Ransomware is big business, sometimes causing millions of dollars in damage. It’s no wonder cybercriminals are so inventive in this area. Let’s look at some of the most notable ransomware examples and the damage they did.
Here are some of the most famous ransomware cases (in our blog you can also read about how ransomware works). They differ in their methods, numbers of users affected, targets, but they all had one thing in common – massive real or potential damage.
This was one of the largest ransomware attacks ever, having extorted over 3 million USD. It used a Trojan to target Windows computers. By using compromised emails and a botnet for dissemination, it encrypted files with keys stored in the cybercriminals’ servers. They demanded that victims pay the ransom before the deadline or else they’d destroy the encryption key. Usually, the ransom simply increased after the deadline. Luckily, law enforcement shut down the botnet and retrieved the decryption keys. However, the “success” of Cryptolocker inspired various copycat ransomware attacks.
WannaCry used vulnerabilities in outdated versions of Windows to inject a file-encrypting virus (this is why it’s so important to always update your devices). It employed an exploit developed by the US National Security Agency and leaked by The Shadow Brokers hacker group. Thus, hackers were able to spread ransomware without users even activating anything.
The cybercriminals behind WannaCry demanded 300 – 600 USD in Bitcoins for decryption. The authorities managed to stop the attack, however, and further investigations identified two North Korean hackers as the culprits. WannaCry illustrated the importance of updating your systems to prevent attacks.
This one caused a lot of damage to governmental and healthcare organizations in the US. It used brute-force attacks to crack weak passwords. Hackers spread it by using phishing emails. The FBI is still searching for the two cybercriminals behind it. They extorted over 6 million USD and caused damage worth 30 million.
Locky is email-distributed ransomware that requires active user participation. It sends them a document requiring them to enable macros, which are recorded sequences of virtual events. If the user agrees, the ransomware downloads a Trojan that encrypts files with particular extensions. To decrypt them, users are instructed to use the Tor browser and to follow further instructions. It all ends up with a Bitcoin payment demand.
This one is pretty scary. Reveton shows you a fake law-enforcement warning claiming that they have locked your computer due to illegal activities (e.g., child pornography, pirate software, drugs, etc.), and that you must pay a fine. Of course, the fine is also fake and goes straight to the cybercriminals’ pockets.
Cerber is an example of ransomware-as-a-service (RaaS). RaaS means that cybercriminals can use its networks and resources, but must share a percentage of their profit with its creators. Basically, they rent someone else’s ransomware infrastructure.
Cerber targets Microsoft Office 365 users in post-soviet countries. This malware is difficult to trace as it runs in the background, silently encrypting all users’ files.
Fusob ransomware infects mobile devices. Like Reveton, it intimidates users by masquerading as a legal authority and demands that fines be paid using an iTunes gift card. It targets Western European and US users. Cybercriminals spread it using a video player for adult video content. When installed, it locks the device and asks for a ransom.
Cybercriminals inject this malware using a compromised Flash update. Users with compromised Flash could catch this infection while browsing legitimate websites. Then comes the usual narrative – the encryption of your files and a ransom demand.
As we see from the examples above, the tactics of ransomware differ, but the outcome is usually the same. Yet, we can distinguish several types of it:
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!