Ransomware Examples: The Most Harmful Ransomware Attacks Ever Happened

Understanding Ransomware

Before taking a look at the examples of ransomware attacks, we should first understand what is ransomware is. Ransomware is a kind of malicious software which is used by the adversaries to get access to the sensitive data of the targeted user and encrypting the data to demand a ransom.

A ransomware attack is one in which an individual’s or organization’s computer systems are targeted with ransomware. It enters into the system network of the user employing fake ransomware email attachments, links attached to phishing emails, downloads made from malicious websites, clicking on suspicious pop-up windows, using infected USB sticks, etc.

Once the user falls victim to the attack, the malware blocks or encrypts the access to the user’s data and demands ransom to unblock and allow access to the computer system.

So let’s have a look at the history of ransomware attacks to understand how ransomware operates and who is behind ransomware attacks. Here is the list of ransomware examples that took place in recent times.

Most Popular Ransomware Examples


The first one on our list of ransomware email examples is the Locky ransomware which popped up in 2016. An organized group of hackers initiated this attack, and the ransomware has the capability of encrypting more than 160 types of files. The malware was transmitted into the systems of the user using the phishing email technique in which a malicious email is sent with an infected attachment which carries the malware. The files which were mainly used by engineers, designers, testers, as well as developers, were the primary target of Locky.


In the year 2017, another ransomware, WannaCry affected 150 countries. The attack was a severe one and spread over 230,000 computers worldwide.

In this attack, the attackers exploited Windows vulnerability, and Hospital Trusts in the United Kingdom were the first ones to become the victims. The malware blocked the access of the users, and the demand for ransomware was raised, to be paid in Bitcoins. This attack brought to light the vulnerability of outdated systems, which resulted in putting the critical healthcare services at high risk. This ransomware made a substantial financial impact globally, and $4 billion was estimated as the worldwide financial loss incurred.

Bad Rabbit

The Bad Rabbit was another ransomware which spread in the year 2017. In this, the unsecured websites were the primary targets of the attackers. ‘Drive-by’ attack was used to spread the ransomware, in which the user visits a legitimate website without knowing that the site is compromised. The ransomware gets into the system when the user installs software, which is actually a disguised malware from the compromised page. This technique is known as malware dropper. In Bad Rabbit, the systems were infected by using Adobe Flash installation as a malware dropper.


protection against ransomware


Ryuk is the most recent ransomware example which happened in August in 2018. In this attack, Windows System Restore option was disabled by the malware, which made it impossible for the US organizations to restore the data which was encrypted. The ransomware even encrypted the data of the network drives. The effect was so severe that the organizations were left with no choice other than paying the ransom amount. This attack resulted in a financial loss of around $640,000.


Troldesh is one of those attacks in which fake ransomware emails having malicious links and attachments were sent to the users. It was a phishing email attack, and the cybercriminals demanded the ransom directly by sending an email to the victims. It was an unusual attack in which hackers negotiated with the victims and even provided discounts to those with whom they built a good rapport.


In 2016, Jigsaw ransomware made its attack. It was named so because, in this, a puppet image was used from the franchise of ‘Saw’ film. The working of the attack was such that more of the victim’s data was deleted with each hour of delay in the payment of ransom amount. The horror image used in the attack created more distress in the minds of the users.


CryptoLocker is one of the most known ransomware attacks of all time, which first made an appearance in the year 2007. It is also one of the examples of ransomware attacks in which the loss was able to be recovered. This malware spread through the infected attachments of malicious emails. Once the attachment was opened, the ransomware spread into the system of the user and searched for valuable data for encryption. The encrypted data was later used for demanding the ransom.

More than 500,000 computers were affected by this ransomware, but the law enforcement authorities, as well as security organizations, were able to manage the situation by seizing the globally hijacked home computers. The seizure helped the companies to get control of the criminal network partially and recover some of the data. Later on, an online portal was created, and the key to unlocking the recovered data was uploaded on it. The victimized users could get their data without paying any money to the attackers by getting the free key.


The ransomware attacks can happen at any time. All we can do is to stay informed about the ways through which the attack or ransomware could be deployed. The discussion on ransomware examples in this article can be helpful to understand the various types of attacks so that one can take precautions to be safe. It is better to stay informed and secure by using best ransomware protection service rather than become a ransomware target.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes