Top All-Time Ransomware Demands By Hackers

Top 10 All-Time Ransomware Demands By Hackers

Ransomware attacks gained prominence from 2005 and hackers have been making various kinds of demands including cash payments, cryptocurrency, money transfer etc. Let’s have a look at the top 10 all-time ransomware demands made by hackers worldwide that made Headlines

PC-Cyborg

The first ransomware attack made headlines in 1989 that was created by an evolutionary biologist who infested more than 20,000 floppy disks with his ransomware and distributed to people in more than 90 countries claiming that the drive contained a program in the form of a questionnaire to ascertain the possibilities acquiring AIDS. The hidden malware program displayed a message in the system demanding close to $500 to remove the Trojan.

Police Trojan

This is one of the new types of malware that surfaced during 2012 which highlights several ways ransomware can victimise a user. The Reveton or the Police Trojan ransomware is a form of spear-phishing attack that disguised itself as an email from the legitimate law enforcement agency claiming that the user has downloaded unlicensed software and demanded to pay a fine using a prepaid cash service to restore normal access.

Nayana Settlement

In what is termed as the most prominent ransomware demand ever, a South Korean hosting company, Nayana paid close to $1million to the hackers when more than 150 Linux servers were affected by ransomware locking up close to 3400 websites in South Korea

SamSam

In 2018 SamSam ransomware attack hackers demanded $6.5 million in bitcoin which cost $50000 in ransom amount of money from victims. According to cyber security, this attack was manual. In this malware, an attacker can present countermeasures against security tools and if investigated can delete all its trace. Primary victims were in the U.S, U.K, Belgium and Canada.

Robinhood

This was another popular ransomware that attacks an entire computer network through some security vulnerabilities in the network system and displays messages that said the ransom amount would be increased by $10000 each day if the ransom is not paid in 4 days of the attack. The malware allowed the victim to upload up to 3 files of maximum size 10MB in total allowing them to decrypt them for free. Giving an assurance to the victim that they can rely on the developers of the malware that they are “honest.”

GandCrab

In January 2018 a new ransomware GandCrab was discovered that demands new crypto currency Dash then bitcoin. It spreads through phishing emails that exploit Adobe flash player, JavaScript, internet explorer and VBScript. An exploit kit is used to distribute malware and ransomware is asked through spam emails. They demanded 1.5 dashes (listed as $1200), but if they didn’t pay the amount on time, then the amount is increased to three dash ( around $2400). As per Kaspersky Lab, GandCrab ransomware still holds 40% of the ransomware market.

NotPetya

This is considered to be a cyber-warfare attack, masquerading as ransomware. It occurred in 2017 and is one of the most devastating cyber-attack in history. It uses WannaCry’s Old Tricks. Although the ransom demanded was very less as compared to Petya, but their purpose was to destroy critical information infrastructure mostly of the Ukrainian cities including major banks. It successfully infected thousands of computers across the globe asking for ransom in bitcoins.

TeslaCrypt

The TeslaCrypt ransomware first surfaced in March 2015 and mainly targeted computer games including Call of Duty, World of Warcraft, Minecraft and locked all the saved data, game modes and user profiles making gameplay impossible. The malware entered into computer systems across the world through Angler Adobe Flash exploit. Tthe hackers released the master key to unlock the game data, only if a ransom of $500 worth of bitcoins were paid.

WannaCry

WannaCry was another hugely successful ransomware attack that was created by hackers from North Korea and affected more than 2.5 lakh systems across the world. It is estimated that the ransomware created a loss close to $4 billion. The ransomware mainly affected systems running the Windows OS encrypting all files in the system. Most of the affected computer systems belonged to the hospitals under the National Health Service in the UK. The hackers demanded payments in the form of bitcoin to remove the ransomware from their computers or risk the deletion of the data permanently. Interestingly, it is said that around 100 million euros were collected by sending a note to the victim to pay $300 in bitcoin and that amount doubles after three days if the victim does not pay the amount.

CryptoLocker

One of the first of its kind brute-force attack that reiterated the imminent threat behind ransomware to the Cybersecurity world. The CryptoLocker ransomware as the name suggests is a kind of virus that surfaced during 2013 that interestingly doesn’t erase your data or files, but is mainly a form of Denial of Service (DOC) attack that uses an encryption methodology to lock all your personal and essential data and only if a ransom was paid the lock would be released. The ransomware spread through exploits in malicious email attachments and is estimated that the hackers have amassed more than $3million from victims.

Final Words

A ransomware spreads through exploits in malicious email attachments and it is estimated that the hackers have amassed millions from victims. The ransomware demands can be either paid in cash, cryptocurrency, account transfer or even release of some confidential documents, etc., and this ease of transaction makes it a lucrative business for cyber adversaries. However, a little due care and due diligence, such as, installing anti-phishing solutions, anti-malware, etc., can help individuals and organizations safeguard their valuable information assets.