infoTECH Feature

February 23, 2018

7 Largest Ransomware Attacks That Spread Around the World

If there’s one type of cyber attacks that have become very popular in recent days, they’re ransomware attacks. But, what exactly are these attacks and what do they do? Well, that’s what we’ll try to understand in this article by taking a look at the 7 largest ransomware attacks in the world.

Before we dive into it, let’s take a quick look on the definition of these attacks.

What is Ransomware?

Ransomware is actually a subset of malware. The term is used for any malware that locks down the files on a user’s computer and then demands money to unlock them (thus justifying the name Ransomware). Payments are usually demanded in Bitcoin or other cryptocurrencies so the identity of attacker may remain hidden.

With that in mind, now we can take a look on top 7 largest Ransomware attacks in the world.

7 Largest Ransomware Attacks in the World

Given below are 7 largest ransomware attacks that spread around the world and wreaked havoc on users of all types:

  1. WannaCry: The most recent and arguably most widespread ransomware attack in the world, WannaCry was actually born from the work of America’s National Security Agency (News - Alert) (NSA). When ShadowBrokers released a number of NSAs exploits to public in April, it was just a matter of time before those exploits got into wrong hands. One of them was tweaked by the cybercriminals to suite their own purposes, and next month came the largest global ransomware attack in the world. The WannaCry ransomware spread to more than 150 countries, affecting individuals, businesses and organizations of all sizes, causing losses of millions of dollars. Due to its huge scale it was widely covered in the media, and therefore, it also made companies realize why cybersecurity is important.
  2. Not Petya: What started as a fake Ukrainian tax software update went on to become one of the worst ransomware attacks in the world, infecting hundreds of thousands of computers within 3 months around the globe. It was a variant of Petya ransomware, but later it was found to have significantly different code than Petya so its name was changed to Not Petya.
  3. Locky: One of the stealthiest ransomwares out in the world, Locky remained in news several times between 2016 and 2017. It was spread by the Necurs botnet, which is arguably the largest botnet in the world. It has had multiple campaigns, all of which came to force for some time and then were neutralized. It was at work in 2016, but in early 2017 it came to a halt to give space to JAFF ransomware (described below). However, later in April 2017 it started spreading once again with a few variations in its code. Locky has reportedly infected more than 90,000 devices in various countries of the world. Countries most affected include United States, France, Italy, Germany and Spain. To unlock the files it used to demand ransom of $17,000.
  4. JAFF: This is another ransomware program spread by Necurs botnet. Like Locky, it was also spread via large scale email marketing campaigns in May last year. The ransom demanded by it was 1.79 BTC (around $4,000 at that time), and it locked files on millions of PCs. Fortunately, Kaspersky was able to develop a decryption tool for it which allowed users to decrypt their files for free.
  5. Crysis: This ransomware infected a lot of PCs in Australia, USA and New Zealand last year. And while many sectors were affected, its primary target was US healthcare sector (according to TrendMicro). It was spread via Remote Desktop brute force attacks, which are one of the most common (and also effective) ways to spread malware because if administrative machines are compromised with this method, the PCs of whole organizations can be controlled and infected.
  6. Spora: This is a rather mischievous type of ransomware because its method of spreading was different from that of other ransomware programs mentioned here. The developers of this program hacked legitimate websites and inserted a malicious Javascript code into their webpages. The code then used to prompt the visitors of those websites to download/update their Google (News - Alert) Chrome browser with a pop-up. And when users clicked those buttons to update their browsers, instead of Chrome the ransomware file was downloaded, which then used to do its job. Email marketing was also utilized to spread it more quickly.
  7. Cerber: We’ve all heard about SaaS (News - Alert), PaaS and NaaS. But have you heard Ransomware as a Service (RaaS)? Well, this is an example of it. The developers of Cerber ransomware program developed it in such a way that even non-technical people with malicious intent could use it to extort money from others. The developers of Cerber used to take a cut out of money extorted.

Bottom Line

These 7 attacks collectively affected millions of PCs around the globe, caused losses worth billions of dollars and disrupted business and life for several weeks (if not months).

Therefore, organizations of all sizes should keep the security of their systems up to date by following all the necessary privacy and security tips for businesses at, because organizations make the most attractive targets for cybercriminals. Keep this in mind and beef up your organization’s security so you don’t easily fall prey to any such attacks in the coming days. 

About the Author: Hardik Patel is a Digital Marketing Consultant, Developer, Editor of News for Public and professional Blogger. He has 5+ years experience in Development, SEO, SMO, SEM, Online reputation management, Affiliated Marketing and Content Marketing.

Edited by Mandi Nowitz

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers