The 10 worst ransomware attacks ever

Conceptual art of a computer system being hacked.
(Image credit: Getty Images)

Ransomware first became a major threat in the mid-2000s, and many businesses and individuals worldwide are targeted for ransomware attacks each year. In 2021, there were an estimated 623.3 million attacks worldwide, costing businesses billions of dollars. 

Here, we take a closer look at the 10 worst ransomware attacks in history. Discover why they occurred, what happened, and the estimated financial impact of each case.

Protect your business with Perimeter 8

Protect your employees and network from ransomware attacks with Zero Trust. Enforce least privilege access policies across your organization in minutes based on user identity to safeguard all critical assets. Protect your business with Perimeter 81 - one of TechRadar’s top choices for Zero Trust providers. 

1. CNA Financial

CNA Financial, one of the United States’ largest insurer groups, was hit by a major cyberattack in March 2021. The attack involved the theft of large amounts of company data and customer information, and blocked CNA employees from logging into the network. 

To initiate the attack, hackers accessed company computers and stole sensitive information. The ransomware was deployed, and a large ransom was demanded. Around two weeks after the attack, CNA paid the hackers $40m to regain access to its systems.

2. JBS

JBS is a major food processing company with operations worldwide. A significant ransomware attack impacted operations in the US, Canada, and Australia on May 30 2021. As a result of the attack, up to 7,000 Australians are reported to have lost their jobs. 

Reports suggest that Russian group REvil was responsible for the attack, but this was never confirmed. An $11m ransom was demanded, and this was promptly paid using bitcoin. 

Following the attack on JBS, at least 40 similar attacks on food production facilities have been reported.

3. Garmin

In early 2020, global technology and communications giant Garmin was hit by a severe ransomware attack. The WastedLocker ransomware program was used to encrypt data across the company’s systems, and a $10m payment was demanded for the decryption key. 

This was an interesting attack, as US sanctions against the group thought to be behind it, Russia-based Evil Corp, made it difficult for Garmin to legally pay the ransom. Garmin reportedly got around this and paid up by using a third-party digital security firm as a go-between.

4. Colonial Pipeline

2021 was the year of the ransomware attack, with another major incident occurring in early May. A cyberattack disabled the computers used to manage an oil pipeline controlled by Colonial Pipeline, completely disabling operations for five days. A $4.4m ransom was demanded, and it was paid under the supervision of the FBI within hours. Many days passed before operations were back to normal.

The DarkSide cybercriminal group is thought to be responsible for the Colonial Pipeline attack. It’s also somewhat unique, as the FBI was able to recover the majority of the bitcoins used to settle the ransom.

5. Travelex

London-based foreign currency exchange, Travelex, was hit by a major cyberattack on New Year’s Eve 2019. This crippled its network and resulted in business interruptions for several months. 

The original ransom demand was $6m, but this was negotiated down to $2.3m after a few weeks of talks. The Sodinokibi gang is thought to have been behind this attack. 

6. Costa Rican government

In April 2022, the Costa Rican government was attacked by Russia-based Conti. It stole hundreds of gigabytes of sensitive data, including financial information stolen from the Ministry of Finance. The country refused to pay the $10m ransom and has been seriously affected in the months since. 

A state of national emergency was declared on May 8 2022, demonstrating the severity of the attack.

7. RobbinHood

RobbinHood is modern ransomware that attacks high-value targets, and usually demands three to 13 bitcoins in ransom. It typically uses brute force attacks or trojans to gain access to company and organization networks. 

Once access is gained, important files and data are encrypted and ransom demands are left on the affected device. Companies usually have four days to pay the ransom in full, with $10,000 added for each day the payment is late.

8. CryptoWall

The CryptoWall ransomware is a consumer-level program that encrypts devices and demands a ransom for a decryption key. It’s a spin-off of the CryptoLocker ransomware that was popular in the mid-2010s, and it continues to be updated to outsmart modern cybersecurity technology. 

The good news is that CryptoWall is usually spread via spam emails and dodgy web links, and can be blocked by using an up-to-date antivirus program.

See our list of the best antivirus software.

9. WannaCry

In May 2017, another consumer-level ransomware attack was launched. The WannaCry ransomware cryptoworm was first detected on May 12, and around 230,000 computers are thought to have been infected on the first day. Fortunately, the attack was halted quickly by global authorities and security firms. 

The ransomware cryptoworm gained access to devices that hadn’t installed a recently released Microsoft security patch, and then encrypted data. A $300 payment was demanded for the decryption key, and a large number of people complied. However, reports suggest that people didn’t get their data back even after paying up.

10. The PC Cyborg

The first ever ransomware program was known as AIDS, or the PC Cyborg. It was launched in 1989 and was mailed on a floppy disk to thousands of AIDS organizations worldwide. The man behind the attack, Dr Joseph Popp, demanded that $189 be sent to a PO box in Panama, to prevent infected computers from being rendered unusable. 

This attack had the potential to be much more severe, as authorities apprehended Popp before he could mail an estimated two million copies worldwide.


In this article, we’ve explored a few of the worst ransomware attacks in history. Although it’s unlikely you will be subject to a million-dollar ransom, you could be targeted for a smaller amount if your security systems aren’t up to date. 

Take a closer look at our guide to the best ransomware protection available today. Or, discover why ransomware is a growing threat to businesses and read about the rise in attacks in recent times.

Daniel Blechynden

Daniel is a freelance copywriter with over six years experience writing for publications such as TechRadar, Tom’s Guide, and Hosting Review. He specializes in B2B and B2C tech and finance, with a particular focus on VoIP, website building, web hosting, and other related fields.