In the Wild West, moving valuables from town to town was a dangerous business. At any moment, stagecoaches could be ambushed by bandits, causing miners to lose months of wages in one swift attack. In the early 21st century, things have come full circle. But now the outlaws are ransomware attackers, and the victims are some of the world’s biggest corporations.
Anyone can fall victim to a ransomware attack, so it’s vital to know more about this online threat. With that in mind, we’ve put together a list of the top 5 ransomware episodes. Like the bandits of the Wild West, these attackers have strained online security systems to the breaking point. And they don’t seem to have finished yet.
1. The 2016 Petya ransomware episode
Before 2016, Petya was simply a traditional Bulgarian baby name. But when security analysts christened the year’s most severe ransomware attack, the name quickly became notorious.
The Petya attack could have cost upwards of $10 billion across the world and deliberately set out to target large-scale organizations. For instance, some of the highest profile victims included the shipping giant Maersk, British industrial group Reckitt Benckiser, law firm DLA Piper, and – most worryingly of all – the systems monitoring the Chernobyl nuclear site.
Why was the Petya ransomware assault so devastating? The attack focused on the Microsoft Windows booter, which provided access to the target system’s master bootloader. By triggering a reboot, it could launch directly into ransomware software. This software then encrypted user files and demanded payment in Bitcoin to release them – in classic ransomware style.
In a stunning twist, the original Petya ransomware attack was followed in 2017 by the “NotPetya” attack. A close cousin of Petya, this follow-up used a Windows backdoor called EternalBlue, which was created by the NSA – a case of blowback from the expanding security state.
2. The Wanna Cry ransomware attack
The Wanna Cry ransomware attack eclipsed Petya when it arrived out of nowhere in May 2017. As with NotPetya, WannaCry spread via the EternalBlue exploit, which allowed hackers to propagate “cyberworms” across Windows systems which had not recently been patched.
The result was carnage. In the UK, hospitals lost access to their IT systems, putting the lives of patients at risk. Major corporations like Nissan, Telfonica, FedEx, and Deutsche Bahn were all targeted by the worm. In all cases, core IT services were knocked out of action, as hackers demanded vast Bitcoin payments to restore functionality.
In all, Wanna Cry probably caused $5 billion in damage. And we still aren’t exactly sure who started it. Blame was directed at the North Korean government, although as we noted above, the NSA first identified the EternalBlue exploit that Wanna Cry used to spread.
And it could have been worse. A lone researcher discovered a “kill switch” in the cyberworm’s code, which eventually enabled targeted organizations to restore their systems. But at that point, Wanna Cry had caused plenty of tears in the real world.
3. The Atlanta ransomware attack
Some of the most shocking ransomware attacks have exposed the vulnerability of entire cities. For example, in March 2018, the City of Atlanta admitted that its systems had fallen victim to attackers.
As security experts struggled to deal with the issue, city clerks reverted to paper and pens when handling vehicle licenses or taxes. Footage from Police dash cams was deleted (probably forever), while a third of the council’s software was taken offline.
The Atlanta threat was named as SamSam ransomware. That interested security experts, because it’s not the most common form of attack. Instead of relying on staff to open phishing emails, SamSam used “brute force” tactics to prise open Atlanta’s IT systems.
In the run-up to the attack, the city government had been slammed for its antiquated IT technology, and SamSam ransomware proved the critics right. Old-fashioned security systems left accounts across the government wide open, and the hackers walked straight through.
For individuals and small businesses, the Atlanta ransomware attack is a textbook example of why they should update their operating systems and encryption tools as often as possible. If you don’t brute forcing access to your systems is deceptively easy.
4. The 2017 Bad Rabbit ransomware attack
In September 2017, security analysts noticed a new, ingenious ransomware attack. Christened Bad Rabbit ransomware, this new threat disguised itself under the cloak of Macromedia Flash updates.
You’ve probably encountered these updates when clicking on embedded videos on websites. Over the years, Flash has been notorious for security weaknesses, and Bad Rabbit wasn’t the first time users got more than they bargained for when watching videos.
Instead of launching a legitimate Flash update process, Bad Rabbit almost instantly locked up targeted computers, demanded a $280 Bitcoin payment, and gave users 40 hours to comply. If not, victims could kiss goodbye to the data stored on their hard drives.
However, the Bad Rabbit ransomware attack isn’t really a bad news tale. Instead, the attack was basically confined to Russia and Ukraine, where it presumably originated. Microsoft quickly released patches to vaccinate affected systems, while contaminated Flash files were mostly removed.
Nonetheless, Bad Rabbit furnishes an example of how cautious we need to be when dealing with .exe downloads. Anyone could click on these links, and without proper protection, this can have devastating results.
5. The 2016 Locky ransomware affair
Moving back to 2016, the Locky ransomware episode offers another angle on the problem. In this case, attackers used fake invoices that were delivered by email, alongside an MS Word attachment.
Unsurprisingly, this attachment was not what it seemed. On the surface, it seemed to be a stream of nonsensical text. But this nonsense was prefaced with the instruction “Enable macro if data encoding is incorrect.”
You can guess what happened when users actually enabled Word macros. Instead of decoding a legitimate invoice, enabling macros triggered the Locky ransomware download.
After that, the usual demands were issued, generally requiring victims to download Tor and transfer 1 Bitcoin (thousands of dollars at the time). And many people complied. For instance, Hollywood Presbyterian Hospital in California sent $17,000 to the attackers. And, as usual with a major ransomware attack, most victims kept their troubles private.
Protect yourself against a serious ransomware attack
Everyone should be concerned about falling victim to a ransomware attack. As these examples show, since 2016 the world has been rocked by successive attacks, and law enforcement bodies have very few answers about how to prevent them.
As individuals and businesses, there are things we can do. For example, installing a Virtual Private Network (VPN) is an excellent idea. This can encrypt your data and anonymize your online identity, making you less vulnerable to phishers.
But common sense and vigilance are just as important. Be cautious about email attachments and .exe downloads. And install the latest OS patches. It’s easy to put off updating due to time constraints or costs, but those updates can make all the difference. And when you factor in the cost of losing your data and systems, it’s a no-brainer.