Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Real-life ransomware examples and the damage they did

Ransomware is big business, sometimes causing millions of dollars in damage. It’s no wonder cybercriminals are so inventive in this area. Let’s look at some of the most notable ransomware examples and the damage they did.

Real-life ransomware examples and the damage they did

Ransomware examples

Here are some of the most famous ransomware cases (in our blog you can also read about how ransomware works). They differ in their methods, numbers of users affected, targets, but they all had one thing in common – massive real or potential damage.


This was one of the largest ransomware attacks ever, having extorted over 3 million USD. It used a Trojan to target Windows computers. By using compromised emails and a botnet for dissemination, it encrypted files with keys stored in the cybercriminals’ servers. They demanded that victims pay the ransom before the deadline or else they’d destroy the encryption key. Usually, the ransom simply increased after the deadline. Luckily, law enforcement shut down the botnet and retrieved the decryption keys. However, the “success” of Cryptolocker inspired various copycat ransomware attacks.


WannaCry used vulnerabilities in outdated versions of Windows to inject a file-encrypting virus (this is why it’s so important to always update your devices). It employed an exploit developed by the US National Security Agency and leaked by The Shadow Brokers hacker group. Thus, hackers were able to spread ransomware without users even activating anything.

The cybercriminals behind WannaCry demanded 300 – 600 USD in Bitcoins for decryption. The authorities managed to stop the attack, however, and further investigations identified two North Korean hackers as the culprits. WannaCry illustrated the importance of updating your systems to prevent attacks.


This one caused a lot of damage to governmental and healthcare organizations in the US. It used brute-force attacks to crack weak passwords. Hackers spread it by using phishing emails. The FBI is still searching for the two cybercriminals behind it. They extorted over 6 million USD and caused damage worth 30 million.

SamSam taught us a lesson: use strong passwords to protect our data. Our NordPass tool can memorize your complex passwords and make you safer.


Locky is email-distributed ransomware that requires active user participation. It sends them a document requiring them to enable macros, which are recorded sequences of virtual events. If the user agrees, the ransomware downloads a Trojan that encrypts files with particular extensions. To decrypt them, users are instructed to use the Tor browser and to follow further instructions. It all ends up with a Bitcoin payment demand.


This one is pretty scary. Reveton shows you a fake law-enforcement warning claiming that they have locked your computer due to illegal activities (e.g., child pornography, pirate software, drugs, etc.), and that you must pay a fine. Of course, the fine is also fake and goes straight to the cybercriminals’ pockets.


Cerber is an example of ransomware-as-a-service (RaaS). RaaS means that cybercriminals can use its networks and resources, but must share a percentage of their profit with its creators. Basically, they rent someone else’s ransomware infrastructure.

Cerber targets Microsoft Office 365 users in post-soviet countries. This malware is difficult to trace as it runs in the background, silently encrypting all users’ files.


Fusob ransomware infects mobile devices. Like Reveton, it intimidates users by masquerading as a legal authority and demands that fines be paid using an iTunes gift card. It targets Western European and US users. Cybercriminals spread it using a video player for adult video content. When installed, it locks the device and asks for a ransom.

Bad Rabbit

Cybercriminals inject this malware using a compromised Flash update. Users with compromised Flash could catch this infection while browsing legitimate websites. Then comes the usual narrative – the encryption of your files and a ransom demand.

Types of ransomware

As we see from the examples above, the tactics of ransomware differ, but the outcome is usually the same. Yet, we can distinguish several types of it:

  • Scareware often tries to scare you with fake notifications from law enforcement agencies and lure you into paying a fake fine. Also, it can prompt you to download fake antivirus software by telling you that you have viruses. Usually, scareware is not dangerous if you can see through the bluff and ignore its suggestions;
  • Leakware (also known as doxware) does not encrypt or lock your files but threatens to expose your stolen data to the public if you do not pay the ransom. Usually, it targets either sensitive data or data that could damage the user’s reputation;
  • Mobile ransomware. As the title suggests, this malware focuses on mobile devices;
  • Encrypting ransomware. This type uses encryption to lock your files. Hackers own the decryption key, without which you won’t be able to access your data;
  • Locker ransomware does not encrypt your files but restricts your access to your system.

We value your privacy

This website uses cookies to provide you with a safer and more personalized experience. By accepting, you agree to the use of cookies for ads and analytics, in line with our Cookie Policy.