Top 5 Examples of Devastating Ransomware Attacks

In this article:
    Add a header to begin generating the table of contents
    Many of us rely on computers in our daily lives, so not being able to access the files housed in your system can be paralysing. Unfortunately, cybersecurity threats are on the rise, most prominently ransomware attacks. 

    Meet With A Veeam Specialist

    A form of social engineering, ransomware attacks occur when a user or organisation’s data is encrypted, making it impossible to access files and applications. The encryptor demands a ransom in return for the decryption key that allows you to access the system again. Once a ransom is paid, you regain control of your system, but there is always a chance some files are lost or the system is permanently altered.  Recent ransomware statistics are pretty frightening. 35% of organisations were hit by ransomware in 2021, and while only a small percentage paid the money demanded, the financial implications were considerable.1 It cost organisations an average of £1.57 million to fix the problems caused by attacks in 2021, up from £670,000 in 2020.2 That’s why protecting your organisation is vital. In this article, we will examine five real-life ransomware attack examples and the consequences they can have. Let’s dive straight into the first one.

    Protect your business from the
    threat of ransomware

    Use our instant quote generator to get the best prices on security solutions that will protect your data from ransomware

    #1 Lapsus$

    Lapsus$ is a cyber-criminal gang believed to be from South America that is well-acquainted with ransomware. This ransomware group is known for hacking into the systems of large organisations to steal data and demand large payments. Their most high-profile victims include:
    • Samsung
    • Microsoft
    • Nvidia 
    Lapsus$ was also behind another well-publicised attack that took place in January 2022. The group hacked into the system computer of Okta, a prominent American identity and access management firm in San Francisco, gaining access to the company’s operating system, which allowed them to view customer information and perform administrative functions. Rather than keeping stolen data inaccessible if their demands aren’t met like many traditional ransomware attacks, Lapsus$ threatens to leak it. This was the case with the Okta breach, and despite the fact that the problem turned out to be smaller than initially thought, customer trust is likely to be significantly eroded. The key takeaway is that if this trust is broken, it can be very difficult for an organisation to regain customer confidence. This can ultimately pose a bigger threat to an organisation’s long-term future than a ransomware attack itself.  

    #2 WannaCry

    One of the most publicised ransomware attacks to date occurred in May 2017. The worldwide operation, known as WannaCry, attacked hospitals, banks, and businesses across the globe, with both the US and UK governments claiming North Korea was responsible for the attack.3 The hack used a computer exploit known as EternalBlue, which is said to have been initially developed by the US National Security Agency. Over 300,000 computers in 150 countries were targeted, and the cost to the victims is estimated to be in the billions. WannaCry targeted computers running the Microsoft Windows operating system and encrypted data before the perpetrators demanded a ransom. The attackers initially demanded victims pay £240 in bitcoin but subsequently increased this to £480. The ransom note stated that if victims didn’t pay up, their files would be deleted permanently. That wasn’t the end of the story, as it turned out the coding used in the WannaCry attack was faulty. As a result, most of the victims who paid the ransom never got their files back. The consequences of the attack were still significant. In the UK, WannaCry compromised the computer systems in one-third of NHS hospitals, impacting surgeries, diverting ambulances, and cancelling 19,000 appointments, incurring costs of around £92 million.  

    Be prepared for any type of ransomware attack 🛡️ – Configure your bespoke cybersecurity quote today!


    #3 SamSam

    While it might be the most well-known, WannaCry isn’t the only example of a ransomware attack targetting public institutions in recent years. In March 2018, the SamSam group, allegedly operating out of Iran, attacked 13 local government departments in Atlanta. SamSam deployed a type of ransomware infection that “spies” on a system for a lengthy period of time without detection. This custom infection is used in targeted, brute-force attacks, and can have devastating consequences for organisations.  Unsurprisingly, the attack had significant consequences across the city, including:
    • A crippled the court system
    • Obstruction of the completion of paperwork in the Atlanta Police Department 
    • Residents being unable to pay their water bill
    • Limited communications related to sewer infrastructure 
    The criminals demanded a ransom in bitcoin of around £52,000.4 But that doesn’t tell the full story. It was reported that, in total, the attack cost the city of Atlanta somewhere within the region of $17 million.5  

    #4 Ryuk

    Ryuk is a type of ransomware associated heavily with the hacking group Wizard Spider. It utilises computer malware to install itself after gaining access to a network’s servers and is best known for targeting large, public-entity Microsoft Windows cybersystems.  Its origins are unclear, having been linked to cybercriminals in Russia and North Korea. Like some other examples on this list, this type of ransomware encrypts data, rendering it inaccessible until a ransom is paid in untraceable bitcoin. Sometimes this is done through phishing emails that act as bait for system users. In keeping with the recent increase we’ve seen in attacks, 2019 and 2020 saw several cities in Florida targeted by Ryuk ransomware. Its targets included the Volusia County library system and the Tampa Bay Times. As is often the case with these attacks, very large sums of money were paid in ransoms so that organisations could regain access to vital data. For example, Lake City, a city with a population of just over 65,000, ended up paying the ransom of almost $500,000 demanded by the hackers.6  

    #5 CryptoLocker

    From September 2013 until sometime late in May 2014, Cryptolocker ransomware effectively targeted Microsoft Windows users’ systems. By mid-December 2013, it was reported that there were between 200,000 and 250,000 infected computers as a result of the attacks.7 In this example, the attackers used ransomware to encrypt files before demanding a ransom from the businesses and individuals they had successfully targeted. The victims of these attacks were forced to pay a set amount within 72 hours in order to regain control of their files. The perpetrators utilised the AIDS Trojan, also known as the PC Cyborg virus, to encrypt files to carry out their attacks. This meant that a decryption tool or encryption key was essential to stop the attacks and recover any affected files. Cryptolocker turned out to be a prolific and aggressive form of ransomware, often making its way onto a system via phishing emails that included malicious attachments. Reports suggested that the operators procured seven or possibly eight-digit sums in ransom payments for their efforts.8 As with each of these examples, the message is clear — working to proactively protect yourself and your organisation is far more cost-effective and secure than dealing with the consequences of a ransomware attack.  

    Get the support you need to protect your organisation

    The current threat landscape, which now includes Ransomware as a Service being available on the dark web, alongside the consequences of a successful attack we’ve explored above, demonstrates that it’s never been more important to have a robust cybersecurity strategy. This can be done in-house, but that requires significant time, money, expertise, and resources.  The reality is you need a managed IT service solution that provides you with:
    • Continuous updates and malware scanning
    • Effective threat detection
    • Ongoing cybersecurity training for staff
    At Nexstor, we’re dedicated to devising bespoke solutions for businesses by working with top cybersecurity vendors. That includes Arctic Wolf. You can check out their recent article on the attack on Okta by the Lapsus$ hacking group to find out how proactive monitoring and strategic advice can protect your organisation from the threats you face.Our goal is to make the processes of outsourcing your cybersecurity as smooth as possible so that you can focus on what really matters — serving your customers. Get in touch today to learn more about how we can support your cybersecurity efforts.

    Get advanced cyber threat
    detection and response

    Use our instant quote generator to get the best prices on security solutions across on-premise and cloud environments.

    1 Share of organizations in selected countries hit by ransomware attacks in the last year as of February 2021 2 The State of Ransomware in 2022 3 Cyber-attack: US and UK blame North Korea for WannaCry 4 Atlanta Spent $2.6M to Recover From a $52,000 Ransomware Scare 5 The Cost of SamSam Ransomware Attacks: $17 Million for the City of Atlanta 6 Second Florida city pays giant ransom to ransomware gang in a week 7 Cryptolocker ransomware has ‘infected about 250,000 PCs’ 8 Cryptolocker and its consequences for businesses
    Posted in

    Rob Townsend

    Rob is a co-founder at Nexstor and has dedicated his career to helping a range of organisations from SME to Enterprise to get ahead of the game when it comes to their compute, storage and data needs.

    Subscribe to receive the latest content from Nexstor

      By clicking subscribe you accept our terms and conditions and privacy policy. We always treat you and your data with respect and we won't share it with anyone. You can always unsubscribe at the bottom of every email.