Famous Ransomware Cases: A Timeline of Cyber Crime History

Steven Jul 09, 2026

Ransomware, a type of malware that encrypts a victim's files and demands payment in exchange for the decryption key, has become a significant threat in the digital landscape. These attacks have targeted individuals, businesses, and even governments, causing substantial financial losses and disruption. Let's delve into some of the most notorious ransomware cases that have made headlines in recent years.

How Ransomware Spreads Inside Companies ⚠️
How Ransomware Spreads Inside Companies ⚠️

Ransomware attacks have evolved significantly since their inception in the late 1980s. Early variants, like the AIDS Trojan (1989) and Michelangelo (1991), were relatively simple and less sophisticated. However, the modern era of ransomware began with the emergence of Cryptolocker in 2013, marking a significant shift in the sophistication and prevalence of these attacks.

80,000 Totally Secure Passwords That No Hacker Would Ever Guess
80,000 Totally Secure Passwords That No Hacker Would Ever Guess

Notable Ransomware Attacks

The following ransomware cases highlight the evolution and impact of these cyber threats.

HelloXD: il nuovo ransomware per Linux e Windows
HelloXD: il nuovo ransomware per Linux e Windows

Cryptolocker (2013-2014)

Cryptolocker was one of the first ransomware strains to use strong encryption and demand payment in Bitcoin. It spread through infected email attachments and exploit kits, encrypting files on infected systems and displaying a ransom note demanding payment in Bitcoin within 72 hours. The FBI estimated that Cryptolocker infected more than 250,000 computers worldwide and generated millions of dollars in ransom payments.

Mystic Investigations, Author at Mystic Investigations
Mystic Investigations, Author at Mystic Investigations

In 2014, a joint effort by law enforcement agencies and security researchers took down the Gameover ZeuS botnet, which was used to distribute Cryptolocker. The operation, dubbed "Operation Tovar," resulted in the recovery of a master decryption key, allowing victims to decrypt their files without paying the ransom.

WannaCry (2017)

WannaCry was a global ransomware outbreak that infected more than 230,000 computers in over 150 countries within a matter of days. It exploited a vulnerability in Windows, known as EternalBlue, which was leaked from the NSA's arsenal of cyber weapons. WannaCry encrypted files on infected systems and demanded payment in Bitcoin, with the ransom note displayed on a red screen with a countdown timer.

NSA-Themed Ransomware Exploits Recent Government Leaks To Scam PC Users - SlashGear
NSA-Themed Ransomware Exploits Recent Government Leaks To Scam PC Users - SlashGear

The WannaCry attack had a significant impact on businesses and organizations worldwide, with notable victims including the UK's National Health Service (NHS), Spanish telecommunications company Telefónica, and several automakers. The attack was eventually stopped by a security researcher who discovered a kill switch domain that could halt the spread of the malware.

Ransomware-as-a-Service (RaaS)

The rise of RaaS has democratized ransomware attacks, making it easier for cybercriminals with limited technical skills to launch sophisticated attacks. RaaS providers offer ransomware tools and infrastructure to affiliates in exchange for a share of the profits generated from ransom payments.

an image of a world map that has red lights on it and the words coronacry ransomware attack first 24 hours
an image of a world map that has red lights on it and the words coronacry ransomware attack first 24 hours

Ryuk (2018-Present)

Ryuk is a prominent RaaS that has targeted businesses and organizations, including hospitals, schools, and government agencies. It uses a combination of encryption and data exfiltration techniques to maximize the impact of attacks and increase the likelihood of payment. Ryuk has been associated with several high-profile attacks, including the 2019 attack on the city of Baltimore, which resulted in a $18.2 million ransom demand.

Fal System Error: The Hunt For The New Crime Lords Whare Bringing Down The Internet
Fal System Error: The Hunt For The New Crime Lords Whare Bringing Down The Internet
📂 Famous Hacks Uncovered: What Went Wrong? 🔍🛡️
📂 Famous Hacks Uncovered: What Went Wrong? 🔍🛡️
12 Cold Cases That Don't Sit Right With Us
12 Cold Cases That Don't Sit Right With Us
the nanny guthrie case random timeline info sheet for every letter, every message, everything we know
the nanny guthrie case random timeline info sheet for every letter, every message, everything we know
an email warning about the use of anti - malware for windows and macs
an email warning about the use of anti - malware for windows and macs
an image of a black screen with text
an image of a black screen with text
Multi-million dollar cyber crime network busted, Russian malware discovered
Multi-million dollar cyber crime network busted, Russian malware discovered
True Crime Cases From The '90s That Still Haunt Us Today
True Crime Cases From The '90s That Still Haunt Us Today
Your Personal Information Is At Greater Risk Than Ever Before 🚨
Your Personal Information Is At Greater Risk Than Ever Before 🚨
Cyberdeck Diy, Geek Tech, Raspberry Pi Projects, Cool Tech Gadgets, Retro Gadgets, Diy Tech, Cool Tech, Computer Case, Cute Phone Cases
Cyberdeck Diy, Geek Tech, Raspberry Pi Projects, Cool Tech Gadgets, Retro Gadgets, Diy Tech, Cool Tech, Computer Case, Cute Phone Cases
a young man holding an old radio in front of his face and looking at the camera
a young man holding an old radio in front of his face and looking at the camera
Cyber Security - Hacker - Nmap Poster
Cyber Security - Hacker - Nmap Poster
Unsolved Case Files Game | Color: Brown/Red | Size: Os
Unsolved Case Files Game | Color: Brown/Red | Size: Os
Cyber Crime: Then and Now History Of Cybersecurity Education, Cybersecurity Risk Management Strategy, Cybersecurity Risk Management, Cybersecurity Risk Categories, Cybersecurity History Infographic, Cybercrime Facts Infographic, Cybersecurity Risk Management Graphic, Cybercrime Terms, Cybersecurity Key Risk Indicators Infographic
Cyber Crime: Then and Now History Of Cybersecurity Education, Cybersecurity Risk Management Strategy, Cybersecurity Risk Management, Cybersecurity Risk Categories, Cybersecurity History Infographic, Cybercrime Facts Infographic, Cybersecurity Risk Management Graphic, Cybercrime Terms, Cybersecurity Key Risk Indicators Infographic
Hackers (1995)
Hackers (1995)
a person in a hoodie is on a laptop with the words very your account
a person in a hoodie is on a laptop with the words very your account
a computer case sitting on top of a tiled floor
a computer case sitting on top of a tiled floor
there is a large black case on top of a table with electronic equipment in it
there is a large black case on top of a table with electronic equipment in it
This Happens To Millions Of People Every Single Day 🚨
This Happens To Millions Of People Every Single Day 🚨
a man sitting in front of a computer on top of a desk next to boxes
a man sitting in front of a computer on top of a desk next to boxes

Ryuk operators have been known to use a variety of tactics to gain initial access to target networks, including phishing campaigns, exploit kits, and remote desktop protocol (RDP) brute-forcing. Once access is gained, Ryuk operators move laterally within the network, encrypting files and exfiltrating data to increase the pressure on victims to pay the ransom.

REvil (2019-Present)

REvil, also known as Sodinokibi, is another prominent RaaS that has targeted businesses and organizations worldwide. It is known for its double extortion tactic, which involves encrypting files and exfiltrating data, threatening to leak the stolen data if the ransom is not paid. REvil has been associated with several high-profile attacks, including the 2020 attack on software company Garmin, which resulted in a $10 million ransom payment.

REvil operators have been known to target managed service providers (MSPs) and other third-party service providers, allowing them to infect multiple organizations simultaneously. In 2021, a REvil affiliate claimed responsibility for the attack on meat processing company JBS, which resulted in a $11 million ransom payment and temporary disruptions to the company's operations.

As ransomware attacks continue to evolve and grow in sophistication, it is crucial for individuals and organizations to remain vigilant and implement robust cybersecurity measures to protect against these threats. By staying informed about the latest ransomware trends and maintaining strong security practices, we can work together to mitigate the impact of these devastating attacks.