When looking back at the history of ransomware development, the world’s first ransomware attack is just “child’s play” compared to today. It was 1989, when thousands of attendees of the World Health Organization (WH) AIDS conference returned home to find floppy disks in their mailboxes that were supposed to contain a questionnaire about possible HIV infection. . However, the disks actually contain programs designed to encrypt computer files. If they want it restored, they must send $189 to a Panamanian post office box.
After more than 30 years, ransomware is much more sophisticated thanks to the popularity of the Internet, the shift to the digital world as well as the birth of cryptocurrency. As a result, the number of victims, the ransom amount, and the impact of ransomware attacks have all skyrocketed.
The losses suffered by companies due to ransomware attacks are also increasing. Security firm Cybersecurity Ventures predicts that victims of ransomware will lose $265 billion by 2031. In addition to losing money, victims also face business downtime, loss of reputation and decline in customer confidence. In addition, there are other individuals and systems that are indirectly affected even though they are not the targets of the crime.
Ransomware doesn’t “spare” anyone. Photo: Adobe
Below are the 9 most impactful ransomware attacks ever, according to statistics from security news site TechTarget.
1. Colonial Pipeline
Loại ransomware: DarkSide RaaS
The culprit: DarkSide
Time: May 7, 2021
Damage: 4.4 million USD
The attack on America’s largest pipeline company – Colonial Pipeline – is one of the most famous ransomware attacks due to its impact on the daily lives of Americans. People living in the Southeastern states suddenly faced shortages in gas supplies.
Colonial Pipeline, the owner of a fuel pipeline system from Texas to the Southeast, suffered a ransomware attack on the computer systems that manage the pipeline. The DarkSide team accessed the system through leaked old VPN credentials. Despite paying a $4.4 million ransom just hours after being attacked, the company struggled to fully restore operations for days.
Federal and state officials declared a state of emergency to ensure fuel could reach the affected area and limit damage. The attack also led to President Joe Biden issuing an executive order on May 12, 2021 to improve the country’s cybersecurity situation.
Nearly a month later, the US Department of Justice announced that it had confiscated $2.3 million of the $4.4 million that Colonial Pipeline paid in Bitcoin.
2. Costa Rica
Ransomware type: Conti
The culprit: Conti
Time: April 17, 2022
Damage: 30 million USD/day
The Conti ransomware gang launched a months-long attack against Costa Rican government institutions. Costa Rica’s Ministry of Finance was the first victim after the perpetrator used leaked login information to install malware on the system. After that, the Ministry of Science, Innovation, Technology and Telecommunications, and the Ministry of Labor and Social Security also met the same fate.
The Costa Rican government was forced to shut down many systems, leading to delayed government payments, a slowdown in trade, and limited services.
During the first week, former President Carlos Alvarado refused to pay the $10 million ransom. The Conti gang leaked almost all of the 672 GB of stolen data in the attacks. It took months for systems to be restored.
3. Enterprise
Ransomware type: Lapsus$
The culprit: Lapsus$
Time: January 1, 2022
Losses: Not reported
The Lapsus$ hacker group launched one of the world’s most notorious ransomware attacks against Impresa, Portugal’s largest media group. The attack took down all of the group’s websites, weekly newspapers and television channels. The attackers also took control of the Twitter account and claimed to have access to the company’s AWS account. According to media, Impresa confirmed being attacked but said no ransom request was made.
Lapsus$, which previously attacked the Brazilian Ministry of Health in late 2021, posted a ransom message threatening to release the company’s data. This is the largest cyber attack by Portuguese authorities in the country’s history.
4. JBS USA
Ransomware type: REvil RaaS
The culprit: Revil
Time: May 30, 2021