5 worst ransomware attacks throughout history

What are ransomware attacks?

During a ransomware attack, malicious software gains access to a user’s systems or files and encrypts them, preventing the owner of the files or systems from accessing files or even the entire device. The malware program then shows the user a message demanding him or her to pay ransom in exchange for the encryption key that will restore access to the files.

Biggest ransomware attacks in history

First-ever ransomware attack

The first ransomware attack in history was carried out by Joseph Popp, PhD in 1989. Popp was a scientist studying AIDS, he sent over 20,000 floppy disks to researchers all over the globe. The attacker claimed that the disks contained a program that could analyze the risk of a certain individual to develop AIDS, while in reality the disk also contained malware that infected computers and demanded a ransom payment. This program ultimately became known as the PC Cyborg.

Black Friday attack on the San Francisco Municipal Transportation Agency

On November 25, 2016, hackers deployed ransomware that attacked train ticketing and bus management systems operated by the SF Municipal Transportation Agency. The attackers demanded a payment of 100 bitcoins, which was equal to about $73,000 at the time. The Agency was able to restore access to its systems without having to pay the ransom but it still suffered significant financial losses, as city residents used the transportation system free of charge during the two days it took to combat the malware.


CryptoLocker was a ransomware strain that operated between September and December 2013. During this short period of time, the program infected over 250,000 systems and extorted more than $3 million from people and companies. The ransomware’s reign of terror ended at the beginning of 2014 when the botnet that was used to spread the attack was taken offline by government officials.

Attacks by the Armada Collective

In 2015, a group that called itself the Armada Collective deployed malware that attacked three banks in Greece in just five days. The criminals set a ransom of 20,000 bitcoins (7,000,000 euro at the time) for each bank. However, all three banks refused to pay up and improved their cybersecurity to prevent further attacks.

Ottawa Hospital ransomware attack

In early 2016, a ransomware attack encrypted information on almost 10,000 computers owned by the Ottawa Hospital. However, due to robust backup practices set up by the hospital, they were able to simply wipe down the hard drives and restore data from backups instead of paying the ransom.

Frequently asked questions

Do ransomware attacks target companies or individuals?

Most ransomware attacks are aimed at individuals rather than businesses or organizations.

When did the first ransomware attack occur?

The first known ransomware attack happened in 1989.

How much do you have to pay to get rid of ransomware?

Today, individual victims of ransomware end up paying around $500 to recover access to their data and devices. This number is constantly growing, for instance, at the beginning of the 2000s the average ransomware payment was around $300.

Talk to an Expert

1. We will review your request within 2 hours and contact you.

2. We will check your company and describe the workflow.

3. We will start cybersecurity check.

    Privacy Policy

    Vitaly is a principal consultant at Hackcontrol as wall as aa business and IT thought leader. He has over 15 years of experience in consulting, account management and is a specialist in cybersecurity.