Ransomware Examples (2024): The 7 Worst Attacks of All Time

By Tibor Moes / Updated: January 2024

Ransomware Examples (2023): The 7 Worst Attacks of All Time

In a digital era where data is the new currency, ransomware represents a pervasive threat, encrypting critical data and demanding payment for its release.

This article will guide you through the seven most catastrophic ransomware attacks in history, illuminating their impacts and the lessons learned from each.


Ransomware is malicious software that locks away a user’s data until a ransom is paid.

  • CryptoLocker (2013): CryptoLocker terrorized users by encrypting personal data and demanding payment. It infected up to 250,000 computers and extorted approximately $3 million from victims.
  • WannaCry (2017): WannaCry spread globally, targeting hundreds of thousands of computers across 150 countries and causing financial losses that could reach $4 billion.
  • NotPetya (2017): NotPetya was a devastatingly effective malware, causing over $10 billion in damages worldwide.
  • Bad Rabbit (2017): Bad Rabbit demanded ransoms in Bitcoin, which would be valued at around $1,070 today.
  • GandCrab (2018-2019): GandCrab achieved a vast reach with over 500,000 infections and extracted more than $2 billion in ransom payments.
  • Ryuk (2018-2020): The Ryuk ransomware attacks led victims to pay over $61 million in ransoms, highlighting the costly impact of such cyber threats.
  • Sodinokibi/REvil (2019-2020): Sodinokibi/REvil targeted around 7,000 victims and accrued over half a million euros from their ransomware spree.

Don’t become a victim of ransomware. Protect your devices with the best antivirus software and your privacy with the best VPN service.

Ransomware Examples

1. CryptoLocker (2013): A Digital Pandemic

Imagine waking up one day to find your personal files — family photos, important documents, everything — locked away from you. In 2013, a pernicious software named CryptoLocker turned this nightmare into reality for countless individuals.

Reports from BBC.com highlighted the shocking spread of this digital plague, with an estimated 200,000 to 250,000 computers falling victim. The malefactors behind CryptoLocker didn’t just stop at encryption; they demanded a ransom for the decryption key.

This wasn’t a small-time operation; through their nefarious endeavors, the cybercriminals amassed a staggering $3 million from those ensnared in their trap.

The attack wasn’t just a wake-up call; it was a siren in the night for the cybersecurity world.

2. WannaCry (2017): The Cyber Tsunami

Fast forward to 2017, and the world faced a cyberthreat so severe that it dwarfed previous attacks. WannaCry ransomware, as reported by BBC.com, was a cyber tsunami that swept across 150 countries, dragging down 200,000 computers in its current.

Described by Europol as ‘unprecedented in scale’, WannaCry wasn’t just an attack on data; it was an assault on infrastructure, with damages so extensive that the economic and financial toll was projected to soar up to $4 billion.

This was more than a cyberattack; it was a global event that shook governments, businesses, and healthcare systems, leaving a stark reminder of our vulnerability in the interconnected digital web.

3. NotPetya (2017): The Costliest Code

In the annals of cyber warfare, NotPetya stands out for its sheer destructiveness. It was not just another malware; it was akin to a digital wildfire, uncontainable and indiscriminate.

In 2017, Wired.com painted a grim picture of the aftermath, reporting that NotPetya caused an astronomical $10 billion in global damages. This staggering figure underscores the cataclysmic impact NotPetya had on businesses and governments worldwide. It didn’t just cross borders; it tore them down, leaving a trail of financial ruin that reverberated through the global economy.

NotPetya was more than a wake-up call; it was a sledgehammer to the illusion of digital security, proving that in the cyber realm, the potential for chaos is always just a click away.

4. Bad Rabbit (2017): A Costly Demand

Bad Rabbit hopped onto the scene shortly after the digital tremors of NotPetya, yet it made its own mark in the cyber threat landscape. With a ransom demand of 0.05 Bitcoins, which equated to approximately $290 at the time, Bad Rabbit may have seemed less menacing in its financial demands.

However, as Moonlock.com reported, the value of Bitcoin has fluctuated wildly since then, and what was $290 in 2017 would translate to roughly $1,070 today. This fluctuation highlights a chilling reality of ransomware: the cost of capitulation can escalate far beyond the initial demand.

Bad Rabbit was a stark reminder that in the world of cyber extortion, the price of vulnerability is subject to the volatile whims of cryptocurrency markets.

5. GandCrab (2018-2019): A Half-Million Hostages

Between 2018 and 2019, GandCrab acted like a digital highwayman, halting half a million victims on their data superhighway, encrypting their information and demanding a ransom for its return.

According to Heise.de, a reputable German news outlet, the reach of GandCrab was extensive, with infections reported globally. What’s more, the total ransoms paid by victims of this Trojan amounted to an eye-watering sum of over two billion dollars.

GandCrab wasn’t just a ransomware; it was a lucrative criminal enterprise, demonstrating that cybercrime can be not just pervasive, but profoundly profitable for those who are unscrupulous enough to exploit the vulnerabilities of the digital age.

6. Ryuk (2018-2020): The $61 Million Menace

Ryuk, a name that became synonymous with fear in the digital security community, was a ransomware strain responsible for a string of high-profile attacks from 2018 to 2020.

The U.S. Department of Health and Human Services (HHS.gov) shared a report from the FBI, revealing that the culprits behind Ryuk had successfully extorted over $61 million in ransoms.

This figure isn’t just a testament to the ruthlessness of its operators but also to the vulnerabilities and the costly readiness of organizations to pay large sums in the hopes of retrieving their precious data.

Ryuk showed that with the right tools and a lack of scruples, cybercriminals could hold digital data hostage and commandeer incredible sums for its safe return.

7. Sodinokibi/REvil (2019-2020): A Ransomware Reign of Terror

Sodinokibi, also known as REvil, etched its name into the dark tapestry of cyber threats with a campaign that was both sweeping and precise. This notorious ransomware syndicate, according to Europol’s reports on europol.europa.eu, cast a wide net over its tenure, ensnaring approximately 7,000 victims in its malicious grip.

The group didn’t just target the masses; they extracted over half a million euros in ransom payments, a testament to their sinister success. REvil didn’t just steal data; they stole peace of mind, showcasing that no one is safe when cyber vigilance is compromised. Their actions were a brutal reminder of the relentless evolution of cyber threats and the ever-present danger lurking in the shadows of our digital world.


As we’ve seen through these seven harrowing examples, ransomware is not just a threat to individual files or systems but to the very fabric of our digital livelihoods. The astronomical costs, both financial and emotional, borne by victims across the globe, underline the critical need for robust cybersecurity measures.

In an age where digital threats are evolving with alarming speed and precision, the importance of protecting our data cannot be overstated. Investing in reputable antivirus software, especially for the latest operating systems like Windows 11, is no longer a luxury—it is a necessity.

Brands like Norton, Avast, TotalAV, Bitdefender, McAfee, Panda, and Avira offer sophisticated defenses against such insidious attacks. By prioritizing the security of our digital environments with these advanced tools, we not only safeguard our personal and professional data but also contribute to the larger fight against the cybercriminal underworld.


  1. BBC.com
  2. BBC.com
  3. CBSnews.com
  4. Wired.com
  5. Moonlock.com
  6. Heise.de
  7. HHS.gov
  8. Europol.europa.eu


Author: Tibor Moes

Author: Tibor Moes

Founder & Chief Editor at SoftwareLab

Tibor has tested 39 antivirus programs and 30 VPN services, and holds a Cybersecurity Graduate Certificate from Stanford University.

He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.

You can find him on LinkedIn or contact him here.