Cybersecurity threats, and in particular ransomware attacks, are facts of life and daily occurrences in an increasingly digital economy. The more commercial activity takes place via the internet and using hardware and software that interfaces with the web, the more vulnerable a business is to the depredations of malicious actors.
Interestingly, most of the largest ransomware attacks to date have occurred over a fairly short time period (between 2017 and 2018).
Ransomware attacks are an omnipresent threat for any organization, large or small, private or public. The cat and mouse game played by cybersecurity experts and criminals is never-ending. Losses are measured in not only dollars and cents, but potentially human lives, and many organizations have and will continue to lose big.
Below are 5 of the biggest ransomware attacks of all time.
The Nayana Attack
Nayana is a popular South Korean web provider and in June of 2017, hackers infected over 153 Linux servers hosted by the company with ransomware that shut down some 3,400 websites. The CEO of the company at the time, Hwang Chilghong, said that the hackers had initially asked for 4.4 million dollars USD, but he eventually negotiated the amount down to one million.
During negotiations, the hackers permanently deleted some of the user data, and in response, Nayana offered their affected customers free hosting for life and complete refunds, compounding the financial damage for the already struggling company.
At the time, the Nayana attack constituted the largest single ransomware attack in history and illustrates the necessity of backup and secure data storage for any business.
Blowing Nayana out of the water (also in 2017) is the now infamous NotPetya attack, a ransomware attack that originated in Ukraine and which caused a cumulative 10 billion dollars USD in damages. The theory is that hackers exploited a vulnerability in Ukrainian tax software which was used to spread the malware to countless computers in and eventually outside of Ukraine.
Users were greeted with a black screen and a message informing them that “ooops, your important files are encrypted,” and that they were to pay $300 in bitcoin to unencrypt everything. NotPetya made use of a stolen American cyberwarfare tool called EternalBlue that was leaked during a breach of NSA files in 2017 and combined it with a French research tool called Mimikatz. The latter provided access and EternalBlue ran the attack.
The BadRabbit ransomware attack first emerged in October of 2017 and targeted companies throughout Russia, Ukraine, and the United States. BadRabbit built off the success of NotPetya and Ukrainian authorities believe that the same firm (Black Energy) was behind both. Many cybersecurity experts believe that Black Energy is actually a Russian government asset.
While the attack was not as sustained as NotPetya, and was shut down relatively quickly by the hackers, it worked by imitating an Adobe Flash Installer on several hacked Russian media websites and then demanded 0.05 bitcoins (around $275USD) to encrypt essential files. A message informed users that their computer had been compromised and that they had a set amount of time to make the bitcoin transfer.
BadRabbit did not do the financial damage that its predecessor did, but is notable for the scale of the spread. In a very short amount of time, this attack hit hundreds of media, government, and transportation targets in 15 different countries, including national airports and ministries of finance and infrastructure.
SamSam predates the other attacks mentioned in this article by a couple of years, first appearing late in 2015, and continuing to do damage over a period of years. SamSam is considered one of the bigger ransomware attacks in history because of the targets that it managed to hit, including the City of Atlanta, the Colorado Department of Transportation, and various healthcare facilities.
While SamSam was initially believed, like the others, to have originated in Eastern Europe, in 2018 the U.S. government indicted two Iranian nationals who they claim were behind the attacks, which resulted in more than $30 million in losses.
In the middle of 2017, the world realized that ransomware had the potential to be an existential threat. This was largely the result of two major attacks, the first of which is known as “WannaCry.” Many cybersecurity experts considered this attack, at the time, to be the worst the world had seen. On May 12, 2017, the attack began in Europe and just 4 days later, 250,000 attacks had been recorded across 116 countries.
This was the first attack utilizing leaked hacking tools stolen from the U.S. NSA (National Security Agency), which other similar attacks in that same year would also make use of. WannaCry shut down Ukrainian hospitals and California radio stations.
It was an unnerving wake-up call to world governments, businesses, and the cybersecurity industry, who realized that malware attacks were here to stay and had the potential to do an incredible amount of harm.
Ransomware and malware attacks are now an unfortunate part of life online. Cybersecurity and cybersafety have been forced upon people in the digital age and for businesses and governments, investing in digital security is non-negotiable.
Protecting oneself against these malicious actors and their attacks involves more than just awareness, it involves a constant back and forth battle of expertise between civilization and its enemies.
Cybersecurity will continue to represent a significant cost of doing business in a digital world, justified by the potential financial and human losses that await those who fail to take the threats seriously.