Well Known Ransomware Attacks

Ransomware is malware that encrypts a victim’s files and demands a ransom payment to decrypt them. This means the victim’s files are inaccessible until the ransom is paid. Ransomware has emerged as one of the most common forms of malware in recent years due to its ability to cause massive financial damage. Ransomware attacks have caused losses of over $2 billion worldwide.

In recent years, famous ransomware attacks have become a major problem. Ransomware is highly dangerous because it can completely erase your hard drive, preventing you from using your computer or accessing important files. If you don’t pay the ransom, the malware will delete your files until you do.

Types Of Ransomware

There are two main types of ransomware:


File-based ransomware encrypts files on a victim’s computer and then demands payment to decrypt them.


Web-based ransomware infects computers through infected websites and then displays a message asking the user to pay a ransom to regain access to their files.

Best Way To Deal With Ransomware

The best way to deal with ransomware is to be proactive and ensure that your systems are fully patched and protected from infection. Additionally, you can use anti-virus software and password protection tools to help protect your data against attack. If you fall prey to ransomware, do not worry, there are many ways to retrieve your files without paying the ransom.

Rise In Ransomware Attacks

Ransomware attacks have been rising in recent years, with high-profile attacks making headlines. One reason for this increase is that ransomware attackers are increasingly targeting businesses. They know that businesses have more money available to them than individual users, and they also know that businesses tend to be more security-conscious than individual users. This means that businesses are more likely to pay the ransom demanded by a ransomware group, even if it is expensive.

The good news is that you can protect yourself from a ransomware attack by using strong anti-virus software and keeping your computer updated with the latest security updates. You can also keep all your files backed up regularly, so if something does happen and your files are encrypted, you’ll at least be able to restore them relatively easily.

Well-Known Ransomware Attacks

The top ransomware attacks are the WannaCry and Petya ransomware threats. These two viruses spread rapidly across computers worldwide, encrypting files and demanding payments in Bitcoin in exchange for a decryption key. More than $700 million was paid in ransom payments for these two viruses alone!

Here are some of the famous ransomware threats:


This ransomware attack took place in May and affected Windows systems worldwide. Malicious ransomware encrypted files on infected machines and demanded a ransom payment to decrypt them. The number of victims is still unknown, but it is estimated that this crypto-ransomware attack may have caused up to $200 million in damages.


Petya ransomware spread was one of the biggest ransomware attacks that occurred earlier this year. Like WannaCry, it attacked Windows systems and encrypted files. However, unlike WannaCry, Petya was able to spread through file-sharing services like Dropbox and LinkedIn. As a result, it is thought to have caused even more damage than WannaCry – possibly totaling $500 million.


CryptoLocker is one of the oldest and most devastating ransomware attacks. It first surfaced in 2011 and targeted users who had installed Microsoft Office software on their computers. Once CryptoLocker has infected your computer, it encrypts all your files, making them inaccessible until you pay ransom money to the attackers.

Despite being detected multiple times by security experts over the years, CryptoLocker has continued to be used in recent months as part of various high-profile devastating ransomware attacks.


This worldwide ransomware infection first emerged in September 2016 and affected over 1 million devices across 150 countries, including hospitals and schools. Like many other ransomware attacks, Locky used a worm-like virus known as Shamoon (aka Petya) to spread and encrypt data before demanding a ransom from the victim.

While it is less well-known than some of its fellow malware threats, this attack is notable because it was the first ransomware to use Tor as an attack vector, allowing malicious actors to remain anonymous.


This ransomware attack first surfaced in March 2017 and affected over 500,000 computers across Europe, Asia, and North America. Unlike WannaCry, NotPetya did not use a worm-like virus to spread but relied on infected systems connected to the internet to infect other machines. Once infected, NotPetya would encrypt all user data on the system, making it impossible for users to access their files without payment of ransom fees by utilizing known security vulnerabilities.

Bad Rabbit

Bad Rabbit is the name of a ransomware virus that has affected several organizations around the world. It started to spread on October 25, and by November 1, it had impacted over 100,000 devices. The virus modifies the files in a victim’s computer, making it unusable.

Once infected, users are generally asked to pay a ransom to get their files back. Needless to say, this is an incredibly lucrative business for cybercriminals and has caused extensive damage and disruption around the world. As of now, there is no way of decrypting or recovering your data if you have been affected by this ransomware virus.

However, we recommend you back up your data first in case things go wrong. You can also seek help from a data recovery service if you are worried that your computer may be infected with the Bad Rabbit ransomware virus.


Cerber is another well-known ransomware virus. It was first discovered in March 2017 and has since been responsible for numerous attacks, including one on the Las Vegas Sands Corporation that caused $1 billion worth of damage. Like most ransomware viruses, Cerber encrypts data on files and asks the user to pay a ransom to unlock them. In addition, it also spreads through malicious emails and instant messages.


NirCmd is malware that can infect computers through malicious email messages or downloads. Once installed, NirCmd allows attackers to take control of the infected computer remotely and carry out other nefarious activities.


Jigsaw is a ransomware virus that’s believed to have originated in the United States. It began to spread in late 2017 and caused millions of dollars in damage. What is Jigsaw?

Jigsaw is a ransomware virus that encrypts files on infected computers and then demands payment from the victim for them to be unlocked.

Jigsaw has already caused millions of dollars in damage around the world, with reports suggesting that it’s been used to attack businesses and government agencies across multiple countries. Unfortunately, there are currently no known ways to decrypt files affected by Jigsaw without paying its ransom demand. How does Jigsaw work?

Jigsaw malware encrypts all the files on your computer, regardless of their importance. Once encrypted, these files are locked with a password that the attacker demands payment to decrypt.


Crysis is a ransomware virus that’s primarily associated with Russia. It began to spread in early 2018 and has already caused millions of dollars in damages. According to the Security Intelligence Group, Crysis is a powerful ransomware virus that typically drops links to websites where victims can pay for decryption services.

If you’re infected with this virus, your files may be encrypted, and you’ll likely need help from a qualified computer security expert to get them back. Crysis doesn’t just target PCs; it is also known to attack Android devices. Even if your device is not infected with Crysis, keep up to date on all the latest security threats so you don’t fall victim to any other malicious attachments.

Key Scrambler

Key scrambler is a ransomware virus that’s believed to have originated in China. It began to spread in early 2018 and has already caused millions of dollars in damages. The virus installs a malicious payload on Windows machines that encrypt files and demands payment from victims to decrypt them. Ransomware has already been used to steal money from businesses, government agencies, and individuals worldwide.

Prevention From Ransomware Attacks

So, what can you do to protect yourself from ransomware variants?

The best way to avoid becoming a victim of a ransomware attack is to be aware of the risks and take simple precautions such as keeping your software up-to-date and using strong passwords. Additionally, ensure you never pay ransom payments frequently; attackers will keep all the money they earn and might not even decrypt the stolen data. If something seems off or suspicious about a message you receive demanding payment in Bitcoin, don’t hesitate to contact your computer security experts for help.

Although there is no specific way of preventing the types mentioned above of ransomware infection, up-to-date anti-virus software, user education about cybersecurity, and best practices can help minimize its impact and drive by ransomware attack.

Several Key Characteristics Of Ransomware Virus

Several key characteristics of these types of ransomware families are:

  • It can be spread through email, Web site exploitation, and social engineering attacks.
  • It uses encryption techniques to lock victims out of their files.
  • Victims are typically asked to pay a ransom to recover their data.
  • Ransom can range from $300 – $5,000.
  • The virus has already caused millions of dollars in damages around the world. Most infected machines are located in China, followed by the United States and Canada. Other countries with high infections include Germany, France, and Spain.

Types Of Data Encrypted By Ransom Attacks

Some of the types of files that have been encrypted using different ransomware viruses are:

  • Documents such as business financial reports, contracts, and sensitive information.
  • Music, videos, photos, and other files stored in personal computer folders.
  • Operating systems and applications such as Microsoft Office Docs and Adobe Acrobat Reader DCA.

Ways For Businesses To Protect Themselves From Biggest Ransomware Attacks

  • Configure a security policy that includes a layered approach to protection, including Antivirus, Firewall, Web Filter, and Intrusion Detection/Prevention systems.
  • Deploy an endpoint protection solution with behavior-based detection capabilities that will detect and block known ransomware viruses before they can infect your computer.
  • Train users on identifying potential threats and how best to respond if they are subjected to cybercrime attacks such as ransomware infections.


Now that the new trends in ransomware attacks have been exposed, it would be wise to ensure safe security practices and steps while browsing online. Though most of these attacks were reported earlier, they keep reappearing in different domains with different names. So make sure to keep safety measures such as installing anti-virus and firewall software up-to-date.

Derik Belair

As President and CEO, Derik leads the vision, strategy and growth of Augmentt. Prior to founding Augmentt, Derik was the Vice President at SolarWinds, leading the digital marketing strategy for SolarWinds’ Cloud division. Derik has been working in the channel for over 20 years, starting his career as a channel sales rep at Corel Corp. and eventually becoming the first employee at N-able Technologies in April of 2000.
SUBSCRIBE for more resources
Related Content

Agent-based SaaS Discovery

    When it comes to Augmentt Discover, we believe in flexibility and power. Augmentt Discover can collect SaaS usage data using both an Agent and Agentless model. Here is a quick [...]

    Product Evaluation Guide

      Thank you for starting your Augmentt Product Evaluation and Trial   Here are a few resources that will help you through this technical process. Support Technical Support is available to [...]
      Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.