History of the largest ransomware attacks in the world
History of the largest ransomware attacks in the world
In this article, the world’s largest ransomware attacks are compiled and examined.
The history of technology is full of unintended consequences. Bitcoin, for example, was not initially designed as a means of paying ransoms to criminals, but it quickly became a significant tool for online criminals.
Ransomware is a type of malware that blocks access to a computer or network until a specified payment is made. Attacks continue despite government efforts to regulate cryptocurrencies and reduce their role in facilitating ransomware payments.
According to data published by Chainalysis, cryptocurrency payments in the ransomware field in 2020 totaled $350 million, representing an annual increase of more than 300% compared to 2019. This estimate may be significantly higher, as US companies are only legally required to report cyberattacks if the personal information of their customers is compromised.
The following are some of the significant events in the field of ransomware attacks, listed in chronological order from 1989 to 2021. You can see the evolution of ransomware attacks by reading this information.
- Kaseya- 2021
- JBS – 2021
- Colonial Pipeline – 2021
- Brenntag-2021
- CNA Financial – 2021
- CWT-2021
- University of California – 2020
- Travelex – 2019
- WannaCry-2019
- Locky – 2016
- TeslaCrypt – 2015
- CryptoWall – 2014
- AIDS Trojan/PC Cyborg – 1989
Kaseya- 2021
On July 2, 2021, Kaseya announced that its systems had been compromised. Who provides IT services to other companies is, therefore, an ideal goal, as by penetrating this market, one can access and influence the information of nearly 1,500 organizations across several countries. According to Reuters, Ravil, a cybercrime group, claimed responsibility for the attack and demanded ransoms ranging from several thousand to several million dollars.
It is currently unknown what he will do after leaving the post, but REvil has demanded approximately $70 million in bitcoin. The company refused to pay this astronomical sum and instead decided to cooperate with AFBI and the US Cybersecurity and Infrastructure Agency. On July 21, 2021, Xia created a global decryption key and distributed it to affected organizations.
JBS – 2021
On May 31, 2021, JBS USA, one of the largest meat suppliers in the United States, discovered that hackers had targeted it. This led JBS to temporarily shut down five large factories in the United States. The ransomware also disrupted the company’s operations in Australia and the United Kingdom. JBS paid $11 million in bitcoins to hackers to prevent further disruption and limit the impact on grocery stores and restaurants. AFBI attributed the hack to Ravil.
Colonial Pipeline – 2021
On May 7, 2021, the Colonial Pipeline, America’s largest petrochemical pipeline, went offline after a hacker group called Darkside. The Colonial Pipeline spans over 5,500 miles and transports more than 100 million gallons of fuel daily. The impact of the attack was significant. In the following days, the average price of a gallon of gasoline in the United States rose to more than $3 for the first time in seven years, as drivers rushed to the gas station.
Brenntag – 2021
On April 28, 2021, Brenntag, a German chemical distributor, discovered that DarkSide had been the target of a cyberattack. The group stole 150 GB of information and announced that it would disclose it if the specified amount were not paid. After negotiating with the criminals, Brenntag discussed the requested $7.5 million and reduced it to $4.4 million; the amount was paid on May 11.
CNA Financial – 2021
On March 23, 2021, CNA Financial, the seventh-largest commercial insurer in the United States, announced that it had suffered a complex cybersecurity attack. The attack was carried out by a group known as the Phoenix, which used ransomware called the Phoenix Locker. Finally, CNA Financial paid $40 million in May to retrieve the information. The CNA did not disclose the details of the deal, but he stated that all of the company’s systems have been fully restored since then.
CWT – 2020
On July 31, 2020, the American Business Travel Management Company (CWT) announced that it had been targeted by ransomware, which had infected its systems. The company stated that it had been compelled to pay a ransom to hackers. Using ransomware called Ragnar Locker, the attackers claimed to have stolen companies’ sensitive files and taken 30,000 computers offline.
As a service provider to one-third of S&P companies, data dissemination can be catastrophic for the CWT business. The company paid approximately $4.5 million to the hackers on July 28, just days before Reuters reported the incident.
University of California – 2020
On June 3, 2020, the University of California, San Francisco, revealed that its UCSF Medical School IT systems had been compromised by a hacker group called Netwalker on June 1. The medical research institute was working on the coronavirus treatment.
Netwalker researched UCSF, hoping to learn more about its finances. Netwalker has demanded a $ 3 million ransom, citing billions of dollars in annual revenue from the University of California. Following the negotiations, the university paid Netwalker $ 1,140,895 in bitcoin. Netwalker is also blamed for at least two other ransomware attacks on universities in 2020, according to the BBC.
Travelex – 2019
On New Year’s Eve 2019, the London-based foreign exchange company Travelex was attacked by a ransomware group called Sodinokibi (also known as REvil). The attackers gained access to 5 GB of customer information, including date of birth, credit card information, and insurance details. Travelex has shut down its website in 30 countries as part of an effort to curb ransomware.
WannaCry – 2017
In May 2017, a ransomware called WannaCry infected computers worldwide by exploiting a vulnerability in Microsoft Windows. The WannaCry vulnerability was revealed in April 2017 during a massive leak of NSA documents and hacking tools engineered by a group called the Shadow Brokers.
Locky – 2016
The Locky ransomware, discovered in February 2016, is notable for its numerous intrusions into computer networks. Attacks are typically carried out in the form of an email with an invoice attached, claiming to be from a company employee. On February 16, 2016, Check Point performed an analysis that identified more than 50,000 Locky attacks in a single day.
TeslaCrypt – 2015
The first TeslaCrypt prototypes were released in November 2014, but the ransomware was not widely circulated until March of the following year. The ransomware is reportedly based on a previous model called CryptoLocker.
TeslaCrypt initially targeted gamers. After the computer is infected, a window opens and instructs the user to pay a $ 500 Bitcoin ransom to unlock the infected system. Other sources indicate that the demand for Bitcoins fluctuated between $250 and $1,000. In May 2016, the developers of TeslaCrypt released a decryption key for infected users, which allowed them to unlock their computers.
CryptoWall – 2014
Extensive reports of computer systems infected with CryptoWall ransomware were released in 2014. Infected computers could not access the files; Unless the owner pays for access to a decryption app. CryptoWall has affected systems worldwide. The attackers demanded payment in the form of prepaid cards or bitcoins. Additionally, CryptoWall ransomware has caused approximately $18 million in damage, according to Help Net Security. Numerous versions of CryptoWall have been released, making it more difficult to track and combat.
AIDS Trojan / PC Cyborg – 1989
As a model for all subsequent attacks, the AIDS Trojan (also known as PC Cyborg) is the first known example of a ransomware attack. In 1989, more than a decade before Bitcoin was created, a biologist named Joseph Pope distributed 20,000 floppy disks at the World Health Organization AIDS Conference in Stockholm. The floppy disks were labeled “AIDS Information – Preliminary Disks” and contained a Trojan virus that installed itself on MS-DOS systems.
When the virus is installed on the computer, it counts the number of times the computer is booted. When the computer was booted 90 times, the virus hid all the directories and encrypted the filenames. An image of PC Cyborg Corporation was then displayed on the screen, stating that users should send $189 to the Panama Post Office address. The decoding process was relatively simple, but security researchers have released a free tool to help victims.
Conclusion
So it was the history of ransomware over time. What do you think about this hacking method? Have you ever been a victim of them?
