Ransomware is malicious software or, correctly put, malware planted in a victim’s information system to encrypt data or block access to computers. There are two popular types of ransom malware preferred by hackers, the Locker and the Crypto. The Crypto ransomware goes after your vital data and encrypts it without interfering with the basic functions of the computer.

The Locker malware blocks the computer’s basic functions, leaving a partial keyboard and mouse operation to allow access to the window with the ransom demand. Either way, you pay before you regain control of your computers and data. Here are some examples of ransomware attacks executed in the past, starting with that recent one in 2020.


The Ryuk ransomware first appeared on the scene in 2018, disrupting many organisations and costing losses in billions of dollars. Major US newspapers found themselves in a quagmire, unable to operate after Ryuk took control of their data for ransom. Ryuk, as is the case with most malware, is spread through malicious emails with attachments containing encryption Trojans.

Once downloaded onto a computer, the malware creeps up the system, encrypting the network hard disks and blocking access. Any data recovery is foiled as the Trojan disables the Windows OS recovery functions. It is estimated it cost the affected companies over $640,000 in ransom.


SamSam was notorious for hitting civic authorities, with the city of Atlanta paying out over $2 million for damage repairs following the malware infection in 2018. The Port of San Diego and the Colorado Department of Transportation services suddenly ground to a halt as operating systems shut down.

A hospital in Indiana paid $55,000 in ransom to reclaim its data and systems in circumstances that had crippled service delivery. Implementation of blockchain in pharmaceutical and healthcare can help stem these attacks, especially in such a critical sector.


WannaCry caused serious hue and cry worldwide with a damage bill of over $4 billion to both private and public organisations. The malware compromised one-third of NHS hospitals in the UK alone, leaving behind damages of nearly 92 million pounds. This ransom wildfire spread across 150 countries worldwide, infecting 230,000 computers.

WannaCry exploited a security vulnerability in Windows, calling attention to outdated systems still in use by major organisations. The affected organisations had never updated their systems despite the availability of a patch for the purpose.

Bad Rabbit

Bad Rabbit compromises genuine but insecure websites to carry malware that infects unsuspecting visitors to the site. These are known as drive-by attacks since they target online users browsing (drive-by) through a site and getting hit by the waiting malware.

When a user calls up a compromised results page on such websites, the malware comes along and, with a little prompting, downloads onto the victim’s computer. Bad Rabbit may also request the user to run an installer of a common app laden with malware such as a fake Adobe Flash to view the page but end up infecting their computer instead.


Petya appeared on the scene sometime in 2016 and since then has left in its wake financial losses of over $10 billion. The malware does not discriminate, and its victims range from national banks, pharmaceuticals, oil, and food companies, among many others.

Petya is designed to infect the boot records in machines running on the Windows operating system. Once the infection is complete, it blocks the operating system, and it will cost $300 per user to unlock.


Locky is another ransomware that was spread through phishing or malicious emails. Hackers sent out malicious emails with infected attachments in a phishing expedition to target companies. This malware is said to have the capability to successfully encrypt over 160 file types.

In 2016 when Locky erupted, socially engineered users in target companies opened these malicious attachments and infected their computers. Most of the victims included engineers, designers, developers, and testers, as their file types were more vulnerable to the Locky malware.


The TeslaCrypt malware started in 2015, targeting computer gamers by encrypting gaming files that included custom maps, recorded gameplay, saves, and player profiles. For a while, this was thought to be restricted to gaming files until later versions mutated and began encrypting other file types.

TeslaCrypt widened its reach and started attacking JPEG, Word, PDF, and many other standard office file types. However, for some reason, the creators of TeslaCrypt recently released a master decryption key online for public use.


The Shade, also known as Troldesh, has been one of the oldest running ransomware since its release in 2014. The Shade malware was principally spread through spam emails carrying infected file attachments or malicious links. Once your computers got infected, the Shade hackers communicated directly with the victim and even offered discounts if it was a repeat attack.

However, out of the blue in 2019, the Shade hackers decided to close shop and released over 750,000 decryption keys to the public. Security lab Kaspersky has confirmed the veracity of the released keys and has also released a free decryption tool to assist past victims.


The CryptoLocker of 2007 was perhaps the first spotted malware that law enforcement agencies and security companies managed to infiltrate. By the time security companies and law enforcement caught up, nearly 500,000 computers had been infected.

The combined force of the security agencies and law enforcement officers took control of the computers used by the hackers and followed their activities unnoticed. Eventually, an online portal was set up where victims could obtain a decryption key without paying a ransom.


The attackers reveal what they have on the victim and demand a ransom with the threat of releasing the embarrassing footage online. This is as personal as it gets and motivated security agents and law enforcement to develop a decryption tool for victims to recover sensitive data from the hackers.