Cyber actors have been exploiting different online means to trick people and demand hefty ransom. They gain unauthorized access to systems and then steal, encrypt, or intercept sensitive information to blackmail reputed companies.
Here, we have gathered the 8 most nefarious ransomware attacks so that you can learn from the mistakes and solidify your cybersecurity systems.
Colonial Pipeline
On May 7, 2021, Colonial Pipeline, an American oil pipeline giant, experienced a ransomware attack emerging from stolen passwords and data from the company’s server. The attack impacted digital operations and alarmed a condition of regional emergency in 17 states and Washington, DC.
Colonial Pipeline paid off DarkSide, a ransomware-as-a-service group, 75 Bitcoins that were equivalent to 4.4 million USD in exchange for system restoration through a tool provided by the hackers. However, a month later, the Department of Justice announced the recovery of 63.7 Bitcoins, equivalent to 2.3 million USD. Their operations resumed on May 12, with partial services affected for a few more days.
WannaCry
On May 12, 2017, the WannaCry ransomware attack hit more than 200,000 computers spanning across 150+ countries, impacting reputed firms like FedEx, Honda, Nissan, and the UK’s National Health Service. The threat was soon contained when a security blogger cum researcher identified a ‘kill switch.’
Apparently, the worm involved in this mass cyberattack was efficient in targeting only old and unpatched computer devices, and many of them were affected. These devices remained encrypted and inoperable until victims paid ransom. The accumulated ransom collection was in millions, although no specific amount came to light.
The WannaCry worm emerged by exploiting the ‘EternalBlue’ vulnerability developed by the US National Security Agency that was later made public by the Shadow Brokers.
Image sourced from lumen.com
Universal Health Services
Universal Health Services declared being victim to the infamous Ryuk ransomware attack in September 2020, in which business operations, primarily driven by their technical system, were halted for almost a month. The one of the Fortune 500 hospital and healthcare service providers lost almost $67 million to this attack.
Ryuk is an ill-famed ransomware that attacks sizeable Microsoft Windows cybersystems linked with public entities. It works by getting unauthorized access to data, followed by its encryption until a ransom is paid in untraceable Bitcoins. Many factors have indicated its origin in Russia, although nothing has been confirmed yet.
Costa Rican Government
Several government departments of Costa Rica, including the Ministry of Finance, the Ministry of Science, Innovation, Technology and Telecommunications, the National Meteorological Institute, and the Ministry of Labor and Social Security, amongst others, were victims of an extensive online assault that started on April 17, 2022. It began with the implantation of malware into the system of the Finance Ministry, which subsequently extended to other departments.
The attack costed a daily loss of 30 million USD as the former president, Carlos Alvarado, initially denied paying the demanded ransom of 10 million USD. This triggered the Conti ransomware group to release nearly all 672 GB of the pilfered data. Restoration of systems took several months, during which the newly elected president, Rodrigo Chaves Robles, declared a state of emergency.
Glenn County Office of Education
On May 10, 2022, the GCOE paid a $400,000 ransom to Quantum cyberactors in exchange for the decryption key for 160GB of stolen data. The breach led to a shutdown of the phones and internet services of GCOE.
JBS, USA
On May 30, 2021, JBS S.A., a Brazilian meat processing giant, became the victim of a ransomware attack that halted its beef and pork slaughterhouses in the USA, Canada, and Australia. There was a temporary shutdown of services across Utah, Texas, Wisconsin, and Nebraska, which had a major impact observed in Pennsylvania. Not just this, the company has to stand down almost 7,000 Australian employees on June 2.
The attack halted USDA’s wholesale beef and pork price reporting on June 1, prompting concerns about meat production shortfalls and price increases. JBS aimed to resume most of its operations on June 2. The incident shed light on industry consolidation vulnerabilities, emphasizing potential repercussions on production if one of the major meat producers reduces output.
In response to the cyberattack, JBS paid hackers an $11 million ransom in Bitcoins.
Maersk
In August 2017, a Danish shipping company, A.P. Moller-Maersk, was hit by a giant cyberattack induced by a Russian hacking group in the form of Petya ransomware. It emerged with the installation of an accounting software patch that was maliciously infected and spread across the whole network. The company contained its spread and harm but had to temporarily pause multiple systems and lost business in addition to a hefty ransom of 300 million USD.
The attack wasn’t restricted to just Maersk but was extended to other shipping giants in the industry, like FedEx and TNT. The accumulated damage summed up to 10 billion USD.
Petya aimed not only to encrypt the files on the infected devices but also to completely erase or overwrite them, which made the recovery process impossible. After the attack, Maersk faced a two-week recovery period to restore its computer operations.
Minneapolis Public Schools
In March 2023, Medusa, an infamous hacking group, demanded 1 million USD from Minneapolis Public Schools for not disclosing the information they stole earlier by gaining unauthorized access to their system through social engineering. The cyber actors offered a 1-day extension to the data publication deadline in exchange for an additional 50,000 USD.
However, MPS refused to pay off the ransom and rather focused on restoring the data encrypted by hackers using internal backups. This triggered them to make the data public, which included sexual assault case folios, medical records, discrimination complaints, SSNs, and contact details of district employees.
What’s the Overall Take?
Anyone and everyone can fall victim to ransomware attacks if proper ransomware protection and cybersecurity mechanisms aren’t deployed and monitored. Moreover, it’s extremely important to have a backup email of your data to avoid paying off a hefty ransom and reduce downtime in case a cyber menace succeeds. Regularly backing up your critical information can be a lifesaver in the event of a ransomware attack. This way, they would be partially successful!