A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | AB | AC | AD | AE | AF | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Top ransomware attacks | ||||||||||||||||||||||||||||||||
2 | Target | AKA | description | sector | organisation size | revenue | cost | ransom cost | data note | ransom paid | YEAR code | YEAR | month | location | interesting story (edited) | interesting story (long) | interesting story? | Ransomware | stock symbol | revenue as of | no of employees | Data Note | Source Name | URL | URL 2 | URL 3 | URL 4 | URL 5 | #ID | month as code | date code | date code 2 | |
3 | display label | 1,5,10,25,100,300 | $USD million | display label | 2013 | ||||||||||||||||||||||||||||
4 | "Cryptolocker" | 250,000 systems | misc | 100 | 1 | 27 | 27 | unknown | 0 | 2013 | SEP | Worldwide | CryptoLocker was one of the most profitble ransomware strains of its time. It earned more than $3 million before it taken down in 2014. | y | CryptoLocker | https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time | 1 | 9 | 0.75 | 0.00 | |||||||||||||
5 | "Cryptowall" | Multiple systems | misc | 25 | 1 | 18 | 18 | unknown | 0 | 2014 | JAN | Worldwide | From 2014-2016, CryptoWall was the most popular ransomware strain used and had extorted $18 million in ransom. | y | CryptoWall | 2 | 1 | 1.08 | 0.25 | ||||||||||||||
6 | Apple devices | misc | 1 | 1 | $100 per device | 5 | unknown | 0 | 2014 | MAY | Australia | "Device hacked by Oleg Pliss. For unlock device YOU NEED to send voucher code by $50 for unlock" is the message many Australians woke up to on their Apple devices. It was a ransomware attack but not by infecting the device with a malware, but by getting the owner's login credentials and locking them out of their devices remotely. | y | Not revealed | $100 per device or $50 per device. Payment was avoided by many | https://nakedsecurity.sophos.com/2014/05/27/apple-ransomware-strikes-australia-pay-oleg-100-or-else/ | 3 | 5 | 1.42 | 0.25 | |||||||||||||
7 | New Hampshire PD | government | 1 | 1 | $2000-$3000 | 0.003 | cost | unknown | 0 | 2014 | JUN | USA | CryptoWall | repair costs were $2000-$3000 | https://www.nbcnews.com/tech/security/virus-wipes-out-new-hampshire-police-departments-computers-n126466 | 4 | 6 | 1.50 | 0.25 | ||||||||||||||
8 | "TeslaCrypt" | Multiple systems | misc | 5 | 1 | 76,520 | 0.07652 | unknown | 0 | 2015 | MAR | Worldwide | TeslaCrypt managed to extort $76,522 from 163 victims. The ransom demands varied between $150 and $1000. | y | TeslaCrypt | 5 | 3 | 2.25 | 0.50 | ||||||||||||||
9 | "TeslaCrypt 2" | Multiple computers | misc | 5 | 1 | $1000 per system | 5 | unknown | 0 | 2015 | MAY | Australia | Australians were hit with a Breaking Bad themed ransomware attack. The malware has adopted the the mantle of "Los Pollos Hermanos", a fictional fast food chain from the show and demanded for $450 to be paid, and $1000 if there was a delay in payment. | y | Not revealed | $1000 per system | https://www.arnnet.com.au/article/574649/breaking-bad-themed-crypto-ransomware-hits-australian-computers/ | 6 | 5 | 2.42 | 0.50 | ||||||||||||
10 | Plex | global streaming media service | media & sport | 5 | 14 | 2,500 | 0.0025 | refused | 0 | 2015 | JUL | USA | CryptoWall | PRIVATE | 51-100 | https://www.computerweekly.com/news/4500249300/Hacker-tries-to-hold-Plex-video-streaming-service-to-ransom | https://finance.yahoo.com/company/plex?h=eyJlIjoicGxleCIsIm4iOiJQbGV4In0=&.tsrc=fin-srch | 7 | 7 | 2.58 | 0.50 | ||||||||||||
11 | Multiple law firms | legal | 1 | 1 | unknown | unknown | 0 | 2015 | MAR | USA, Canada, Ireland | Ransomware attacks against law firms had increased significantly. One U.S. Law Firm were demanded to pay $700 in BTC to retrieve their files, which they refused. The Law Society of British Columbia and Ireland had to issue official warnings informing its members after a number of attacks. | y | CryptoWall | https://resources.infosecinstitute.com/topic/ransomware-attacks-on-law-firms/ | 8 | 3 | 2.25 | 0.50 | |||||||||||||||
12 | Greece banks | finance | 1 | 1 | unknown | unknown | 0 | 2015 | NOV | Greece | Armada Collective | https://www.dw.com/en/greece-says-hackers-hit-banks-with-bitcoin-ransom-demand/a-18885881 | 9 | 11 | 2.92 | 0.50 | |||||||||||||||||
13 | Police departments | government | 1 | 1 | $300-$500 per system | 5 | unknown | 0 | 2016 | APR | USA | Police departments across multiple American states were hit by ransomware attacks. The ransom amount demanded for varied from $300-$500, which were paid in some cases and weren't in other. | y | Not revealed | added the ransom amts of attacks across 3-4 police depts | https://www.reuters.com/article/us-usa-cyber-ransomware-idUSKCN0X917X | https://www.darkreading.com/attacks-breaches/police-pay-off-ransomware-operators-again/d/d-id/1319918 | 10 | 4 | 3.33 | 0.75 | ||||||||||||
14 | Lukas & Klinikum Arnsberg Hospitals | healthcare | 10 | 120 | unknown | refused | 0 | 2016 | FEB | Germany | Not revealed | https://securityaffairs.co/wordpress/44824/cyber-crime/ransomware-paralyzed-german-hospitals.html | 11 | 2 | 3.17 | 0.75 | |||||||||||||||||
15 | HPMC | Hollywood Presbyterian Medical Center | healthcare | 10 | 289 | 17,000 | 0.017 | ransom paid | 0 | 2016 | FEB | USA | Not revealed | https://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html | 12 | 2 | 3.17 | 0.75 | |||||||||||||||
16 | Ottawa Hospital | healthcare | 10 | 966 | unknown | unknown | 0 | 2016 | MAR | Canada | Not revealed | https://ottawacitizen.com/news/local-news/ottawa-hospital-hit-with-ransomware-information-on-four-computers-locked-down | 13 | 3 | 3.25 | 0.75 | |||||||||||||||||
17 | MedStar Health | healthcare | 25 | 5,000 | 19,000 | 0.019 | unknown | 0 | 2016 | MAR | USA | Not revealed | https://www.healthcareitnews.com/news/medstar-attack-found-be-ransomware-hackers-demand-bitcoin | 14 | 3 | 3.25 | 0.75 | ||||||||||||||||
18 | University of Calgary | academic | 10 | 201 | 15,780 | 0.01578 | ransom paid | 0 | 2016 | JUN | Canada | Not revealed | https://www.bbc.com/news/technology-36478650 | 15 | 6 | 3.50 | 0.75 | ||||||||||||||||
19 | Carleton University | academic | 10 | 665 | 39,000 | 0.039 | unknown | 0 | 2016 | NOV | Canada | Not revealed | https://www.cbc.ca/news/science/ransomware-carleton-university-computers-bitcoin-infects-1.3872702 | 16 | 11 | 3.92 | 0.75 | ||||||||||||||||
20 | San Francisco MTA | San Francisco Municipal Transport Agency | transport | 25 | 1,000 | 74,000 | 0.074 | unknown | 0 | 2016 | NOV | USA | This ransomware attack infected more than 2,000 computers which were used to operate the San Francisco public transport system, which forced MTA to open the gates & allowed passengers to travel for free. | y | HDDCryptor | https://www.theregister.com/2016/11/27/san_francisco_muni_ransomware/ | 17 | 11 | 3.92 | 0.75 | |||||||||||||
21 | Madison County | government | 1 | 1 | 21,000 | 0.021 | ransom paid | 0 | 2016 | DEC | USA | Not revealed | https://www.csoonline.com/article/3139975/ransomware-hammers-madison-county-indiana.html | https://www.theindianalawyer.com/articles/42211-ransomware-attack-costing-madison-county-nearly-200000 | 18 | 12 | 4.00 | 0.75 | |||||||||||||||
22 | "BadRabbit" | Russian & Ukrainian systems | misc | 100 | 1 | unknown | unknown | 1 | 2017 | OCT | Russia, Ukraine | Unlike Petya and WannaCry, BadRabbit hasn't spread widely and majority of the incidents have been reported in Russia and Ukraine. This ransomware spreads through compromised, insecure websites. Once attacked, it demands a ransom of $280 in BTC and a 40 hour deadline. | y | BadRabbit | https://www.wired.co.uk/article/bad-rabbit-ransomware-flash-explained | 19 | 10 | 4.83 | 1.83 | ||||||||||||||
23 | "Petya" & "NotPetya" | Multiple systems globally | misc | 100 | 1 | $10bn across multiple companies | 5 | cost | unknown | 1 | 2017 | JUN | Wordlwide | The Petya & NotPetya ransomware spread across the world, wreaking havoc. The parent ransomware, Petya, had surfaced before its variant. It is a regular malware that aims to quickly mint some money from victims. NotPetya (a Petya variant), on the other hand, is said to be a state-sponsored Russian cyberattack masquerading as ransomware, which targetted war-ridden Ukraine but its impact was felt across the globe. | y | NotPetya & Petya | losses across multiple companies added up to $10 billion | https://www.business-standard.com/article/technology/notpetya-how-a-russian-malware-created-the-world-s-worst-cyberattack-ever-118082700261_1.html | https://www.proofpoint.com/us/threat-reference/petya | 20 | 6 | 4.50 | 1.50 | ||||||||||
24 | Maersk | Danish shipping giant | transport | 100 | 39,722 | 300 | 300 | cost | unknown | 1 | 2017 | JUN | Denmark | The NotPetya ransomware had hit countries across Europe but Copenagen-based Maersk was among the worst hit, which moves about one-fifth of the world's freight. Operations at Maersk terminals in four different countries were impacted, causing delays and disruption that lasted weeks. Even though the repair costs were around $300 million, things could have been much worse as there was no data-breach or data-loss, which would have been devastating considering the secretiveness of shipping businesses. | y | NotPetya | MAERSK-B.CO | losses were around $300 million. exact ransom amt not known | https://www.zdnet.com/article/ransomware-the-key-lesson-maersk-learned-from-battling-the-notpetya-attack/ | https://www.forbes.com/sites/leemathews/2017/08/16/notpetya-ransomware-attack-cost-shipping-giant-maersk-over-200-million/?sh=2e5d87354f9a | 21 | 6 | 4.50 | 1.50 | |||||||||
25 | "WannaCry" | 230,000 systems globally | misc | 300 | 1 | $300-$600 per system | 69 | unknown | 1 | 2017 | MAY | Worldwide | The WannaCry ransomware attack was a global epidemic that hit around 230,000 systems worldwise in MAY, 2017 and the ransom demanded was $300, which later increased to $600, per system. A Spanish mobile company, Telefonica, was first to be hit. By MAY 12th, NHS hospitals and surgeries across the country were affected. Ambulances were rerouted, leaving people in an emergency stranded. It was estimated to cost NHA around $92 million after 19k appointments were cancelled as a result of the attack. | y | WannaCry | our calc. Attackers have not received full amt, this is the exepcted amt | https://www.kaspersky.co.in/resource-center/threats/ransomware-wannacry | 22 | 5 | 4.42 | 1.42 | ||||||||||||
26 | Hancock Health | healthcare | 10 | 122 | 55,000 | 0.055 | ransom paid | 2 | 2018 | JAN | USA | SamSam | https://www.zdnet.com/article/us-hospital-pays-55000-to-ransomware-operators/ | 23 | 1 | 5.08 | 2.08 | ||||||||||||||||
27 | City of Atlanta | government | 1 | 1 | 51,000 | 0.051 | refused | 2 | 2018 | MAR | USA | SamSam | https://www.tripwire.com/state-of-security/security-awareness/10-most-significant-ransomware-attacks/ | https://www.al.com/news/2018/12/atlanta-didnt-pay-6-bitcoin-cyber-attack-ransom-officials-confirm.html#:~:text=Atlanta%20didn't%20pay%20the,Attorney's%20Office%20for%20North%20Georgia.&text=%E2%80%9CThe%20city%20of%20Atlanta%20did,the%20U.S.%20attorney's%20office%20said. | https://statescoop.com/one-year-after-atlantas-ransomware-attack-the-city-says-its-transforming-its-technology/ | 24 | 3 | 5.25 | 2.25 | ||||||||||||||
28 | COSCO | Chinese shipping giant | transport | 25 | 18,941 | unknown | unknown | 2 | 2018 | JUL | USA | Not revealed | CICOF | 12/30/2020 | https://www.cshub.com/attacks/news/incident-of-the-week-cosco-shipping-faces-ransomware-attack | https://finance.yahoo.com/quote/CICOF/financials?p=CICOF | 25 | 7 | 5.58 | 2.58 | |||||||||||||
29 | Port of San Diego | government | 10 | 163 | 30 | 30 | cost | unknown | 2 | 2018 | SEP | USA | SamSam | Figure is doubtful, one report says damages and costs came up t0 30 | https://www.sandiegoreader.com/news/2019/apr/10/city-lights-happened-ransomware-port-san-diego/#:~:text=Per%20the%20FBI%2C%20the%20Port,200%20public%20agencies%20and%20hospitals. | 26 | 9 | 5.75 | 2.75 | ||||||||||||||
30 | OWSA | Onslow Water and Sewer Authority | government | 5 | 29 | unknown | refused | 2 | 2018 | OCT | North Carolina | The critical water utility can be said to be cursed as it suffered a ransomware attack, when it was still recovering from Hurricane Florence. The authorities refused to pay the ransom. | y | Ryuk | https://www.csoonline.com/article/3314557/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html | 27 | 10 | 5.83 | 2.83 | ||||||||||||||
31 | Jackson County | government | 1 | 1 | 400,000 | 0.4 | ransom paid | 3 | 2019 | MAR | Georgia, USA | Ryuk | https://www.zdnet.com/article/georgia-county-pays-a-whopping-400000-to-get-rid-of-a-ransomware-infection/ | 28 | 3 | 6.25 | 3.25 | ||||||||||||||||
32 | City of Lodi | government | 1 | 1 | 400,000 | 0.4 | unknown | 3 | 2019 | APR | California, USA | Not revealed | https://www.rubrik.com/content/dam/rubrik/en/resources/case-study/Customer-Success-Rubrik-and-City-of-Lodi.pdf | https://www.govtech.com/security/lodi-calif-confirms-ransomware-behind-computer-troubles.html | 29 | 4 | 6.33 | 3.33 | |||||||||||||||
33 | La Porte County | government | 1 | 1 | 130,000 | 0.13 | ransom paid | 3 | 2019 | JUL | Indiana, USA | Ryuk | https://www.bleepingcomputer.com/news/security/la-porte-county-pays-130-000-ransom-to-ryuk-ransomware/ | 30 | 7 | 6.58 | 3.58 | ||||||||||||||||
34 | 22 Texan towns | government | 1 | 1 | 2.5 | 2.5 | refused | 3 | 2019 | SEP | USA | Not revealed | https://www.cpomagazine.com/cyber-security/massive-ransomware-attack-in-texas-hits-22-cities-and-towns-hackers-demand-millions-in-payment/ | 31 | 9 | 6.75 | 3.75 | ||||||||||||||||
35 | DCH Health System | public hospital in Alabama, USA | healthcare | 10 | 545 | 500,000 | 0.5 | estimate | unknown | 3 | 2019 | NOV | Alabama, USA | Ryuk | amt is an estimate by security experts | https://heimdalsecurity.com/blog/dch-ransomware-attack/ | 32 | 11 | 6.92 | 3.92 | |||||||||||||
36 | Pitney Bowes | American tech company | transport | 25 | 3,554 | unknown | unknown | 3 | 2019 | OCT | USA | The shipping tech firm was hit by a ransomware attack not only in 2019 but also in 2020 by the same ransomware. | y | Maze | PBI | 12/30/2020 | https://www.computerweekly.com/news/252482937/Pitney-Bowes-hit-by-Maze-in-second-ransomware-attack | https://techcrunch.com/2019/10/14/pitney-bowes-ransomware-attack/ | https://finance.yahoo.com/quote/PBI/financials?p=PBI | 33 | 10 | 6.83 | 3.83 | ||||||||||
37 | NVA | National Veterinary Associates | government | 25 | 2,000 | unknown | unknown | 3 | 2019 | OCT | USA | Ryuk | https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/ | 34 | 10 | 6.83 | 3.83 | ||||||||||||||||
38 | City of Johannesburg | government | 1 | 1 | 30,493 | 0.030493 | refused | 3 | 2019 | NOV | USA | Shadow Kill Hackers | https://www.bleepingcomputer.com/news/security/ransomware-attack-shuts-down-city-of-johannesburgs-systems/ | 35 | 11 | 6.92 | 3.92 | ||||||||||||||||
39 | Government of Nunavut | Government of Nunavut, Canada | government | 1 | 1 | 5 | 5 | cost | unknown | 3 | 2019 | NOV | Canada | Not revealed | has spent $5 million in damages | https://www.zdnet.com/article/canadian-nunavut-government-systems-crippled-by-ransomware/ | https://nunatsiaq.com/stories/article/nunavut-government-has-spent-5m-to-cope-with-NOV-ransomware-attack/ | 36 | 11 | 6.92 | 3.92 | ||||||||||||
40 | Everis & Cadena SAR | Spain's largest MSP and largest radio station | tech | 25 | 1,000 | 836,000 | 0.836 | unknown | 3 | 2019 | NOV | Spain | Not revealed | PRIVATE | 10000+ | https://www.zdnet.com/article/ransomware-hits-spanish-companies-sparking-wannacry-panic/ | https://spinbackup.com/blog/24-biggest-ransomware-attacks-in-2019/ | https://finance.yahoo.com/company/everis-group?h=eyJlIjoiZXZlcmlzLWdyb3VwIiwibiI6IkV2ZXJpcyBHcm91cCJ9&.tsrc=fin-srch | 37 | 11 | 6.92 | 3.92 | |||||||||||
41 | Rouen Hospital | healthcare | 25 | 1,000 | unknown | unknown | 3 | 2019 | NOV | France | The ransomware attack on the French Hospital was a ghastly reminder of the 2017 WannaCry attack. It crippled a system of 6000 computers and the medical staff were forced to return to the old fashioned way of using pen-paper and telephone lines to keep lines of communication open. | y | Not revealed | https://www.forbes.com/sites/daveywinder/2019/11/20/infection-hits-french-hospital-like-its-2017-as-ransomware-cripples-6000-computers/?sh=64e139ca576e | 38 | 11 | 6.92 | 3.92 | |||||||||||||||
42 | State of Louisiana | government | 1 | 1 | unknown | refused | 3 | 2019 | NOV | USA | Ryuk | https://www.cpomagazine.com/cyber-security/louisiana-hit-with-another-ryuk-ransomware-attack/ | 39 | 11 | 6.92 | 3.92 | |||||||||||||||||
43 | Prosegur | Spanish security firm | logistics | 25 | 4,329 | unknown | unknown | 3 | 2019 | NOV | Spain | Ryuk | PSG.MC | 12/30/2020 | https://www.zdnet.com/article/security-firm-prosegur-weve-shut-our-it-network-after-ryuk-ransomware-attack/ | 40 | 11 | 6.92 | 3.92 | ||||||||||||||
44 | City of Baltimore | government | 1 | 1 | 76,280 | 0.07628 | refused | 3 | 2019 | MAY | Maryland, USA | The city decided not to pay the ransom, but repair costs and damage control came up to $18.2 million, which created an uproar among the citizens. MAYor Young of Baltimore made it very clear that cyber criminals will not be rewarded, which is exactly what security experts constantly advice, since there is no guarantee access to data is regained. | y | RobbinHood | https://heimdalsecurity.com/blog/baltimore-ransomware/ | 41 | 5 | 6.42 | 3.42 | ||||||||||||||
45 | Riviera Beach & Lake City | government | 1 | 1 | 1.1 | 1.1 | ransom paid | 3 | 2019 | JUN | Florida, USA | The ransomware attacks happened on these two cities in Florida in the same week and the government authorites were forced to pay the ransom to the hackers in both the cases. | y | TrickBot, Ryuk | https://www.tripwire.com/state-of-security/security-awareness/10-most-significant-ransomware-attacks/ | 42 | 6 | 6.50 | 3.50 | ||||||||||||||
46 | Virtual Care Provider Inc. | American IT company | healthcare | 5 | 29 | 14 | 14 | unknown | 3 | 2019 | NOV | USA | Ryuk | https://healthitsecurity.com/news/ransomware-attack-on-it-vendor-disrupts-care-at-110-nursing-homes | https://www.vcpi.com/ | 43 | 11 | 6.92 | 3.92 | ||||||||||||||
47 | Maastricht University | academic | 10 | 241 | 220,000 | 0.22 | ransom paid | 3 | 2019 | DEC | The Netherlands | TA505 | https://www.bleepingcomputer.com/news/security/ta505-hackers-behind-maastricht-university-ransomware-attack/ | 44 | 12 | 7.00 | 4.00 | ||||||||||||||||
48 | PEMEX | Mexico's state-owned oil company | energy | 100 | 87,000 | 4.9 | 4.9 | unknown | 3 | 2019 | NOV | Mexico | DoppelPaymer | PRIVATE | 10000+ | Pemex states that they are operating normally and that there was no affect on their fuel production, supply, and inventory | https://www.bleepingcomputer.com/news/security/mexicos-pemex-oil-suffers-ransomware-attack-49-million-demanded/ | https://finance.yahoo.com/company/pemex?h=eyJlIjoicGVtZXgiLCJuIjoiUGVtZXgifQ==&.tsrc=fin-srch | 45 | 11 | 6.92 | 3.92 | |||||||||||
49 | Michigan State University | academic | 25 | 1,000 | unknown | unknown | 4 | 2020 | MAY | Michigan, USA | NetWalker | https://securityboulevard.com/2020/08/recent-ransomware-attacks-latest-ransomware-attack-news-in-2020/ | 46 | 5 | 7.42 | 4.42 | |||||||||||||||||
50 | Columbia College | academic | 10 | 102 | unknown | unknown | 4 | 2020 | JUN | Chicago, USA | NetWalker | https://securityboulevard.com/2020/08/recent-ransomware-attacks-latest-ransomware-attack-news-in-2020/ | 47 | 6 | 7.50 | 4.50 | |||||||||||||||||
51 | Brookfield Residential | North American real estate developer | logistics | 25 | 1,000 | unknown | refused | 4 | 2020 | AUG | USA | Darkside | PRIVATE | 501-1000 | https://securityboulevard.com/2020/08/recent-ransomware-attacks-latest-ransomware-attack-news-in-2020/ | https://www.bleepingcomputer.com/news/security/darkside-ransomware-hits-north-american-real-estate-developer/ | https://finance.yahoo.com/company/brookfield-residential-properties?h=eyJlIjoiYnJvb2tmaWVsZC1yZXNpZGVudGlhbC1wcm9wZXJ0aWVzIiwibiI6IkJyb29rZmllbGQgUmVzaWRlbnRpYWwgUHJvcGVydGllcyJ9&.tsrc=fin-srch | 48 | 8 | 7.67 | 4.67 | ||||||||||||
52 | PTI | Press Trust of India | government | 5 | 24 | unknown | unknown | 4 | 2020 | OCT | India | LockBit | Reports state NO ransom was paid | https://usa.kaspersky.com/resource-center/threats/top-ransomware-2031 | https://www.thehindubusinessline.com/info-tech/pti-services-disrupted-after-massive-ransomware-attack-on-servers/article32940254.ece | 49 | 10 | 7.83 | 4.83 | ||||||||||||||
53 | R1 RCM Inc. | American revenue cycle management company | finance | 25 | 1,271 | unknown | unknown | 4 | 2020 | AUG | USA | Defray | RCM | 12/30/2020 | https://usa.kaspersky.com/resource-center/threats/top-ransomware-2029 | https://krebsonsecurity.com/2020/08/medical-debt-collection-firm-r1-rcm-hit-in-ransomware-attack/ | https://finance.yahoo.com/quote/RCM/financials?p=RCM | 50 | 8 | 7.67 | 4.67 | ||||||||||||
54 | Orange | Europe's fourth largest mobile network operator | telecoms | 100 | 51,255 | unknown | unknown | 4 | 2020 | JUL | France | Nefilim | ORAN | 12/30/2020 | https://usa.kaspersky.com/resource-center/threats/top-ransomware-2027 | https://finance.yahoo.com/quote/ORAN/financials?p=ORAN | 51 | 7 | 7.58 | 4.58 | |||||||||||||
55 | Honda | automotive | 300 | 119,697 | unknown | unknown | 4 | 2020 | JUN | Japan | Jun 2021: Some cyber-security experts have said it looks like a ransomware attack, which means that hackers might have encrypted data or locked Honda out of some of its IT systems. | Erkan | HMC | 3/30/2021 | https://www.bbc.co.uk/news/technology-52982427 | https://finance.yahoo.com/quote/HMC/financials?p=HMC | 52 | 6 | 7.50 | 4.50 | |||||||||||||
56 | SCJ | Brazilian Superior Court of Justice | legal | 1 | 1 | unknown | unknown | 4 | 2020 | NOV | Brazil | RansomExx | https://usa.kaspersky.com/resource-center/threats/top-ransomware-2033 | https://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/ | 53 | 11 | 7.92 | 4.92 | |||||||||||||||
57 | INA Group | leading Croatian oil company | energy | 25 | 3,000 | unknown | unknown | 4 | 2020 | FEB | Croatia | Clop | https://usa.kaspersky.com/resource-center/threats/top-ransomware-2021 | 54 | 2 | 7.17 | 4.17 | ||||||||||||||||
58 | Randstad | world's largest staffing agency | logistics | 25 | 25,120 | unknown | unknown | 4 | 2020 | DEC | USA, Poland, Italy, France | Egregor | RAND.AS | 12/30/2020 | https://www.bleepingcomputer.com/news/security/largest-global-staffing-agency-randstad-hit-by-egregor-ransomware/ | https://finance.yahoo.com/quote/RAND.AS/financials?p=RAND.AS | 55 | 12 | 8.00 | 5.00 | |||||||||||||
59 | US Fertility | healthcare | 1 | 1 | unknown | unknown | 4 | 2020 | NOV | USA | Not revealed | https://www.bleepingcomputer.com/news/security/ransomware-hits-largest-us-fertility-network-patient-data-stolen/ | 56 | 11 | 7.92 | 4.92 | |||||||||||||||||
60 | UHS | Universal Health Services | healthcare | 25 | 11,559 | 67 | 67 | cost | unknown | 4 | 2020 | OCT | USA | Ryuk | UHS | 12/30/2020 | lost $67 million due to damages | https://www.bleepingcomputer.com/news/security/universal-health-services-lost-67-million-due-to-ryuk-ransomware-attack/ | https://finance.yahoo.com/quote/UHS/financials?p=UHS | 57 | 10 | 7.83 | 4.83 | ||||||||||
61 | Barnes & Noble | notable American bookseller | retail | 25 | 1,851 | unknown | unknown | 4 | 2020 | OCT | USA | Egregor | BNED | 4/29/2020 | https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-egregor-ransomware-strange-data-leaked/ | https://finance.yahoo.com/quote/BNED/financials?p=BNED | 58 | 10 | 7.83 | 4.83 | |||||||||||||
62 | Blackbaud | American cloud computing provider | tech | 10 | 913 | unknown | ransom paid | 4 | 2020 | JUL | USA | Not revealed | BLKB | 12/30/2020 | amt not revealed but ransom paid | https://techcrunch.com/2020/10/07/decrypted-blackbaud-ransomware-attack-gets-worse/ | https://www.bleepingcomputer.com/news/security/blackbaud-ransomware-gang-had-access-to-banking-info-and-passwords/ | https://finance.yahoo.com/quote/BLKB/financials?p=BLKB | 59 | 7 | 7.58 | 4.58 | |||||||||||
63 | Habana Labs | develops AI and DL solutions, bought by Intel | tech | 5 | 23 | unknown | unknown | 4 | 2020 | DEC | Israel | Habana Labs is an Israeli company that develops AI processors and was purchased by Intel for 2 billion in 2019. It is believed that the attack was caused by Iranian hackers and was not meant to generate revenue but to cause havoc for Israeli interests, since this was one of other multiple attacks on Israeli companies. | y | Pay2Key | PRIVATE | 11-50 | https://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/ | https://finance.yahoo.com/company/habana?h=eyJlIjoiaGFiYW5hIiwibiI6IkhhYmFuYSJ9&.tsrc=fin-srch | 60 | 12 | 8.00 | 5.00 | |||||||||||
64 | Gedia Automotive Group | automotive | 10 | 237 | unknown | refused | 4 | 2020 | JAN | Germany | REvil | 4200+ | https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/ | https://www.gedia.com/en/unternehmen/profile | 61 | 1 | 7.08 | 4.08 | |||||||||||||||
65 | Talman | Australian wool IT company | tech | 5 | 10 | unknown | unknown | 4 | 2020 | FEB | Australia | The Talman Software is used by more than 75% of the wool industry in Australia and New Zealand. The attack forced the buying and trading system to go offline. The chief executive stated he cannot recall of any other incident that affected the wool industry as much as this attack did. | y | Not revealed | https://www.abc.net.au/news/rural/2020-02-27/ransomware-cyber-attack-cripples-australian-wool-sales/12007912 | https://www.itnews.com.au/news/australian-wool-sales-stopped-by-ransomware-attack-538657 | 62 | 2 | 7.17 | 4.17 | |||||||||||||
66 | Whirlpool | tech | 25 | 19,456 | unknown | unknown | 4 | 2020 | DEC | USA | Nefilim | WHR | 12/30/2020 | leaked data included documents related to employee benefits, accommodation requests, medical information requests, background checks, and more. | https://www.bleepingcomputer.com/news/security/home-appliance-giant-whirlpool-hit-in-nefilim-ransomware-attack/ | https://finance.yahoo.com/quote/WHR/financials?p=WHR | 63 | 12 | 8.00 | 5.00 | |||||||||||||
67 | Symrise | world's major producer of flavours & fragrances | food & beverage | 25 | 4,269 | unknown | unknown | 4 | 2020 | DEC | Germany | Clop | SY1.DE | 12/30/2020 | attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices. | https://www.bleepingcomputer.com/news/security/flavors-designer-symrise-halts-production-after-clop-ransomware-attack/ | https://finance.yahoo.com/quote/SY1.DE/financials?p=SY1.DE | 64 | 12 | 8.00 | 5.00 | ||||||||||||
68 | Haberdashers’ Monmouth Schools | academic | 1 | 3 | 1.4 | 1.4 | refused | 4 | 2020 | DEC | UK | Not revealed | https://blocksandfiles.com/2020/12/09/airgapped-defence-helps-schools-in-ransomware-attack/ | 65 | 12 | 8.00 | 5.00 | ||||||||||||||||
69 | Embraer | Brazilian plane maker & the world's third-largest airplane maker, after Boeing and Airbus | tech | 10 | 746 | unknown | unknown | 4 | 2020 | DEC | Brazil | RansomEXX | ERJ | 12/30/2020 | data was leaked | https://www.zdnet.com/article/hackers-leak-data-from-embraer-worlds-third-largest-airplane-maker/ | https://finance.yahoo.com/quote/ERJ/financials?p=ERJ | 66 | 12 | 8.00 | 5.00 | ||||||||||||
70 | K12 | American e-learning platform | academic | 10 | 509 | unknown | ransom paid | 4 | 2020 | DEC | USA | Ryuk | amt is not known but it was paid | https://www.bleepingcomputer.com/news/security/k12-online-schooling-giant-pays-ryuk-ransomware-to-stop-data-leak/ | 67 | 12 | 8.00 | 5.00 | |||||||||||||||
71 | Endemol Shine | popular Dutch media company | media & sport | 5 | 69 | unknown | unknown | 4 | 2020 | NOV | France | DoppelPaymer | PRIVATE | 1001-5000 | https://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/ | https://finance.yahoo.com/company/endemol-shine-group?h=eyJlIjoiZW5kZW1vbC1zaGluZS1ncm91cCIsIm4iOiJFbmRlbW9sIFNoaW5lIEdyb3VwIn0=&.tsrc=fin-srch | 68 | 11 | 7.92 | 4.92 | |||||||||||||
72 | Delaware County | government | 1 | 1 | 500,000 | 0.5 | ransom paid | 4 | 2020 | NOV | USA | DoppelPaymer | https://www.bleepingcomputer.com/news/security/pennsylvania-county-pays-500k-ransom-to-doppelpaymer-ransomware/ | 69 | 11 | 7.92 | 4.92 | ||||||||||||||||
73 | Manchester United | media & sport | 10 | 675 | unknown | unknown | 4 | 2020 | NOV | UK | Not revealed | https://www.theguardian.com/football/2020/nov/27/manchester-united-still-crippled-by-disruptive-cyber-attack | 70 | 11 | 7.92 | 4.92 | |||||||||||||||||
74 | E-Land | South Korean conglomerate and retail giant | retail | 5 | 10 | unknown | unknown | 4 | 2020 | NOV | South Korea | Not revealed | PRIVATE | 1001-5000 | 23 of its retail stores suspended operations while they deal with the attack. | https://www.bleepingcomputer.com/news/security/ransomware-forces-e-land-south-korean-retail-giant-to-close-stores/ | https://www.glassdoor.co.in/Overview/Working-at-The-E-LAND-Group-EI_IE428069.11,27.htm | 71 | 11 | 7.92 | 4.92 | ||||||||||||
75 | Managed.com | leading web hosting solutions provider | tech | 1 | 5 | 500,000 | 0.5 | unknown | 4 | 2020 | NOV | USA | REvil | https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-managedcom-hosting-provider-500k-ransom/ | https://managed.com/about/ | 72 | 11 | 7.92 | 4.92 | ||||||||||||||
76 | Cencosud | one of Latin America's largest retail companies | retail | 25 | 13,676 | unknown | unknown | 4 | 2020 | NOV | Chile | Egregor | CENCOSUD.SN | https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/ | https://finance.yahoo.com/quote/CENCOSUD.SN/financials?p=CENCOSUD.SN | 73 | 11 | 7.92 | 4.92 | ||||||||||||||
77 | Miltenyi Biotec | German biotech company | healthcare | 10 | 877 | unknown | unknown | 4 | 2020 | NOV | Germany | MountLocker | PRIVATE | 1001-5000 | ransomware actors have leaked 5% out of the 150 GB of data they claim to have stolen | https://www.bleepingcomputer.com/news/security/biotech-research-firm-miltenyi-biotec-hit-by-ransomware-data-leaked/ | https://finance.yahoo.com/company/miltenyi-biotec?h=eyJlIjoibWlsdGVueWktYmlvdGVjIiwibiI6Ik1pbHRlbnlpIEJpb3RlYyJ9&.tsrc=fin-srch | 74 | 11 | 7.92 | 4.92 | ||||||||||||
78 | Compal | Taiwanese electronics company producing for HP, Dell, Toshiba | tech | 100 | 37,877 | unknown | unknown | 4 | 2020 | NOV | Taiwan | DoppelPaymer | 2324.TW | 12/30/2020 | https://www.zdnet.com/article/compal-the-second-largest-laptop-manufacturer-in-the-world-hit-by-ransomware/ | https://finance.yahoo.com/quote/2324.TW/financials?p=2324.TW | 75 | 11 | 7.92 | 4.92 | |||||||||||||
79 | GEO Group | runs private prisons & illegal immigration detention centres in the US & other countries | government | 25 | 2,350 | unknown | unknown | 4 | 2020 | NOV | USA | Not revealed | GEO | 12/30/2020 | Personal data and health information for some inmates and residents was exposed during the incident | https://www.zdnet.com/article/company-that-runs-us-illegal-immigration-detention-centers-discloses-ransomware-attack/ | https://finance.yahoo.com/quote/GEO/financials?p=GEO | 76 | 11 | 7.92 | 4.92 | ||||||||||||
80 | Campari Group | popular Italian beverage company known for Campari, Frangelico, Epsolon | food & beverage | 25 | 2,000 | 15 | 15 | unknown | 4 | 2020 | NOV | Italy | Ragnar Locker | https://www.bleepingcomputer.com/news/security/campari-hit-by-ragnar-locker-ransomware-15-million-demanded/ | 77 | 11 | 7.92 | 4.92 | |||||||||||||||
81 | Capcom | Japanese game developer of popular games such as Resident Evil and Street Fighter | gaming | 100 | 81,591 | 11 | 11 | unknown | 4 | 2020 | NOV | Japan | Ragnar Locker | CCOEY | 3/30/2020 | https://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/ | https://finance.yahoo.com/quote/CCOEY/financials?p=CCOEY | 78 | 11 | 7.92 | 4.92 | ||||||||||||
82 | Mattel | retail | 25 | 4,584 | unknown | unknown | 4 | 2020 | NOV | USA | Not revealed | MAT | 12/30/2020 | https://www.zdnet.com/article/toy-maker-mattel-discloses-ransomware-attack/ | https://finance.yahoo.com/quote/MAT/financials?p=MAT | 79 | 11 | 7.92 | 4.92 | ||||||||||||||
83 | GPI | Gaming Partners International | one of the world's largest supplier of casino currency | media & sport | 5 | 87 | unknown | unknown | 4 | 2020 | OCT | USA | REvil | https://www.forbes.com/sites/leemathews/2020/10/31/ransomware-gang-claims-international-casino-equipment--supplier-as-latest-victim/?sh=7fefe88468b2 | 80 | 10 | 7.83 | 4.83 | |||||||||||||||
84 | Dr.Reddy's Laboratories | Indian multinational pharmaceutical company | healthcare | 25 | 2,592 | unknown | refused | 4 | 2020 | OCT | India | Not revealed | DRREDDY.BO | 3/30/2021 | https://timesofindia.indiatimes.com/city/hyderabad/dr-reddys-admits-to-ransomware-attack-says-still-restoring-data-investigating-origin/articleshow/78921019.cms | https://finance.yahoo.com/quote/DRREDDY.BO/financials?p=DRREDDY.BO | 81 | 10 | 7.83 | 4.83 | |||||||||||||
85 | Steelcase | world's largest office furniture manufacturer | logistics | 25 | 2,596 | unknown | unknown | 4 | 2020 | OCT | USA | Ryuk | SCS | 2/27/2021 | https://www.bleepingcomputer.com/news/security/steelcase-furniture-giant-hit-by-ryuk-ransomware-attack/ | https://finance.yahoo.com/quote/SCS/financials?p=SCS | 82 | 10 | 7.83 | 4.83 | |||||||||||||
86 | Boyne Resorts | operates golf and ski resorts across USA & Canada | media & sport | 10 | 916 | unknown | unknown | 4 | 2020 | OCT | USA, Canada | WastedLocker | 11000+ | https://www.bleepingcomputer.com/news/security/wastedlocker-ransomware-hits-boyne-resorts-ski-resort-operator/ | https://www.boyneresorts.com/about-us | 83 | 10 | 7.83 | 4.83 | ||||||||||||||
87 | Vastaamo | Finish psychotherapy clinic | healthcare | 5 | 10 | 200 euros per patient | 0.49 | unknown | 4 | 2020 | OCT | Finland | Confidential records of thousands of psychotherapy patients were hacked and leaked online. Patients received emails with a demand of 200 euros in BTC to prevent the contents of their discussions with therapists being made public. | y | Not revealed | ransom is our calc (200 euro * 2000 patients) | https://www.theguardian.com/world/2020/oct/26/tens-of-thousands-psychotherapy-records-hacked-in-finland | 84 | 10 | 7.83 | 4.83 | ||||||||||||
88 | STM | Société de transport de Montréal | transport | 1 | 1 | unknown | unknown | 4 | 2020 | OCT | Canada | RansomEXX | https://www.bleepingcomputer.com/news/security/montreals-stm-public-transport-system-hit-by-ransomware-attack/ | 85 | 10 | 7.83 | 4.83 | ||||||||||||||||
89 | Haldiram's | Indian snacks and food giant | retail | 10 | 546 | 750,000 | 0.75 | unknown | 4 | 2020 | OCT | India | Not revealed | https://timesofindia.indiatimes.com/city/noida/haldirams-hit-by-ransomware-attack-hackers-asked-for-7-5l/articleshow/78712465.cms | http://www.haldiram.com/news/becomes-Indias-biggest-snack-maker-with-a-turnover-of-rs-4000-crore | 86 | 10 | 7.83 | 4.83 | ||||||||||||||
90 | Crytek | leading game developers of games such as Crysis & Hunt:Showdown | gaming | 10 | 116 | unknown | unknown | 4 | 2020 | OCT | Germany | Egregor | In addition to encrypting the devices, the Egregor gang claims to have stolen unencrypted files from Crytek and leaked a 380MB archive on their data leak site. | https://www.bleepingcomputer.com/news/security/crytek-hit-by-egregor-ransomware-ubisoft-data-leaked/ | 87 | 10 | 7.83 | 4.83 | |||||||||||||||
91 | Yazoo County School District | academic | 5 | 10 | 300,000 | 0.3 | ransom paid | 4 | 2020 | OCT | USA | Not revealed | https://www.infosecurity-magazine.com/news/cyberattack-on-mississippi-schools/ | 88 | 10 | 7.83 | 4.83 | ||||||||||||||||
92 | Ardonagh Group | UK's second largest privately owned insurance broker | finance | 25 | 1,000 | 94 | 94 | cost | unknown | 4 | 2020 | OCT | UK | Not revealed | PRIVATE | 5001-10000 | $94 million in losses | https://www.theregister.com/2020/10/06/ardonagh_group_ransomware/ | https://finance.yahoo.com/company/the-ardonagh-group?h=eyJlIjoidGhlLWFyZG9uYWdoLWdyb3VwIiwibiI6IlRoZSBBcmRvbmFnaCBHcm91cCJ9&.tsrc=fin-srch | 89 | 10 | 7.83 | 4.83 | ||||||||||
93 | ERT | eResearchTechnology | major American health tech firm | healthcare | 10 | 612 | unknown | unknown | 4 | 2020 | OCT | USA | Not revealed | Coronavirus clinical trials disrupted by the ransomware attack | https://www.cpomagazine.com/cyber-security/ransomware-attack-on-a-major-health-tech-firm-slows-down-several-covid-19-clinical-trials/ | 90 | 10 | 7.83 | 4.83 | ||||||||||||||
94 | Tyler Technologies | US' largest software provider | tech | 25 | 1,117 | 4 | 4 | cost | ransom paid | 4 | 2020 | SEP | USA | RansomEXX | TYL | 12/30/2020 | lost $4 million in sales | https://www.bleepingcomputer.com/news/security/tyler-technologies-paid-ransomware-gang-for-decryption-key/ | https://www.crn.com/news/channel-programs/tyler-technologies-lost-4-million-in-sales-due-to-ransomware-attack | https://finance.yahoo.com/quote/TYL/financials?p=TYL | 91 | 9 | 7.75 | 4.75 | |||||||||
95 | IPG Photonics | leading American laser developer | government | 25 | 1,201 | unknown | unknown | 4 | 2020 | SEP | USA | RansomEXX | IPGP | 12/30/2020 | https://www.bleepingcomputer.com/news/security/leading-us-laser-developer-ipg-photonics-hit-with-ransomware/ | https://finance.yahoo.com/quote/IPGP/financials?p=IPGP | 92 | 9 | 7.75 | 4.75 | |||||||||||||
96 | Anglicare | Australian organization holding records on adoption, mental health services, etc | healthcare | 5 | 58 | unknown | refused | 4 | 2020 | SEP | Australia | Not revealed | 17 gigabytes of data was transmitted to a remote location | https://www.abc.net.au/news/2020-09-19/anglicare-sydney-victim-of-cyber-security-breach-involving-data/12681510 | 93 | 9 | 7.75 | 4.75 | |||||||||||||||
97 | Dusseldorf University Hospital | healthcare | 1 | 1 | unknown | unknown | 4 | 2020 | SEP | Germany | The ransomware attack on Dusseldorf Hospital reported in the first ever human death caused due to a cyber attack. A woman patient died while being rerouted to another hospital since Dusseldorf was unable to receive her as it was in the midst of dealing with the attack. The ransomware gang had withdrawn its ransom demands after the German police reached out to them and MAY turn the investigation into a murder case if the gang and hospital downtime are directly related to the cause of death. | y | Not revealed | https://www.zdnet.com/article/first-death-reported-following-a-ransomware-attack-on-a-german-hospital/ | 94 | 9 | 7.75 | 4.75 | |||||||||||||||
98 | Artech Information Systems | one of the largest US IT staffing companies | logistics | 10 | 810 | unknown | unknown | 4 | 2020 | SEP | USA | REvil | 10500 | Personal, financial, and health info exposed in the attack | https://www.bleepingcomputer.com/news/security/us-staffing-firm-artech-discloses-ransomware-attack-data-breach/ | https://www.artech.com/overview/about-us/ | 95 | 9 | 7.75 | 4.75 | |||||||||||||
99 | Development Bank of Seychelles | finance | 1 | 2 | unknown | unknown | 4 | 2020 | SEP | Seychelles | Not revealed | Customer and bank info potentially stolen | https://www.bleepingcomputer.com/news/security/development-bank-of-seychelles-hit-by-ransomware-attack/ | 96 | 9 | 7.75 | 4.75 | ||||||||||||||||
100 | SoftServe | one of Ukraine's largest IT companies | tech | 25 | 1,000 | unknown | unknown | 4 | 2020 | SEP | Ukraine | RansomEXX | 9000 | Customers' source code allegedly stolen | https://www.bleepingcomputer.com/news/security/softserve-hit-by-ransomware-windows-customization-tool-exploited/ | https://www.softserveinc.com/en-us/about-us | 97 | 9 | 7.75 | 4.75 |