Top All-Time Ransomware Demands By Hackers

Here are some of the most prevalent ransomware attacks that have disrupted many enterprises

Ransomware attacks are on the rise for the past few years and have become a significant threat to many small and medium businesses, hosting companies, enterprises and even individuals. Ransomware attacks are mainly targeted at individuals originally, but now the threat level has been intensified, and hackers have started targeting enterprises and businesses and making enormous demands. In this article, we’ll take a look at the most common ransomware attacks along with the various ransomware demands made by hackers, this will help us understand how to protection against ransomware.

What Is Ransomware?

Ransomware is a malware (malicious software) that is specially developed to gain access to your computer and lock all your files using some encryption methodology and only will be unlocked by the hacker when you agree to a pay a ransom.

Once you settle the payment, the hacker will provide you with a key that will decrypt the files and gives you access to your system.

The ransomware demands can be either paid in cash, cryptocurrency, account transfer or even release of some confidential documents etc.

Here are some of the most prevalent ransomware attacks that have disrupted many enterprises and businesses worldwide.

protection against ransomware

Top 10 All-Time Ransomware Demands By Hackers

Ransomware attacks gained prominence from 2005 and hackers have been making various kinds of demands including cash payments, cryptocurrency, money transfer etc. Let’s have a look at the top 10 all-time ransomware demands made by hackers worldwide that made Headlines



The first ransomware attack made headlines in 1989 that was created by an evolutionary biologist who infested more than 20,000 floppy disks with his ransomware and distributed to people in more than 90 countries claiming that the drive contained a program in the form of a questionnaire to ascertain the possibilities acquiring AIDS. The hidden malware program displayed a message in the system demanding close to $500 to remove the Trojan.


Police Trojan

This is one of the new types of malware that surfaced during 2012 which highlights several ways ransomware can victimise a user. The Reveton or the Police Trojan ransomware is a form of spear-phishing attack that disguised itself as an email from the legitimate law enforcement agency claiming that the user has downloaded unlicensed software and demanded to pay a fine using a prepaid cash service to restore normal access.


Nayana Settlement

In what is termed as the most prominent ransomware demand ever, a South Korean hosting company, Nayana paid close to $1million to the hackers when more than 150 Linux servers were affected by ransomware locking up close to 3400 websites in South Korea



In 2018 SamSam ransomware attack hackers demanded $6.5 million in bitcoin which cost $50000 in ransom amount of money from victims. According to cyber security, this attack was manual. In this malware, an attacker can present countermeasures against security tools and if investigated can delete all its trace. Primary victims were in the U.S, U.K, Belgium and Canada.



This was another popular ransomware that attacks an entire computer network through some security vulnerabilities in the network system and displays messages that said the ransom amount would be increased by $10000 each day if the ransom is not paid in 4 days of the attack. The malware allowed the victim to upload up to 3 files of maximum size 10MB in total allowing them to decrypt them for free. Giving an assurance to the victim that they can rely on the developers of the malware that they are “honest.”


protection against ransomware



In January 2018 a new ransomware GandCrab was discovered that demands new crypto currency Dash then bitcoin. It spreads through phishing emails that exploit Adobe flash player, JavaScript, internet explorer and VBScript. An exploit kit is used to distribute malware and ransomware is asked through spam emails. They demanded 1.5 dashes (listed as $1200), but if they didn’t pay the amount on time, then the amount is increased to three dash ( around $2400). As per Kaspersky Lab, GandCrab ransomware still holds 40% of the ransomware market.



This is considered to be a cyber-warfare attack, masquerading as ransomware. It occurred in 2017 and is one of the most devastating cyber-attack in history. It uses WannaCry’s Old Tricks. Although the ransom demanded was very less as compared to Petya, but their purpose was to destroy critical information infrastructure mostly of the Ukrainian cities including major banks. It successfully infected thousands of computers across the globe asking for ransom in bitcoins.



The TeslaCrypt ransomware first surfaced in March 2015 and mainly targeted computer games including Call of Duty, World of Warcraft, Minecraft and locked all the saved data, game modes and user profiles making gameplay impossible. The malware entered into computer systems across the world through Angler Adobe Flash exploit. Tthe hackers released the master key to unlock the game data, only if a ransom of $500 worth of bitcoins were paid.



WannaCry was another hugely successful ransomware attack that was created by hackers from North Korea and affected more than 2.5 lakh systems across the world. It is estimated that the ransomware created a loss close to $4 billion. The ransomware mainly affected systems running the Windows OS encrypting all files in the system. Most of the affected computer systems belonged to the hospitals under the National Health Service in the UK. The hackers demanded payments in the form of bitcoin to remove the ransomware from their computers or risk the deletion of the data permanently. Interestingly, it is said that around 100 million euros were collected by sending a note to the victim to pay $300 in bitcoin and that amount doubles after three days if the victim does not pay the amount.



One of the first of its kind brute-force attack that reiterated the imminent threat behind ransomware to the Cybersecurity world. The CryptoLocker ransomware as the name suggests is a kind of virus that surfaced during 2013 that interestingly doesn’t erase your data or files, but is mainly a form of Denial of Service (DOC) attack that uses an encryption methodology to lock all your personal and essential data and only if a ransom was paid the lock would be released. The ransomware spread through exploits in malicious email attachments and is estimated that the hackers have amassed more than $3million from victims.


Final Words

A ransomware spreads through exploits in malicious email attachments and it is estimated that the hackers have amassed millions from victims. The ransomware demands can be either paid in cash, cryptocurrency, account transfer or even release of some confidential documents, etc., and this ease of transaction makes it a lucrative business for cyber adversaries. However, a little due care and due diligence, such as, installing anti-phishing solutions, anti-malware, etc., can help individuals and organizations safeguard their valuable information assets.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes