Interesting Ransomware cases you should know about

Rachana Gupta
3 min readJun 8, 2023
Credit : link

Ransomware attacks have become a significant cybersecurity threat in recent years, causing damage to individuals, businesses and governments. These malicious attacks involve encrypting victims’ data and demanding a ransom in exchange for its release. In this article, we will explore some interesting ransomware cases that have captured public attention due to their scale, impact, or unique characteristics. These cases serve as a reminder of the importance of robust cybersecurity measures in our increasingly digitized world.

  1. WannaCry: A Global Impact

One of the most notorious ransomware attacks in history, the WannaCry outbreak in May 2017 affected over 200,000 computers across 150 countries. Exploiting a vulnerability in Microsoft Windows, WannaCry spread rapidly through networks, encrypting files and demanding ransom payments in Bitcoin. The attack targeted individuals, hospitals, businesses, and government institutions, causing widespread disruption and financial losses. WannaCry highlighted the importance of promptly applying security patches and maintaining up-to-date systems to prevent such large-scale attacks.

2. Colonial Pipeline: Disrupting Critical Infrastructure

The hackers were able to hack this with compromised password from dark web. The company was also using legacy VPN which they shouldn’t have been using. There was also lack of MFA. The Colonial Pipeline hack demonstrated that much of the company’s infrastructure remains highly vulnerable and the government and companies must work harder to prevent future hacks. Even though the password was complex, no MFA and legacy VPN clinched it for the hacker group Darskside. The company did pay 4.4 Million in Ransom as the pipleline was shut for six days. The paying of ranson remains a controversial decision. But its did highlight importance of cybersecurity to the world.

3. NotPetya (2017)

NotPetya, also known as ExPetr or Petya, was another high-profile ransomware attack that caused widespread damage. It primarily targeted Ukrainian organizations but quickly spread globally. NotPetya exploited the EternalBlue vulnerability, the same exploit used by WannaCry, to rapidly infect and encrypt files on affected systems. One of victims was the global transport and logistics giant Maersk, where NotPetya destroyed “all end-user devices, including 49,000 laptops and print capability”, according to the company’s head of technology Adam Banks.

Money wasnot the goal of this as it was created with Ukraine as target. Designed to look like a traditional ransomware programme , it had been modified to make it technically impossible to recover the victim’s files — whether they paid up or not.NotPetya took its name from the ransomware Petya, deployed the previous year. Both encrypted Windows machines and then demanded payment in crypto in exchange for decryption keys. But while Petya actually allowed the victim’s machines to be decrypted after payment, NotPetya did not.

4. Kaseya

The attackers carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya’s VSA software against multiple managed service providers (MSP) — and their customers.

The Russia-based REvil group claimed responsibility on July 5, 2021, and demanded U.S. $70 million in exchange for decrypting all affected systems. But by the time REvil’s ransom demand made its way to its victims, many firms had already restored their systems from backups. Some victims had already negotiated their own individual ransoms, reportedly paying between $40,000 and $220,000.

Designed to look like a traditional ransomware programme , it had been modified to make it technically impossible to recover the victim’s files — whether they paid up or not.

It is crucial to prioritize cybersecurity and adopt proactive measures to safeguard against ransomware attacks, as prevention and preparedness are key to mitigating risks effectively. Stay vigilant, keep software and systems up to date, educate users about phishing and suspicious links, and regularly backup data to ensure resilience against ransomware threats.