The Top 5 Most Famous Ransomware Attacks

Cybercriminals everywhere are demanding thousands to millions of dollars to unlock the technology they’ve attacked and compromised. This type of malware attack earned itself the name ransomware for the high ransoms bad actors require to release devices, applications, or data.

But to name “the most famous ransomware attacks,” it’s important to understand how subjective that statement is. We could be talking about the scale of the attack, in terms of the amount or sensitivity of data stolen. Or the severity of the repercussions the attack had on the victim, its customers or other connecting partners. What about the price of the ransom itself?

Let’s look at some of the most notable ransomware attacks to date, categorized by type and dollar amount, and discuss some reasons they earned a spot on the list:

Most Famous Ransomware Attacks By Type:

Ransomware is a type of malicious software designed to restrict access to a computer system until a payment is made. The key here is… it’s software. While cybercriminals often use a similar foundation to their software code, the most evolved ransomware is a custom form of malware.

Here are some of the top ransomware types and why they were — or still are — so dangerous:


Flashback to 2017. A form of ransomware called WannaCry spread like wildfire through vulnerable SMB ports and phishing attacks, infecting 7,000 computers within the first hour of its release. Within a day, it infected more than 230,000 computers in over 150 countries. The attack affected leaders in various industries, such as the car giant Honda and thousands of NHS hospitals across the UK, seizing control of industrial processes until the ransom was paid. 


In 2016, video gamers faced a form of Trojan ransomware called TelsaCrypt, which infected game saves, user profiles, recoded replays, etc. This gamer ransomware affected 40 different games, such as the Call of Duty series, World of Warcraft and Minecraft — searching for 185 file extensions. Newer variants of the malware also affected encrypted Word, PDF, JPEG and other files. This ransomware made our list for the extent of its spread and the depth of its affected files. In May 2016, the ransomware spread came to a halt when the malware developers shut down the ransomware and released the master decryption key. 

Petya and NotPetya

Petya emerged in 2016 but in 2017, it began spreading internationally as ransomware. On July 27th, 2017, it targeted more than 80 companies in France, Germany, Italy, Poland, the United Kingdom, the United States, Russia, and Ukraine. It affected Windows servers, PCs, and laptops, exploiting a vulnerability in Microsoft’s implementation of the Server Message Block protocol — asking victims to conduct a system reboot, after which the system is locked. The newer variant called NotPetya has distinctive malware behavior. It uses different keys for encryption, has unique reboot styles, displays and notes, and was designed by the Russian government. 

REvil, AKA Sodinokibi

The modern-day Russian-based hacking group Ransomware Evil (REvil), also known as Sodinokibi, is a unique ransomware-as-a-service (RaaS) operation. These bad actors developed a subscription-based model that enables affiliates to use already-developed ransomware tools to launch their own ransomware attacks, wherein REvil receives a portion of the profit every time it’s deployed. In 2021, the group breached the tech powerhouse Apple, stealing information on their upcoming products. They’re also behind the recent Kaseya and JBS ransomware attacks. They made our list for their present relevancy — REvil’s attacks are only becoming more frequent, severe, and widespread — and because of their infamy of commercializing ransomware as a service, especially towards supply chains.


Another present-day RaaS operation is DarkSide. This hacking group located in  Eastern Europe targets victims using their own unique form of ransomware, believed to resemble the software used by REvil, as a possible partner of the Russian attackers. They were the bad actors behind the recent Colonial Pipeline cyberattack. Their malicious software earned its place on our top five most famous ransomware list for how destructive the program can be. The software deletes files in the recycle bin one by one, uninstalls security and backup software programs, and terminates security processes to allow access to data files.

Most Famous Ransomware Attacks, By Payout:

Ransomware attacks are also made famous for how financially crippling they were. Oftentimes, bad actors target companies and industries that are vital, so they must remain fully operational at all times. Freezing access to even certain operations or files for a few days could have a monumental impact on the company’s surrounding economy and customer base at large. When this happens, these major corporations often pay the ransom, knowing that a few days of downtime could account for much more damage and loss than the unlocking fee. Here’s a round-up of the most costly payouts to date:

5. Brenntag

Amount paid: $4.4 million

4. Colonial Pipeline

Amount paid: $4.4 million


3. CWT Global

Amount paid: $4.5 million

2. JBS

Amount paid: $11 million

1. CNA Financial

Amount paid: $40 million


Reduce Your Likelihood of Ransomware Attacks

Over the last few years especially, ransomware attacks have been growing both in frequency and severity — becoming more rampant and complex in the depth of information stolen. 

As the attacks continue to increase, it’s more important than ever to make sure your company’s security is airtight. 

Download our 5-1/2 Easy Steps to Avoid Cyber Threats ebook to make instant improvements to your security infrastructure today. 

New call-to-action

Topics: ransomware attack, ransomware attacks, demanding ransom, ransomware damages

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

PCI Testing: Everything You Need To Know

Penetration testing is crucial for businesses to help ensure that their security posture will stand against threat actors. For businesses that handle ..

Read more ›

The 4 Phases of Penetration Testing

So, you’ve done your research on penetration testing and are ready for the pentest engagement. But before you choose just any pentesting vendor, it’s ..

Read more ›

What is Web Application Penetration Testing?

Is your company in the process of developing a new application? There are a lot of moving parts involved in developing and deploying cutting-edge appl..

Read more ›