Famous Ransomware Attacks: A Timeline of Infamous Cyber Incidents

Steven Jul 09, 2026

Ransomware attacks have become a significant threat in the digital landscape, causing billions of dollars in damages annually. These malicious software attacks encrypt a victim's data and demand payment, typically in cryptocurrency, to restore access. Let's delve into some of the most notorious ransomware attacks that have shaped the cybersecurity landscape.

Explains the phishing email vector of ransomware
Explains the phishing email vector of ransomware

Ransomware attacks have evolved significantly over the years, with early variants like the AIDS Trojan in 1989 primarily causing nuisance. However, the modern era of ransomware began with the emergence of cryptographic ransomware, which made data recovery dependent on paying the ransom.

I black Hacker boicottano in massa ChatGPT, Claude e Gemini. Si va verso soluzioni Open!
I black Hacker boicottano in massa ChatGPT, Claude e Gemini. Si va verso soluzioni Open!

Notable Ransomware Attacks

The following ransomware attacks have left indelible marks on the cybersecurity world, highlighting the evolving tactics, techniques, and procedures (TTPs) employed by threat actors.

The people involved in the ransomware attack are more than just 'perpetrators and victims', what kind of players are forming the ecosystem?
The people involved in the ransomware attack are more than just 'perpetrators and victims', what kind of players are forming the ecosystem?

Each attack serves as a stark reminder of the importance of robust cybersecurity measures, regular backups, and incident response planning.

WannaCry (2017)

What is Ransomware? Definition, Prevention & Removal | KnowBe4
What is Ransomware? Definition, Prevention & Removal | KnowBe4

WannaCry was a global ransomware attack that exploited a vulnerability in Windows operating systems, known as EternalBlue. The worm-like nature of WannaCry allowed it to spread rapidly across networks, infecting more than 230,000 computers in over 150 countries within a day. The attack caused an estimated $4 billion in damages, with high-profile victims including the UK's National Health Service (NHS) and Spanish telecom giant Telefónica.

The WannaCry attack highlighted the importance of patch management and the potential consequences of unpatched vulnerabilities. Microsoft released a security patch for the EternalBlue exploit two months before the attack, but many organizations failed to apply it in time.

NotPetya (2017)

an image of a world map that has red lights on it and the words coronacry ransomware attack first 24 hours
an image of a world map that has red lights on it and the words coronacry ransomware attack first 24 hours

NotPetya was another global ransomware attack that leveraged the EternalBlue exploit, along with other tactics to spread rapidly. Unlike WannaCry, NotPetya was primarily designed for destruction rather than financial gain, as the attackers used a hardcoded list of email addresses to spread the malware and disabled the functionality to decrypt files even after payment.

NotPetya caused significant damage to businesses worldwide, with estimated losses exceeding $10 billion. The attack's sophistication and destructive nature underscored the evolving threat landscape and the need for advanced cybersecurity measures.

Ransomware-as-a-Service (RaaS) and Affiliate Programs

Inside a Ransomware Attack: How It Happens – Step-by-Step Cyberattack Breakdown
Inside a Ransomware Attack: How It Happens – Step-by-Step Cyberattack Breakdown

Ransomware attacks have become increasingly accessible to less skilled threat actors with the rise of RaaS and affiliate programs. These models allow cybercriminals to lease ransomware tools or earn a commission for each successful attack, lowering the barrier to entry for would-be ransomware operators.

RaaS and affiliate programs have contributed to the proliferation of ransomware attacks, with some high-profile examples including Ryuk, Maze, and REvil.

Fighting Against Ransomware: A Business Owner’s Guide
Fighting Against Ransomware: A Business Owner’s Guide
Law enforcement agencies in Japan, the US, and the EU seize the RagnarLocker dark web portal that launched an unauthorized access attack on Capcom
Law enforcement agencies in Japan, the US, and the EU seize the RagnarLocker dark web portal that launched an unauthorized access attack on Capcom
the back cover of a flyer for five stages to malware attack, which includes information about
the back cover of a flyer for five stages to malware attack, which includes information about
Types of Cyber Attacks: Common Threats You Should Know
Types of Cyber Attacks: Common Threats You Should Know
Ransomware: What to do if hit by an attack — USA TODAY
Ransomware: What to do if hit by an attack — USA TODAY
Cyber attacks are evolving every day — from phishing to ransomware, each comes with its own danger.
Cyber attacks are evolving every day — from phishing to ransomware, each comes with its own danger.
Combatting the Ransomware Threat
Combatting the Ransomware Threat
LockBit Ransomware and Evil Corp Leaders Arrested and Sanctioned in Joint Global Effort Europol and
LockBit Ransomware and Evil Corp Leaders Arrested and Sanctioned in Joint Global Effort Europol and
HelloXD: il nuovo ransomware per Linux e Windows
HelloXD: il nuovo ransomware per Linux e Windows
What the Ransomware Attacks Mean for Convenience Retailers
What the Ransomware Attacks Mean for Convenience Retailers
a computer screen with the words did you know? and an image of a person on a laptop
a computer screen with the words did you know? and an image of a person on a laptop
What is a WannaCry Ransomware Attack?
What is a WannaCry Ransomware Attack?
📂 Famous Hacks Uncovered: What Went Wrong? 🔍🛡️
📂 Famous Hacks Uncovered: What Went Wrong? 🔍🛡️
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
ランサムウェア攻撃の関係者は単なる「加害者と被害者」にとどまらない、どんなプレイヤーがエコシステムを形成しているのか?
ランサムウェア攻撃の関係者は単なる「加害者と被害者」にとどまらない、どんなプレイヤーがエコシステムを形成しているのか?
John Oliver examines the rise of ransomware and what we can do about it
John Oliver examines the rise of ransomware and what we can do about it
Ransomware is the biggest malware threat — avoid hackers holding your data hostage
Ransomware is the biggest malware threat — avoid hackers holding your data hostage
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
Ransomware: Penetration Testing and Contingency Planning - Paperback
Ransomware: Penetration Testing and Contingency Planning - Paperback
What are different Types of CyberAttacks?
What are different Types of CyberAttacks?

Ryuk (2018-present)

Ryuk is a sophisticated ransomware strain that has targeted numerous high-profile organizations, including manufacturing, healthcare, and financial institutions. Ryuk operators typically employ a combination of tactics, such as phishing, exploit kits, and remote desktop protocol (RDP) brute-forcing, to gain initial access to target networks.

Once inside, Ryuk operators move laterally, escalate privileges, and deploy the ransomware, often causing significant downtime and financial losses. The group behind Ryuk is believed to be highly organized and well-resourced, with estimates suggesting they have earned tens of millions of dollars in ransom payments.

Maze and REvil (2019-present)

Maze and REvil are two prominent examples of RaaS operators that have employed double extortion tactics, where they exfiltrate sensitive data before encrypting it and threaten to leak the data if the victim refuses to pay the ransom. This tactic increases the pressure on victims to pay, as they face potential reputational damage and legal consequences if sensitive information is leaked.

Both Maze and REvil have targeted numerous high-profile organizations, with REvil being responsible for the 2021 Colonial Pipeline attack that caused widespread fuel shortages in the United States. The affiliate programs associated with these ransomware strains have contributed to their widespread adoption and success.

As ransomware attacks continue to evolve and pose significant threats to organizations worldwide, it is crucial for businesses to invest in robust cybersecurity measures, maintain regular backups, and develop comprehensive incident response plans. By staying vigilant and proactive, organizations can better protect themselves against the ever-changing landscape of ransomware threats.