The five: ransomware attacks
Cyber-attacks that threaten to publish a victim’s data or block access to it unless a ransom is paid have grown internationally since 2012.
Sodinokibi and Travelex
Hackers attacked Travelex’s network on New Year’s Eve, stealing customer data including dates of birth, credit card information, and national insurance numbers. The ransomware gang responsible, Sodinokibi, has demanded £4.6m in return. The currency exchange service has yet to respond; its websites across Europe, Asia, and the US remain down for “planned maintenance”.
The first significant ransomware attack on a grand scale, CryptoLocker spread via infected email attachments from 2013 to 2014, encrypted private user data and demanded payment in exchange for the decryption key. Infecting more than 500,000 machines, its operators are believed to have extorted around £2.3m.
This targeted computers running the Microsoft Windows operating system in May 2017: within a day, it had infected more than 230,000 machines in more than 150 countries. In the UK, where about a third of NHS hospital trusts were affected, the attack is estimated to have cost the health service £92m.
In 2019, the Baltimore city government found its computer systems hacked by an aggressive ransomware variant known as RobbinHood, with its operators demanding 13 bitcoin (roughly £78,600) in exchange for restored access to information. The attack disrupted property purchases, water bills, and city charges, eventually costing the city £13.8m.
Named after a demon from anime series Death Note, Ryuk made almost £500,000 in two weeks by attacking organisations that worked on tight deadlines. This included the LA Times and a North Carolina water firm. While its source code was derived from a product of the North Korean Lazarus Group, it is thought Ryuk’s originators are Russian. Jonathan Chan