Top 5 Disruptive Ransomware Incidents

Cybercriminals everywhere are exacting thousands of millions of dollars to unlock the technology they have attacked and compromised. This malware attack earned itself the name ransomware for the extreme ransoms that bad actors require to release data, applications, and devices.

But to name "the top 5 ransomware attacks in 2022," it's vital to understand how subjective that statement is. We could be discussing the scale of the attack regarding the sensitivity or amount of data stolen. Or the severity of the attack's repercussions on its customers, the victim, or other connecting partners. 

Here’s a list of some of the most disruptive ransomware incidents in the past decade:

WannaCry 

Flashback to 2017. A type of ransomware called WannaCry spread extremely quickly through vulnerable SMB ports and phishing attacks, infecting over 6,800 computers within the first hour of its release. It infected more than 220,000 computers in over 145 countries within a day. This attack affected leaders in various industries, like the car giant Honda and thousands of NHS hospitals across the United Kingdom, seizing control of industrial processes until the ransom was fully paid. 

TeslaCrypt 

In mid-2016, video gamers faced a form of Trojan ransomware called TelsaCrypt, which infected game saves, user profiles, recoded replays, etc. This gamer ransomware affected 35 different games, such as the Call of Duty series, Minecraft, and World of Warcraft— searching for 180 file extensions. Also, newer malware variants affected encrypted PDF, Word, JPEG, and other files. This ransomware made up a list of the extent of its spread and the depth of its affected files. In June 2016, the ransomware spread came to a halt when the malware developers shut-down the ransomware and released the master decryption key. 

Petya and NotPetya

Petya emerged in late 2016, but in 2017, it started spreading internationally as ransomware. In July 2017, it targeted more than 75 companies in France, Italy, Germany, Poland, the United States, the United Kingdom, Ukraine, and Russia. It affected Windows servers, laptops, and PCs, exploiting a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol – asking victims to conduct a system reboot, after which the system is locked. The newer variant called NotPetya has typical malware behavior. It uses various keys for encryption, has unique reboot styles, displays, and notes – and was designed by the government of Russia.

REvil ( also known as Sodinokibi)

The modern-day Russian-based hacking group Ransomware Evil (Revil), is a RaaS (unique ransomware-as-a-service) operation. These bad actors created a subscription-based model that allows affiliates to use already-developed ransomware tools to launch their ransomware attacks, wherein Ransomware Evil receives a portion of the profit every time it's deployed. In 2021, the group breached Apple's tech powerhouse, stealing information on their upcoming products. Also, they're behind the recent JBS and Kaseya ransomware attacks. They made up the 2022 list for their present relevance. REvil's attacks are becoming more widespread, frequent, and severe because of their infamy of commercializing ransomware as a service, especially towards supply chains.

DarkSide

Another 2022 famous RaaS operation is DarkSide. This group of hacking located in Eastern Europe targets victims using their own unique type of ransomware – believed to resemble the software used by Sodinokibi, as a possible partner of the Russian attackers. DarkSide was the bad actor behind the recent Colonial Pipeline cyberattack. Their malicious software earned its place on the top five most 2022 famous ransomware list for how destructive the program can be. The software deletes documents and files in the recycle bin one by one – uninstalls security and backup software programs, and terminates security processes to enable access to data files.

The threat of ransomware attacks is larger and wider than ever, and there are no signs of slowing down anytime soon. As dependency on online services continues to rise, we'll see an extremely intensified and increasingly insecure cyberspace for private users and businesses.

Preventing ransomware sometimes involves basic practices such as regularly updating your systems and creating strong passwords. Educating the workforce about ransomware attacks and also its harmful effects can go a long way in preventing these attacks.