Many of us rely on computers in our daily lives, so not being able to access the files housed in your system can be paralysing. Unfortunately, cybersecurity threats are on the rise, most prominently ransomware attacks.
A form of social engineering, ransomware attacks occur when a user or organisation’s data is encrypted, making it impossible to access files and applications. The encryptor demands a ransom in return for the decryption key that allows you to access the system again. Once a ransom is paid, you regain control of your system, but there is always a chance some files are lost or the system is permanently altered.
Recent ransomware statistics are pretty frightening. 35% of organisations were hit by ransomware in 2021, and while only a small percentage paid the money demanded, the financial implications were considerable.1 It cost organisations an average of £1.57 million to fix the problems caused by attacks in 2021, up from £670,000 in 2020.2 That’s why protecting your organisation is vital.
In this article, we will examine five real-life ransomware attack examples and the consequences they can have. Let’s dive straight into the first one.
#1 Lapsus$
Lapsus$ is a cyber-criminal gang believed to be from South America that is well-acquainted with ransomware. This ransomware group is known for hacking into the systems of large organisations to steal data and demand large payments. Their most high-profile victims include:
- Samsung
- Microsoft
- Nvidia
Lapsus$ was also behind another well-publicised attack that took place in January 2022. The group hacked into the system computer of Okta, a prominent American identity and access management firm in San Francisco, gaining access to the company’s operating system, which allowed them to view customer information and perform administrative functions.
Rather than keeping stolen data inaccessible if their demands aren’t met like many traditional ransomware attacks, Lapsus$ threatens to leak it. This was the case with the Okta breach, and despite the fact that the problem turned out to be smaller than initially thought, customer trust is likely to be significantly eroded.
The key takeaway is that if this trust is broken, it can be very difficult for an organisation to regain customer confidence. This can ultimately pose a bigger threat to an organisation’s long-term future than a ransomware attack itself.
#2 WannaCry
One of the most publicised ransomware attacks to date occurred in May 2017. The worldwide operation, known as WannaCry, attacked hospitals, banks, and businesses across the globe, with both the US and UK governments claiming North Korea was responsible for the attack.3
The hack used a computer exploit known as EternalBlue, which is said to have been initially developed by the US National Security Agency. Over 300,000 computers in 150 countries were targeted, and the cost to the victims is estimated to be in the billions.
WannaCry targeted computers running the Microsoft Windows operating system and encrypted data before the perpetrators demanded a ransom. The attackers initially demanded victims pay £240 in bitcoin but subsequently increased this to £480. The ransom note stated that if victims didn’t pay up, their files would be deleted permanently.
That wasn’t the end of the story, as it turned out the coding used in the WannaCry attack was faulty. As a result, most of the victims who paid the ransom never got their files back.
The consequences of the attack were still significant. In the UK, WannaCry compromised the computer systems in one-third of NHS hospitals, impacting surgeries, diverting ambulances, and cancelling 19,000 appointments, incurring costs of around £92 million.
Be prepared for any type of ransomware attack 🛡️ – Configure your bespoke cybersecurity quote today!
#3 SamSam
While it might be the most well-known, WannaCry isn’t the only example of a ransomware attack targetting public institutions in recent years. In March 2018, the SamSam group, allegedly operating out of Iran, attacked 13 local government departments in Atlanta.
SamSam deployed a type of ransomware infection that “spies” on a system for a lengthy period of time without detection. This custom infection is used in targeted, brute-force attacks, and can have devastating consequences for organisations.
Unsurprisingly, the attack had significant consequences across the city, including:
- A crippled the court system
- Obstruction of the completion of paperwork in the Atlanta Police Department
- Residents being unable to pay their water bill
- Limited communications related to sewer infrastructure
The criminals demanded a ransom in bitcoin of around £52,000.4 But that doesn’t tell the full story. It was reported that, in total, the attack cost the city of Atlanta somewhere within the region of $17 million.5
#4 Ryuk
Ryuk is a type of ransomware associated heavily with the hacking group Wizard Spider. It utilises computer malware to install itself after gaining access to a network’s servers and is best known for targeting large, public-entity Microsoft Windows cybersystems.
Its origins are unclear, having been linked to cybercriminals in Russia and North Korea. Like some other examples on this list, this type of ransomware encrypts data, rendering it inaccessible until a ransom is paid in untraceable bitcoin. Sometimes this is done through phishing emails that act as bait for system users.
In keeping with the recent increase we’ve seen in attacks, 2019 and 2020 saw several cities in Florida targeted by Ryuk ransomware. Its targets included the Volusia County library system and the Tampa Bay Times.
As is often the case with these attacks, very large sums of money were paid in ransoms so that organisations could regain access to vital data. For example, Lake City, a city with a population of just over 65,000, ended up paying the ransom of almost $500,000 demanded by the hackers.6
#5 CryptoLocker
From September 2013 until sometime late in May 2014, Cryptolocker ransomware effectively targeted Microsoft Windows users’ systems. By mid-December 2013, it was reported that there were between 200,000 and 250,000 infected computers as a result of the attacks.7
In this example, the attackers used ransomware to encrypt files before demanding a ransom from the businesses and individuals they had successfully targeted. The victims of these attacks were forced to pay a set amount within 72 hours in order to regain control of their files.
The perpetrators utilised the AIDS Trojan, also known as the PC Cyborg virus, to encrypt files to carry out their attacks. This meant that a decryption tool or encryption key was essential to stop the attacks and recover any affected files.
Cryptolocker turned out to be a prolific and aggressive form of ransomware, often making its way onto a system via phishing emails that included malicious attachments. Reports suggested that the operators procured seven or possibly eight-digit sums in ransom payments for their efforts.8
As with each of these examples, the message is clear — working to proactively protect yourself and your organisation is far more cost-effective and secure than dealing with the consequences of a ransomware attack.
Get the support you need to protect your organisation
The current threat landscape, which now includes Ransomware as a Service being available on the dark web, alongside the consequences of a successful attack we’ve explored above, demonstrates that it’s never been more important to have a robust cybersecurity strategy. This can be done in-house, but that requires significant time, money, expertise, and resources.
The reality is you need a managed IT service solution that provides you with:
- Continuous updates and malware scanning
- Effective threat detection
- Ongoing cybersecurity training for staff
At Nexstor, we’re dedicated to devising bespoke solutions for businesses by working with top cybersecurity vendors. That includes Arctic Wolf. You can check out their recent article on the attack on Okta by the Lapsus$ hacking group to find out how proactive monitoring and strategic advice can protect your organisation from the threats you face.Our goal is to make the processes of outsourcing your cybersecurity as smooth as possible so that you can focus on what really matters — serving your customers. Get in touch today to learn more about how we can support your cybersecurity efforts.
2 The State of Ransomware in 2022
3 Cyber-attack: US and UK blame North Korea for WannaCry
4 Atlanta Spent $2.6M to Recover From a $52,000 Ransomware Scare
5 The Cost of SamSam Ransomware Attacks: $17 Million for the City of Atlanta
6 Second Florida city pays giant ransom to ransomware gang in a week
