Our Blog

Ransomware Examples: Top 5 famous ransomware attacks of all time

Ransomware Examples: Top 5 famous ransomware attacks of all time

Portia Linao Portia Linao
February 01, 2022, Post a comment

We live in the era of technology, and so do criminals.

In this article, we’ll tackle the types of ransomware out there, as well as examples of the most diabolical ransomware attacks of all time, and what you can do to keep them as far away from your organisation as possible.


What is Ransomware?

Ransomware is a malicious software.

Cybercriminals use ransomware to infect computers and encrypt data to block their victim's from accessing their files or system. The criminals would demand ransom in exchange for a decryption key which will enable the owner to access their data.

Ransomware can happen both to companies and individuals – sometimes, the type of attack varies depending on how big their targets are. Once fallen into their traps, ransomware victims can either:

  • pay the ransom (which we do not recommend)
  • attempt to remove the ransomware themselves
  • clean the infected device or network

The best strategy to prevent ransomware and other cyber risks is to establish security awareness and a reliable security and backup solution. Your data is an essential asset to your company. Protecting it should never be an afterthought.

Types of ransomware

Ransomware comes in all shapes and forms but shares one goal: demand ransom from its victims.

Locker ransomware

Locker ransomware is malware that locks user files rendering the computer unusable. This type of ransomware would deny the victim rudimentary computer functions but still allow them to interact enough with the criminals to pay the ransom.

When a locker malware has infiltrated your device, your data is not entirely affected. You will just be locked out of them. So, there is very little chance that your data will be wiped out. They’re usually easier to find and remove from your system without handing any ransom compared to other types of malware. Because of this, cybercriminals use social engineering to convince the victims enough to pay the asking amount.

Crypto ransomware

The crypto ransomware does the opposite of what the locker ransomware does. This type of ransomware encrypts your data, and it’s smart at finding essential data on your device, whether it be financial statements, tax records, work projects, or contact details.

The goal of crypto ransomware is to panic the victim enough to pay the ransom price by encrypting their files, making them inaccessible. To make matters worse for the victim, the cybercriminals add a countdown creating a sense of urgency.

Crypto ransomware is easily alleviated if you have a cloud-based or external backup. Unless you have these set up before falling victim to this ransomware example, there’s no other way for you to get your files back unless you pay the ransom – and that’s not always an assurance.


Ransomware as a Service (RaaS) and Software as a Service (SaaS) has a similar business model.

The creators of RaaS offer subscription-based services that would enable their members to run a variety of ransomware attacks. These attacks may vary, but ultimately, they depend on the subscriber’s membership. Once a member has successfully infected a victim’s computer and received the ransom, part of it will go to the RaaS creator.

Unlike the first two types of ransomware, RaaS doesn’t need high-level technical skills to run it and even the most inexperienced cybercriminals can execute ransomware attacks without breaking a sweat.

Double Extortion

Double extortion is a type of ransomware scheme where criminals would steal large amounts of their victim’s data, encrypts it, and threaten to publish it in exchange for ransom. If ever the victim fails to pay the ransom, their data will either be published online, sold on the Dark Web, or wiped for good.

Double extortion has been on the rise recently. According to ThreatPost, the total ransomware damages of double extortion tactics went up as high as 935% worldwide, just in 2021 alone.


Ransomware examples

Here are some of the most well-known examples of ransomware attacks that we’ve encountered over the years.


Locky is a ransomware example created by a group of hackers and was first used in 2016.

What it does is encrypt over a hundred file types and spread through socially engineered phishing emails with virus-infected attachments, usually a Microsoft Word document with macro malware.

A user only becomes a victim when they download and install the infected attachment on their computer. When the ransomware is successfully installed, the Trojan will launch and encrypt all files.

The victim will then receive a message containing instructions to send the ransom payment. Criminals that use the Locky ransomware ask 0.5 up to 1 Bitcoin.


Similar to Locky, CryptoLocker is a type of ransomware attack that spreads through phishing emails carrying infected attachments.

The ransomware has already infected roughly 500,000 computers since its discovery in 2007.

The CryptoLocker ransomware targets computers using Microsoft Windows operating systems. When the Trojan is in motion, it will encrypt all the files in local and connected storage drives.

It will then present a ransom note telling you to send Bitcoin (or other types of prepaid payment) in exchange for the decryption key.

These cybercriminals cause panic among the victims using social engineering, threatening to delete the stolen data or the decryption key if their demands are not met. If not paid in time, the criminals will then offer to decrypt the victim’s data in exchange for a much higher rate paid in Bitcoin.

Thankfully, law enforcement and security companies controlled the spread of this ransomware example in early 2014.

They intercepted the data and created a safe online portal where CryptoLocker victims can quickly procure decryption keys to gain access to their data again without paying the hefty ransom to cybercriminals.

Bad Rabbit

Bad Rabbit is also a perfect example of crypto-ransomware.

Discovered in late 2017, this famous ransomware attack also uses the same patterns as other ransomware of its type, but the only difference is it pretends to be an Adobe Flash player update.

When a user clicks on the flashing Adobe Flash new version update, it will install itself on the device. Once successful, it can encrypt files and your computer’s hard drive. This damage will severely disrupt your operating system’s functionalities.

The Bad Rabbit ransomware was first discovered in Russia and Ukraine but spread to other countries like Japan, South Korea, Germany, Turkey, and the USA. Thankfully, all websites that spread the ransomware has either taken down the bogus or gone offline, ultimately preventing it from infecting more users.


billy-the-puppet-sawJigsaw is another ransomware example based on Billy the Puppet from the Saw movie franchise.

The ransomware, first discovered in 2016, encrypts all data on the infected device once installed and activated. It will then display a pop-up message featuring Billy the Puppet’s face with the ransom note.

The criminals will normally ask for Bitcoin to decrypt the files. And just like in the movie franchise, they use a timer and with each additional hour that you haven’t given to their ransom demands, they will delete a file until your computer is completely wiped out.

And since the criminals are deviously clever, they will delete 1000 files for every attempt to stop the process.

AIDS Trojan

The best ransomware example on our list would be the first one documented.

The AIDS Trojan was created by a biologist, Joseph Popp. He is known to be the father of ransomware.

He sent out 20,000 floppy disks containing the Trojan to researchers and scientists worldwide. The receivers of the floppy disks thought it holds Popp’s AIDS research, but once they opened it on their devices,  the trojan will replace the AUTOEXEC.BAT file to count the number of times the computer is rebooted.

Once it reaches 90, the files will be encrypted and all directories are hidden.

The victims are then shown a message instructing them to send the $189 fee to an address in Panama to access their files again.

Protecting your organisation from ransomware attacks

Every ransomware attack is different from one another. Having deep awareness and understanding about them is an essential skill to have under your cyber security belt. When establishing a security solution for your organisation, you must consider the size and magnitude of an attack that you can handle. Also, the consequences of a breach and which data could potentially be stolen.

All in all, the best way to prevent or reduce the effects of cyber-attacks and the devastation that comes with it is to back up your data regularly, implement security awareness training for your staff, and proper execution of security solutions.


Did you know that right at this moment, you might already be vulnerable to one or two of these ransomware examples?

Will your IT security handle the strain in case you're attacked? Or are you smart enough not to fall victim to it? 

Signup for a complimentary IT Health Check here and find out if your IT is strong enough to protect you against ransomware. Know which aspects of your data needs attention and what you can do to reduce your risk and safeguard your data. 

IT-Health-Check-Report-669369-optimized-min (1)

Find cyber risks before they find you

Don’t let yourself be a part of the statistic. Take action now and protect your data by booking a complimentary IT Health and Security Check.