Don’t miss the latest developments in business and finance.

WannaCry to SamSam: 5 biggest ransomware attacks you need to know about

Ransomware attacks have been taking place for a long time, but their frequency has increased in the last few years

Indian firms slow on cybersecurity
Raghav Aggarwal New Delhi
4 min read Last Updated : Nov 29 2022 | 4:19 PM IST
The computer servers at the All India Institute of Medical Sciences (AIIMS), Delhi, have been down for seven days. Media reports stated that this might have been a hack, and data of around 3-4 crore users stood exposed. On Monday evening, PTI reported that the servers were hit by ransomware, and the hackers demanded Rs 200 crore in cryptocurrency from the hospital.

Later in the evening, Delhi Police refuted the claims and stated that there was no such demand. 

Ransomware attacks have been taking place for a long time, but their frequency has increased in the last few years

Here is a list of 5 major ransomware attacks

WannaCry

In 2017, numerous companies across the globe were hit by a fast-spreading malware called WannaCry. Within two days, the malware became so prevalent that it impacted over 200,000 computers in over 150 countries. The total amount of damage could not be calculated precisely, but reports claimed it stood between "hundreds of millions to billions of dollars".

Some of the biggest victims of the attack were Taiwan Semiconductor Manufacturing Company (TSMC), Petrobras, Sberbank, Honda and Renault. In India, the Andhra Pradesh Police, the state governments of Gujarat, Kerala, Maharashtra, and West Bengal were among its victims.

The ransom was demanded in Bitcoins, but no big sum was ever reported by any company. 

In December 2017, the US and the UK governments said North Korea was behind the attack.

Also, it was found that the malware was propagated through EternalBlue, an exploit developed by the US National Security Agency (NSA) for Windows systems. EternalBlue was stolen a month before the attack.

NotPetya

In 2017, a ransomware outbreak was reported in Ukraine, including in the National Bank of Ukraine, which spread quickly to other parts of Europe. It was reported in France, Germany, Italy, Poland, the UK and the USA. However, the biggest attacks took place in Ukraine and Russia. The monitoring system for Ukraine's Chornobyl Nuclear Power Plant went offline on June 27, 2017.

It targeted energy companies, power grids, bus stations, gas stations, airports and banks.

The virus is believed to have spread through Ukraine's tax preparation program ME Doc. The total damages of the virus are expected to be over $10 billion.

SamSam

The malware was first detected in 2015, but it started making big attacks in 2018. It entered the systems through random desktop protocols (RDP), Java-based web servers or file transfer protocol (FTP) servers to gain access to the victim's network.

The ransom notes contained high use of "sorry". It largely hit several states in the USA.

According to the Swiss Cyber Institute, ransomware has till now earned $6 million for its creators. It is deadlier as it does not behave like a normal virus, transferring itself through files. It is deployed using Windows network admin tools and stolen credentials, making it difficult to trace and eliminate.

DarkSide

In 2021, the Colonial Pipeline in the US was hit by ransomware believed to be released by a group called DarkSide. It was the USA's largest publicly disclosed cyber attack against critical infrastructure.

The hackers stole 100 GB of data within two hours of the attack. The shutdown impacted numerous consumers along the East Coast. The pipeline was responsible for transporting oil from the Gulf of Mexico to several critical industries on the East Coast.

On May 7, the US government paid the hackers a ransom worth $4.4 million in Bitcoins. On May 9, an Emergency was declared by US president Joe Biden.

However, $2.3 million was soon recovered, but the rest of the sum was not. The attack is believed to have originated in either Russia or Eastern Europe.

SpiceJet attack

In May 2022, Indian airline SpiceJet reported a ransomware attack. It led to delays in several flights by up to 6 hours. Several passengers claimed sitting on the planes for 45 minutes to three hours.

The attack was contained by the airlines within hours, but no official clarification has been revealed. It was not revealed if any demand was placed or what kind of malware attacked the systems. 

Topics :AIIMSJoe Bidenransomware attackWannaCryMalwareNotPetya ransomware attackSpiceJetPetrobrascryptocurrencyBS Web ReportsAll India Institute of Medical SciencesTaiwansemiconductor