Hacking Horror Stories: 6 Examples of Ransomware in Action

Ransomware isn’t just a nuisance. It’s big business, the linchpin of a flourishing underworld market that could surpass $265 billion by 2031.

From healthcare to retail, this rapidly evolving threat has victimized industries the world over, authoring reams of horror stories along the way.

Without further ado, let’s have a closer look at some real-world examples of ransomware in action.

1. An Epidemic Begins

The origins of ransomware can be traced back to 1989, when an underdeveloped piece of malware

wreaked havoc on a budding IT community. Designed by Dr. Joseph L. Popp, the infected software was primarily mailed out on a floppy disk to subscribers from an AIDS conference organized by the World Health Organization, purporting as a survey fielding questions on the deadly virus. Of course, the disk contained a payload designed to install an encryption tool on the recipient’s computer, making it the first recorded instance of ransomware, and one of the earliest examples of a Trojan as well.

The so-called AIDS Trojan used a symmetrical form of encryption that prevented files from being executed, rather than locking them outright. Once encrypted, the unlucky recipients saw a message demanding that they pay a fee of $189 to renew their PC Cyborg software and ultimately unlock the system. The malware was fairly easy to remove, but in the infancy of the information age, panic won out. In an effort to get rid of the infection, some victims resorted to wiping their hard drives clean, resulting in years of lost data and productivity.

While the AIDS Trojan didn’t have the complexity, reach, or impact of other threats, it laid the groundwork for the generations of more advanced ransomware that would inevitably follow.

2. Ransomware Goes Mainstream

Though far from the first, WannaCry is often credited with kicking the ransomware trend into high gear. Whereas most attacks only compromise systems that interact with the delivery source, WannaCry illustrated a self-propagating nature typical of computer worms. As a result, the ransomware was able to create copies of itself and spread like wildfire across the affected network. Unfortunately, the initial attack in April, 2017 was only the beginning.

By leveraging EternalBlue, an exploit developed by the NSA, WannaCry gained entry into an unpatched Windows computer located in Asia. Within four days, the ransomware had ravaged IT systems in over 150 countries. While the attack only netted a $100,000 ransom, the impact is said to have reached billions in total damages. Coupled with thousands of lost files, hours in productivity losses created a miserable aftermath for many organizations. WannaCry is the quintessential case study on why those annoying Windows updates are absolutely vital to cyber security.

3. Hollywood Presbyterian Medical Center

On February 5, 2016, actors of the malicious variety invaded Tinseltown. Hollywood Presbyterian Medical Center, which employs over 500 doctors servicing thousands of patients, was rocked by a ransomware strain identified as Locky. The attack is believed to have been the result of an employee unknowingly clicking an infected attachment sent in a phishing email, a common vehicle for malware. Upon execution, staff immediately lost access to the network, prompting the hospital to take its systems offline in attempt to neutralize the threat. But the damage had already been done.

Locky worked fast, encrypting sensitive patient data and compromising equally vital medical functions, including processes related to brain scans, X-rays, and other testing procedures. The hospital was forced to reroute some patients to neighboring hospitals in the area, while staff was relegated to logging new admissions by hand. In the end, Hollywood Presbyterian Medical Center paid a reported $17,000 to restore its systems — on top of the public relations nightmare that accompanies such a massive data breach.

4. A Criminal Case of Irony

In June, 2019, Eurofins, the largest provider of scientific testing and forensic services in the UK, was hit by a ransomware attack that brought its IT operations to a standstill. The firm spent roughly three weeks restoring order as the infection caused a log jam for more than 20,000 forensic samples. While an exact amount was never disclosed, Eurofins reportedly paid a ransom fee to recover its IT systems. Unfortunately, the sensitivity of the data at hand didn’t seem to leave many options. The Luxemborg-based laboratory processes forensics samples for over 70,000 criminal cases per year.

5. How Negligence Fueled a Multi-million Dollar Attack

The most high-profile ransomware attack of 2021, the Colonial Pipeline incident caused a ripple effect across the East Coast, resulting in higher prices at the pump and widespread panic as motorists flocked to local gas stations. Cyber criminals used an inactive account that still had network privileges to gain entry to the pipeline that transports approximately 2.5 million barrels of fuel per day. After the attackers threatened to expose vital pieces of the near 100 gigabytes of stolen data, Colonial Pipeline forked over $4.4 million in ransom fees.

6. Hacking of Historic Proportions

2016 was a huge year for cyber criminals, particularly, those weaponizing a dangerous piece of ransomware dubbed Petya. Within its first year, the malware had already compromised millions of users worldwide. Believe it or not, Petya’s wave of destruction paled in comparison to its namesake successor — NotPetya, widely hailed as the worst example of malware in history.

NotPetya adopted a national form of cyber warfare by targeting the Ukraine. Although the attack initially compromised most of the nation’s IT networks, the infection quickly spread across Europe and beyond. Unlike most ransomware, NotPetya did not offer an opportunity to pay a ransom and recover locked data. In essence, its method of encryption was irreversible. Meanwhile, other hackers, who likely had no involvement in the attack, attempted to cash in on the confusion, promising to sell the victims decryption keys for data that could not be decrypted.

The ransomware was traced back to Sandworm, an elite hacking group allegedly employed by the Kremlin to deter influential companies from doing business with Ukraine, Russia’s long-time rival.

Moreover, NotPetya resulted in massive losses for those affected. The list of victims includes notable companies such as leading snack manufacturer Mondelez, FedEx Euro subdivision TNT Express, and pharmaceutical juggernaut Merck. Cyber security analysts estimate the total damage around $10 billion.