australia resulting in the temporary shutdown of several meat-processing plants. JBS Foods had to pay an 11 million dollar ransom in order to restore its operations and mitigate the damage. The incident highlighted the vulnerability of global food supply chains to cyber threats.
5. REvil/Kaseya (2021)
The REvil ransomware group, which affects approximately 1,500 companies worldwide, exploited the vulnerability in Kaseya VSA software on July 20, 2021. The malware was spread through Kaseya software updates. The group demanded $70 million in ransom. This was one of the biggest ransomware demands ever. This incident brought to light the dangers associated with third-party providers of software and the importance of robust supply chain security.
6. Acer (2021)
The REvil ransomware was targeting Taiwanese electronics company Acer in March 2021. Attackers exploited Acer’s vulnerability to steal sensitive information and demanded $50 million in ransom. Acer confirmed that the breach occurred, but refused to disclose if it had paid the ransom. The attack raised questions about the security of internal corporate systems, and the possibility of significant data breaches.
7. Baltimore City (2019)
Baltimore City’s government systems were paralyzed in May 2019 by a RobbinHood ransomware variant. The ransomware attack cost the city more than $18 million to recover from. It disrupted email, payment portals and real estate transactions. The impact of the incident on municipal services was noteworthy, as were the challenges local governments face in protecting themselves against cyber threats.
8. Ascension Health (2024)
Black Basta, a ransomware group, attacked Ascension Health in May 2024. The attack affected patient care by disrupting access to electronic records of health and other vital systems. The breach exposed the personal information of more than 5 million people and caused estimated losses of $1.3billion, including a ransom payment of $25 million.
9. Caesars and MGM Resorts 2023
The ALPHV/BlackCat group targeted MGM Resorts and Caesars Entertainment in September 2023. Attackers exploited NCR Aloha’s point-of sale system vulnerabilities, which affected operations in multiple casinos. Caesars paid $15 million in ransom while MGM chose to restore their systems for $100 million. This incident brought to light the vulnerability of the industry in terms of cyber-threats.
10. British Library 2023
The British Library website was knocked offline in October 2023 by a cyberattack that is attributed to the Rhysida group. Attackers stole personal information and threatened to sell them online. They used double extortion techniques. The breach exposed personal data of users and raised questions about the digital assets of cultural institutions.
The conclusion of the article is:
These ransomware attacks have been widely publicized and highlight the importance of cybersecurity in all sectors. These attacks highlight the importance of timely software updates, robust measures for data protection, and comprehensive plans for incident response. Cyber threats are evolving, and organizations need to be vigilant in protecting their systems and data.
