fbpx
Question? Call Us 888-508-6004
Tech Kahunas logo
History of ransomware

Ransomware: Full Timeline

In 2021, ransomware payments stood at an average of $102.3 million a month—an increase of 518% from 2020. Typically, a single victim (usually a business) was hit for $50 million, up from $30 million in 2020.  Sixty-eight different ransomware variants are known at present, the most notable being Ryuk, REvil (Sodinokibi), Darkside, Avaddon and Phobos. The attack vector most used is business email compromise arising from phishing emails that contain links or files that load ransomware.

Ransomware exploits have risen 97.25% since 2016. Only 8% of victims get all their data back after an attack. Victims who pay get about 65% of their data, while 29% get back less than 50%.

1989

AIDS trojan floppy disk asks for $189, though it lacks locking ability.

1996

Columbia professors demonstrate cryptoviral extortion, massive destruction now possible.

2005 - 2011

Ransomware begins to encrypt files, lock screens and use Bitcoin.

2014

Cryptolocker uses phishing email attachment. Infection of >250,000 computers, $27 million in costs.

2015

CryptoWall costs $325 million. Email attachment and Java vulnerability.

2016

Ransomware uses command-and-control servers.

2020

City of Johannesburg and State of Virginia fall to "Leakware" ransomware.
Criminals are now after NAS devices with backups.
Phobos RaaS disables firewalls and prevents recovery booting. Ryuk uses Wake-on-Lan to encrypt devices. Windows 7 end-of-support leaves systems vulnerable to ransomware like WannaCry.

January 2021

Covid-19 themed attacks.
Europe, U.S. and Canada take Emotet botnet comprising several hundred servers and over 1.6 million computers. Emotet allows installation of ransomware.

May 2021

Colonial Pipeline pays $4.4 million to Darkside. 17 states and D.C. in emergency.
JBS S.A. disabled. $11 million. Ireland's Health Service Executive $20 million to Conti, total costs >$134 million. Excel email attachment and Cobalt Strike vectors. CNA FInancial hit by Phoenix Cryptolocker with largest ransom to date: $40 million. Exchange server was vector.
Cyber-insurance company AXA falls to Avaddon ransomware.

June 2021

U.S. JD recovers $2.3 million of Darkside ransom. G7 nations address ransomware's "escalating shared threat."
Over 78 million breaches.

2012

First use of botnets. Total infections >100,000 in Q1.

2013 - 2016

Ransomware-as-a-service emerges. Total ransomware costs exceed $1 billion.

2013

600,000 systems infected, over $1.1m dollars.

2017

WannaCry uses EternalBlue Windows vuln, costs $4 billion.

2018

Atlanta victim to SAMSAM ransomware; costs >$17 million to recover, though ransom was $52,000.

2019

Baltimore victim to Robbinhood ransomware.
"Big game hunting" emerges. Civilian infrastructure
costs >$1.5 trillion.

March 2021

Ryuk spreads machine to machine within Windows domains. REvil expands into data extortion.

U.K.'s Harris Federation falls victim of REvil group.

April 2021


Ransomware Task Force organizes with Amazon, Cisco, Citrix, Ernst and Young, Deloitte, Microsoft, U.S. JD, Europol, and U.K. National Cyber Security Centre.
Average payout >$220,000. Actors move from spear phishing to network vulns. Ransomware actor Babuk steals 500 GB of Houston Rockets data.

July 2021

REvil takes down Kaseya VSA with >1000 companies. Fake software update leading to authentication bypass vuln.

November-December 2021

Over 1200 breaches/mo.
Emotet botnet back online.

The Log4shell vulnerability is now being used to launch Conti ransomware.

Today

"Even as we speak there are thousands of [ransomware] attacks on all aspects of
the energy sector and the private sector generally...
it’s happening all the time," said Energy Secretary Jennifer Granholm to CNN.

Common excuses for not preparing:
1. We need 24/7 operations to stop cyberattacks.
2. Applications can break with patches.
3. We have a lack of personnel.
4. It takes too much time to install the patches.
WHAT ARE YOUR EXCUSES?
Update your OS, ensure continual updates, and educate your employees.
TECH KAHUNAS mitigates the risks associated with ransomware and tracks all news and information regarding the latest exploits and tactics.

from our blog

Latest blog & Articles

Sim card swapping

What in the World is Sim Swapping?

QU1CK51LV3R was your average internet scammer. He had worked various spoofs, compromises and amateur hacks, but his specialty was account takeover. And recently, sim swapping

Read More
Phishing image

What in the world is phishing?

Beware! That email from your bank, credit card, or social security can be a door to nasty malware, system hijacking, or a data breach. Fraudulent

Read More
Tech Kahunas Cyber risk assessment

Where do you stand on cyber risk Readiness?

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

hero-S326HRW-3.png
Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

hero-S326HRW-3.png
Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue
hero-S326HRW-3.png
Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue