Ransomware has humble beginnings; in 1989, a hacker distributed a floppy disk claiming to have medical information at a medical conference. The disk contained a virus which encrypted people’s files, and demanded that they send $189 dollars to a postal box in Panama in exchange for a decryption key.
This approach was not very successful, but the rise of digital currencies gave it a new lease on life. Since then, the number of ransomware attacks exploded, with hackers finding devious ways to extort more and more money from victims.
The biggest ransom doesn’t necessarily mean the biggest ransomware attack. In fact, many famous ransomware attacks can do huge damage even if the victim refuses to pay any ransom at all. Following is a list of the biggest ransomware attacks, judged by their overall impact.
The Colonial pipeline attack was not the biggest ransom in dollar amount, but it was probably the highest profile attack ever because of its impact. The attack shut down a pipeline responsible for distributing fuel to much of the East coast of the United States.
In the aftermath, there were fuel shortages in multiple US states. A piece of infrastructure critical to the functioning of the US economy had been shut down by a ransomware gang. As a result, the public and lawmakers really started to wake up to the threat of ransomware.
The actual ransom was $4.4 million, which still puts it among the biggest ransomware payouts ever. The US government went after the attackers and was able to recover about $2.3 million of the ransom.
The CNA Financial attack was the largest ransom payout ever recorded. CNA is one of the biggest insurance companies in the United States, but their cybersecurity infrastructure was not enough to stop the Phoenix CryptoLocker gang from breaching their network.
To be fair, the breach method was very clever— the virus was delivered by way of a fake browser update. The update was distributed through a legitimate website. Once in, the attackers stole a huge amount of data and locked down CNA’s entire operation. The attack also compromised the personal information of at least 75,000 people.
The effect must have been devastating, because CNA was willing to pay out a whopping $40 million ransom— the largest ransom ever paid. Of course, it’s possible that there may be other bigger ransoms which have not been disclosed.
The WannaCry attack of 2017 was actually a fairly small attack in terms of ransom payouts, but it deserves a place on this list because of the massive number of computers it infected.
WannaCry also has a very unique background— it exploited a vulnerability which was first used by the US government, and was then leaked by the Shadow Brokers, a hacking group that managed to break into the NSA’s network. Some researchers believe that the gang responsible for it, the Lazarus Group, has ties to the North Korean government.
By some estimates, WannaCry infected over 300,000 computers in 150 countries and caused over $4 billion in economic damages.
In July of 2021, cloud service provider Kaseya was hit by the REvil ransomware gang. What makes this attack special was that the attackers not only shut down Kaseya, but also infected hundreds of their clients. One Swedish supermarket chain was forced to shut down 500 stores.
In response, US President Joe Biden called Vladimir Putin and gave him information about who was responsible. He also warned that if Russian authorities did not go after the group, that the US would. 4 days later, Revil’s servers went offline.
10 days later, Kaseya announced the release of a universal decryptor provided by an unnamed “3rd party,” presumably the US government.
The Kaseya ransomware attack was significant not only because of the international backlash and government involvement. It also highlighted software vulnerabilities of increasingly interconnected technology infrastructure. raised awareness of a new potential vulnerability. Previously, most companies were focused on securing their networks against external threats, but Kaseya showed that trusted service providers could become avenues for ransomware attacks.
Costa Rican Government
In April of 2022, the Conti ransomware gang shut down the computer systems of a large part of the Costa Rican government. Affected offices included the Ministry of Finance, the Ministry of Science, Innovation, Technology and Innovation, the National Meteorological Institute, the state internet service provider, the Social Security fund, the Ministry of Labor, and a number of other offices. A total of 27 institutions were affected.
The government declared a state of national emergency and the president described the attack as “an act of war.” The government refused to pay the ransom even though it was costing them an estimated $30 million per day. In response, the Conti gang called on the citizens of Costa Rica to stage protests and overthrow the government.
This was a significant development, because it was the first known example of a ransomware gang staging an all-out attack on a national government. Most researchers believe that the Conti gang is linked to the Russian government, some speculated that the attack was in retaliation for Costa Rica’s support for Ukraine.
Does the future hold bigger attacks?
Looking at all these devastating attacks raises the question: have we seen the worst of it? The answer is probably not.
Some of the most damaging ransomware attacks have government involvement in some way or another. That means that rising geopolitical tensions are likely to fuel even worse ransomware attacks in coming years.