Yesterday the news broke in, cyber insurance firm (for businesses) Chubb had their data stolen in a ransomware attack. This might have involved the maze group. In this post, we are going to see some ransomware attacks that told the IT world anything can happen.
Now even if you are Learning cybersecurity then you should read our list of top worst attacks.
List of Most significant ransomware attacks Ever
On 12th of May 2017, an updated version of WannaCry ransomware called “WannaCrypt” encrypted the files of UK’s NHS i.e. the National Health Service, telecom company Telefonica, and other high profile targets around the world.
After encrypting the files, it would demand a ransom of $300 in Bitcoins. And the files would not be decrypted without a decryption key.
However, even after paying the ransom, the attackers would not guarantee that the victim would receive a decryption key for their affected files.
Later on, researchers determined that WannaCry was made to exploit EternalBlue, a vulnerability which hackers obtained by hacking the NSA (National Security Agency).
The hacker’s group called Shadow Brokers obtained the files from NSA and was able to perform such a massive attack which affected more than 30,000 organizations worldwide.
It was said to affect over 104 countries in the world. Later on, the stolen EternalBlue and other exploit code were made public by the Shadow Brokers.
The news of NotPetya first broke on 27 June 2017. It was when the power distributors in Ukraine and the Netherlands found hacking attacks in their systems.
Then the researchers quickly traced the attacks to Petya, ransomware which encrypts MSB (Master Boot Record).
These newer variants of ransomware were also using the same vulnerability as exploited by WannaCry.
Kaspersky Lab named the threat as “NotPetya” because it did not give the victims an option to recover their affected data.
Only a week before Halloween, the Kaspersky lab revealed that it had received some notifications of mass alerts of new ransomware which was affecting Ukrainian and Russian organizations.
Kaspersky finally identified the threat as BadRabbit. But unlike WannaCry and NotPetya, it didn’t use EternalBlue to exploit its targets.
Instead, it used drive-by attacks – types of attacks in which once a vulnerability is spotted, the malware goes to infiltrate the system.
This was a small-scale operation it demanded 0.5 Bitcoins from only hundreds of victims.