It is considered thefirst-ever ransomware virusreleased via floppy disk.

Popp sent 20,000 infected disks to attendees of the World Health Organizations international AIDS conference in Stockholm.

The virus activated after the 90th reboot, encrypting files on the systems hard drive.

table showing each type of ransomware and their definitions

Fortunately, none of the conference attendees paid the AIDS Trojan ransom.

The next wave of ransomware attacks didnt occur until the mid-2000s.

Here are the most common ways ransomware is delivered and deployed.

timeline of the most important events on ransomware history

To this end, sophisticated attackers even send personalized emails.

Generally speaking, drive-by download attacks can be active or passive.

In the former, hackers create a malicious duplicate of a legitimate website and trick users into downloading malware.

bar chart showing the cost of ransom payments over the years

Attackers often use login credentials exposed in data breaches to conduct credential-stuffing attacks against RDP services.

They may also create fake websites that imitate authentic platforms like banking sites or online services.

Data from cryptocurrency-tracing firm Chainalysis also confirms thatthe cost of ransomware attacks is increasing.

bar charts showing the number of ransomware attacks by quarters and by year, from 2021 until Q1 2024

Collectively, hackers earned roughly $1.1 billion from crypto-related ransomware attacks in 2023, setting a new record.

Interestingly, the year after, that number dropped to $567 million.

Encouragingly,2024 has seen a decrease in attacks worldwide so far.

infographic showing the most important numbers about the top ransomware groups by number of detections and victims

Operation Cronos, led by the UKs National Crime Agencys Cyber Division, took nearly two years to implement.

Alas, LockBit persists even after such disruption.

Here are the companies and institutions that suffer the most from ransomware attacks.

map showing the countries that suffer the most ransomware attacks

Similarly, 62.3% of the Clop and 50.7% of BlackCat victims were also small businesses.

But its not only these big cybercriminal gangs who find smaller organizations to be an attractive target.

Those are usually reserved for big enterprises which can also be quite attractive targets.

bar chart comparing the most targeted industries by ransomware attacks in 2022 vs 2023, pointing at the most important events

Another example is the attack on Ascension Health the largest Catholic hospital chain in the United States.

The hackers locked healthcare providers out of the hospitals system, leading to several lapses in patient care.

Many construction companies handle sensitive project data and substantial financial transactions, but they often have limited cybersecurity plans.

bar chart showing which industries are the most likely to pay a ransom after falling victim to a ransomware attack

This makes them major targets for ransomware attacks that end with the ransom being paid.

A possible explanation for this is that some government entities may be explicitly forbidden from accepting ransom demands.

The overall trend regarding paying ransoms seems to be on the decline.

This could be due to organizations being more prepared or distrustful towards cybercriminals claims not to disclose compromised data.

Here are some of the effects that ransomware attacks can have on the targets.

On Organizations

Ransomware can have far-reaching consequences on organizations.

However, the cost of ransomware attacks often extends beyond the payment of the ransom.

Ransomware incidents have caused people to lose their jobs and suffer long-term health consequences in the aftermath.

Hackers are now increasingly using double and triple extortion schemes.

The integration of artificial intelligence (AI) is also elevating ransomware attacks to a new level of sophistication.

AI-powered ransomware has the ability to adapt and customize in real time, modifying malware code to evade detection.

Backup attacks are another emerging trend in ransomware attacks.

Lets delve into some of the most notable ransomware payouts that have occurred over recent years.

Reports indicated that CNA Financial paid approximately $40 million in ransom to the cybercriminals behind the attack.

JBS ended up paying $11 million to the REvil group.

However, CWT managed to negotiate the ransom amount and ended up paying $4.5 million in Bitcoin.

It is unknown how the FBI gained access to the key in the first place.

Brenntag: $4.4 million

Brenntag is a German chemical distribution company.

To avoid data leaking online, Brenntag paid a $4.4 million ransom to the ransomware gang.

However, the attack caused substantial reputational and financial damage to Travelex.

FatFace: $2 million

In January 2021, British clothing retailer FatFace faced a ransomware attack.

The Conti gang encrypted the companys systems and stole 200 GB of data.

The email is considered controversial because it asked recipients to keep the data breach private and confidential.

The attack encrypted data on UCSFs servers and systems, affecting important academic and medical information.

In the end, UCSF paid $1.14 million to the ransomware gang.

Here are a few tips on how organizations and individuals can protect themselves from ransomware attacks.