Famous Ransomware Attacks Throughout History

Steven Jul 09, 2026

Ransomware attacks have become a significant threat in the digital landscape, causing substantial financial losses and disrupting operations for businesses and organizations worldwide. These malicious software programs encrypt valuable data and demand payment, typically in cryptocurrency, to restore access. Throughout history, several high-profile ransomware attacks have made headlines, serving as stark reminders of the evolving cybersecurity landscape. Let's delve into some of the most infamous ransomware attacks to date.

The World's Biggest Real Cyber Attack That Ever Happened! | Wannacry case study
The World's Biggest Real Cyber Attack That Ever Happened! | Wannacry case study

Ransomware attacks can be traced back to the late 1980s with the "AIDS Trojan" or "PC Cyborg" malware, but it was not until the early 2000s that ransomware began to gain traction. The first wave of modern ransomware attacks targeted individual users, but as cybercriminals honed their tactics, they began to set their sights on larger, more lucrative targets.

The Rise Of Ransomware Attack
The Rise Of Ransomware Attack

Early Notable Ransomware Attacks

One of the earliest notable ransomware attacks was the "Gpcode" incident in 2008. This malware targeted Windows-based systems in Asia and demanded a ransom of $189 in exchange for the decryption key. Gpcode was particularly insidious because it encrypted both files on the infected system and any removable drives connected to it.

Inside a ransomware attack: how dark webs of cybercriminals collaborate to pull them off
Inside a ransomware attack: how dark webs of cybercriminals collaborate to pull them off

Another early attack was the "TeslaCrypt" ransomware, which emerged in 2015. TeslaCrypt was unique in that it targeted more than 200 different file types, making it particularly effective at encrypting valuable data. The malware's creators demanded payment in Bitcoin, and at its peak, TeslaCrypt was estimated to be generating around $30,000 per day.

Cryptolocker: The First Major Worm-Based Ransomware

On this day in history – The WannaCry ransomware attack spreads globally
On this day in history – The WannaCry ransomware attack spreads globally

Cryptolocker, which surfaced in 2013, was a significant turning point in the history of ransomware. Unlike previous attacks, Cryptolocker was worm-based, meaning it could spread automatically to other computers on the same network. This allowed it to infect large numbers of systems simultaneously, making it one of the most devastating ransomware attacks to date.

Cryptolocker demanded a ransom of between $100 and $1,000, depending on the size of the infected network. At its peak, Cryptolocker was estimated to be generating around $30,000 per day in ransom payments. The FBI eventually shut down the operation in 2014, but not before it had caused an estimated $3 million in damages.

CryptoWall: The Successor to Cryptolocker

What is Ransomware? Definition, Prevention & Removal | KnowBe4
What is Ransomware? Definition, Prevention & Removal | KnowBe4

Following the takedown of Cryptolocker, a new strain of ransomware emerged: CryptoWall. First detected in 2014, CryptoWall was essentially a successor to Cryptolocker, employing similar tactics and even using some of the same code. CryptoWall was particularly effective because it used a peer-to-peer network to distribute the malware, making it difficult to track and shut down.

CryptoWall demanded a ransom of between $500 and $1,000, and at its peak, it was estimated to be generating around $3 million per day in ransom payments. According to some estimates, CryptoWall may have caused as much as $325 million in damages before it was eventually dismantled in 2015.

Recent High-Profile Ransomware Attacks

The 14 Most Insane Things Happening Right Now (6/14)
The 14 Most Insane Things Happening Right Now (6/14)

As ransomware has evolved, so too have the targets of these attacks. In recent years, cybercriminals have begun to focus on high-profile targets, such as hospitals, government agencies, and critical infrastructure providers.

One of the most notorious recent ransomware attacks was the "WannaCry" incident in 2017. WannaCry was a worm-based ransomware that exploited a vulnerability in Windows systems to spread rapidly across the globe. The attack affected more than 200,000 systems in over 150 countries, causing an estimated $4 billion in damages.

AnyTech365 IoT Security Solutions
AnyTech365 IoT Security Solutions
Infographic: Ransomware By The Numbers - InfographicBee.com
Infographic: Ransomware By The Numbers - InfographicBee.com
HelloXD: il nuovo ransomware per Linux e Windows
HelloXD: il nuovo ransomware per Linux e Windows
Inside a Ransomware Attack: How It Happens – Step-by-Step Cyberattack Breakdown
Inside a Ransomware Attack: How It Happens – Step-by-Step Cyberattack Breakdown
an old document with some writing on it
an old document with some writing on it
June 27 in History
June 27 in History
February 3rd Warning—Act Now As Ransomware Attacks Incoming
February 3rd Warning—Act Now As Ransomware Attacks Incoming
some red and black signs on the side of a building
some red and black signs on the side of a building
Ransomware: What to do if hit by an attack — USA TODAY
Ransomware: What to do if hit by an attack — USA TODAY
US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks
US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks
The Workaday Life of the World’s Most Dangerous Ransomware Gang
The Workaday Life of the World’s Most Dangerous Ransomware Gang
an error screen for the computer program, which appears to have been blocked by someone's email
an error screen for the computer program, which appears to have been blocked by someone's email
Ransomware: Why one version of this file-encrypting nightmare now dominates
Ransomware: Why one version of this file-encrypting nightmare now dominates
Wannacry Wallpaper, What Is Wannacry Ransomware, How To Recover From Ransomware, Ransomware Warning Message, What Is Ransomware Used For, Ransomware Attack Warning, Dark Radiation Ransomware, Understanding Bitcoin Security, Reverse Linked List Python Hackerrank
Wannacry Wallpaper, What Is Wannacry Ransomware, How To Recover From Ransomware, Ransomware Warning Message, What Is Ransomware Used For, Ransomware Attack Warning, Dark Radiation Ransomware, Understanding Bitcoin Security, Reverse Linked List Python Hackerrank
How to prevent ransomware
How to prevent ransomware
Ransomware is the biggest malware threat — avoid hackers holding your data hostage
Ransomware is the biggest malware threat — avoid hackers holding your data hostage
Mystic Investigations, Author at Mystic Investigations
Mystic Investigations, Author at Mystic Investigations
the world's most dangerous attacks in 2013 infographicly shows how they spread across the globe
the world's most dangerous attacks in 2013 infographicly shows how they spread across the globe
Understanding Nuclear Reactor Accidents, Ransomware Attack Warning, Ransomware Warning Message, Ransomware Screenshot Collection, Ransomware Attacks, Chernobyl Nuclear Disaster Location, What Is Wannacry Ransomware, Dark Radiation Ransomware, Cryptocurrency Investment Prediction 2018
Understanding Nuclear Reactor Accidents, Ransomware Attack Warning, Ransomware Warning Message, Ransomware Screenshot Collection, Ransomware Attacks, Chernobyl Nuclear Disaster Location, What Is Wannacry Ransomware, Dark Radiation Ransomware, Cryptocurrency Investment Prediction 2018
Here’s how to protect yourself against ransomware attacks
Here’s how to protect yourself against ransomware attacks

NotPetya: The Most Costly Ransomware Attack to Date

While WannaCry was devastating, the "NotPetya" attack that same year was even more costly. NotPetya was initially disguised as ransomware, but it was later revealed to be a wiper malware designed to destroy data rather than encrypt it. The attack began with a phishing campaign that targeted a Ukrainian accounting software provider, allowing the malware to spread to other systems on the same network.

NotPetya is estimated to have caused more than $10 billion in damages, making it the most costly ransomware attack to date. The attack affected numerous high-profile targets, including shipping giant Maersk, pharmaceutical company Merck, and food company Mondelez.

Ransomware-as-a-Service (RaaS) and the Future of Attacks

In recent years, ransomware has become increasingly accessible to even novice cybercriminals. The rise of Ransomware-as-a-Service (RaaS) platforms has made it easy for anyone to launch a ransomware attack, simply by paying a fee to the RaaS operator. This trend has led to an explosion in the number of ransomware attacks, with no signs of slowing down.

As ransomware continues to evolve, it is crucial for individuals and organizations to stay vigilant and take proactive measures to protect against these attacks. This includes regular software updates, strong passwords, and comprehensive cybersecurity training for employees. By working together to raise awareness and improve cybersecurity practices, we can hope to mitigate the threat of ransomware in the future.

In the ever-changing landscape of cyber threats, ransomware remains a persistent and evolving concern. As we have seen throughout history, these attacks have the potential to cause significant financial losses and disrupt operations for businesses and organizations worldwide. By understanding the history of ransomware and staying informed about the latest trends and threats, we can better protect ourselves and our data from the devastating effects of these malicious software programs.