Ransomware first became a major threat in the mid-2000s, and many businesses and individuals worldwide are targeted for ransomware attacks each year. In 2021, there were an estimated 623.3 million attacks worldwide, (opens in new tab) costing businesses billions of dollars.
Here, we take a closer look at the 10 worst ransomware attacks in history. Discover why they occurred, what happened, and the estimated financial impact of each case.
1. CNA Financial
CNA Financial, one of the United States’ largest insurer groups, was hit by a major cyberattack in March 2021. The attack involved the theft of large amounts of company data and customer information, and blocked CNA employees from logging into the network.
To initiate the attack, hackers accessed company computers and stole sensitive information. The ransomware was deployed, and a large ransom was demanded. Around two weeks after the attack, CNA paid the hackers $40m to regain access to its systems.
JBS is a major food processing company with operations worldwide. A significant ransomware attack impacted operations in the US, Canada, and Australia on May 30 2021. As a result of the attack, up to 7,000 Australians are reported to have lost their jobs.
Reports suggest that Russian group REvil was responsible for the attack, but this was never confirmed. An $11m ransom was demanded, and this was promptly paid using bitcoin.
Following the attack on JBS, at least 40 similar attacks on food production facilities have been reported.
In early 2020, global technology and communications giant Garmin was hit by a severe ransomware attack. The WastedLocker ransomware program was used to encrypt data across the company’s systems, and a $10m payment was demanded for the decryption key.
This was an interesting attack, as US sanctions against the group thought to be behind it, Russia-based Evil Corp, made it difficult for Garmin to legally pay the ransom. Garmin reportedly got around this and paid up by using a third-party digital security firm as a go-between.
4. Colonial Pipeline
2021 was the year of the ransomware attack, with another major incident occurring in early May. A cyberattack disabled the computers used to manage an oil pipeline controlled by Colonial Pipeline, completely disabling operations for five days. A $4.4m ransom was demanded, and it was paid under the supervision of the FBI within hours. Many days passed before operations were back to normal.
The DarkSide cybercriminal group is thought to be responsible for the Colonial Pipeline attack. It’s also somewhat unique, as the FBI was able to recover the majority of the bitcoins used to settle the ransom.
London-based foreign currency exchange, Travelex, was hit by a major cyberattack on New Year’s Eve 2019. This crippled its network and resulted in business interruptions for several months.
The original ransom demand was $6m, but this was negotiated down to $2.3m after a few weeks of talks. The Sodinokibi gang is thought to have been behind this attack.
6. Costa Rican government
In April 2022, the Costa Rican government was attacked by Russia-based Conti. It stole hundreds of gigabytes of sensitive data, including financial information stolen from the Ministry of Finance. The country refused to pay the $10m ransom and has been seriously affected in the months since.
A state of national emergency was declared on May 8 2022, demonstrating the severity of the attack.
RobbinHood is modern ransomware that attacks high-value targets, and usually demands three to 13 bitcoins in ransom. It typically uses brute force attacks or trojans to gain access to company and organization networks.
Once access is gained, important files and data are encrypted and ransom demands are left on the affected device. Companies usually have four days to pay the ransom in full, with $10,000 added for each day the payment is late.
The CryptoWall ransomware is a consumer-level program that encrypts devices and demands a ransom for a decryption key. It’s a spin-off of the CryptoLocker ransomware that was popular in the mid-2010s, and it continues to be updated to outsmart modern cybersecurity technology.
The good news is that CryptoWall is usually spread via spam emails and dodgy web links, and can be blocked by using an up-to-date antivirus program.
See our list of the best antivirus software (opens in new tab).
In May 2017, another consumer-level ransomware attack was launched. The WannaCry ransomware cryptoworm was first detected on May 12, and around 230,000 computers are thought to have been infected on the first day. Fortunately, the attack was halted quickly by global authorities and security firms.
The ransomware cryptoworm gained access to devices that hadn’t installed a recently released Microsoft security patch, and then encrypted data. A $300 payment was demanded for the decryption key, and a large number of people complied. However, reports suggest that people didn’t get their data back even after paying up.
10. The PC Cyborg
The first ever ransomware program was known as AIDS, or the PC Cyborg. It was launched in 1989 and was mailed on a floppy disk to thousands of AIDS organizations worldwide. The man behind the attack, Dr Joseph Popp, demanded that $189 be sent to a PO box in Panama, to prevent infected computers from being rendered unusable.
This attack had the potential to be much more severe, as authorities apprehended Popp before he could mail an estimated two million copies worldwide.
In this article, we’ve explored a few of the worst ransomware attacks in history. Although it’s unlikely you will be subject to a million-dollar ransom, you could be targeted for a smaller amount if your security systems aren’t up to date.
Take a closer look at our guide to the best ransomware protection (opens in new tab) available today. Or, discover why ransomware is a growing threat to businesses (opens in new tab) and read about the rise in attacks in recent times (opens in new tab).