What would you do if your personal data was held to ransom by cybercriminals? Without ransomware protection, you could fall victim to a range of different ransomware attacks.

This article explores types of ransomware and famous examples of ransomware attacks.

Read on as we discuss:

  • What is ransomware?
  • Types of ransomware
  • 10 ransomware examples
  • Ways to spot a ransomware email
  • Using a ransomware decryptor

Ransomware meaning

Before we explore types of ransomware and famous examples of ransomware attacks, let’s start with the basics What is ransomware?

Ransomware is a type of malware (malicious software) that cybercriminals use to hold people to ransom.

A ransomware attack is where an individual or organization is targeted with ransomware. It can be spread to computers through attachments or links in phishing emails, by infected web sites by means of a drive-by download or via infected USB sticks.

Once a computer or network is infected with ransomware, the malware blocks access to the system, or encrypts the data on that system. Cybercriminals demand that the victims pay a ransom in order to regain access to their computer or data.

Laptop in the dark with lines of green code

Types of ransomware

There are two main types of ransomware: crypto ransomware and locker ransomware.

Crypto ransomware encrypts valuable files on a computer so that the user cannot access them.

Cyberthieves that conduct crypto ransomware attacks make money by demanding that victims pay a ransom to get their files back.  

Locker ransomware does not encrypt files. Rather, it locks the victim out of their device, preventing them from using it. Once they are locked out, cybercriminals carrying out locker ransomware attacks will demand a ransom to unlock the device.

10 ransomware examples

Now you understand what ransomware is and the two main types of ransomware that exist. Let’s explore 10 famous ransomware examples to help you understand  how different and dangerous each type can be.


Locky is a type of ransomware that was first released in a 2016 attack by an organized group of hackers.

With the ability to encrypt over 160 file types, Locky spreads by tricking victims to install it via fake emails with infected attachments. This method of transmission is called phishing, a form of social engineering.

Locky targets a range of file types that are often used by designers, developers, engineers, and testers.


WannaCry is ransomware attack that spread across 150 countries in 2017.

Designed to exploit a vulnerability in Windows, it was allegedly created by the United States National Security Agency and leaked by the Shadow Brokers group. WannaCry affected 230,000 computers globally.

The attack hit a third of hospital trusts in the UK, costing the NHS an estimated £92 million. Users were locked out and a ransom was demanded in the form of Bitcoin. The attack highlighted the problematic use of outdated systems, leaving the vital health service vulnerable to attack.

The global financial impact of WannaCry was substantial -the cybercrime caused an estimated $4 billion in financial losses worldwide.

Doctor seeing patient for hospital appointment

Bad Rabbit

Bad Rabbit is a 2017 ransomware attack that spread using a method called a ‘drive-by’ attack, where insecure websites are targeted and used to carry out an attack.

During a drive-by ransomware attack, a user visits a legitimate website, not knowing that they have been compromised by a hacker.

Drive-by attacks often require no action from the victim, beyond browsing to the compromised page.  However, in this case, they are infected when they click to install something that is actually malware in disguise. This element is known as a malware dropper.

Bad Rabbit used a fake request to install Adobe Flash as a malware dropper to spread its infection.


Ryuk ransomware, which spread in August 2018, disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup.

Ryuk also encrypted network drives.

The effects were crippling, and many organizations targeted in the US paid the demanded ransoms. August 2018 reports estimated funds raised from the attack were over $640,000.


The Troldesh ransomware attack happened in 2015 and was spread via spam emails with infected links or attachments.

Interestingly, the Troldesh attackers communicated with victims directly over email to demand ransoms. The cybercriminals even negotiated discounts for victims who they built a rapport with — a rare occurrence indeed.

This tale is definitely the exception, not the rule. It is never a good idea to negotiate with cybercriminals. Avoid paying the  demanded ransom at all costs as doing so only encourages this form of cybercrime.

Women holding on to multiple American bills


Jigsaw is a ransomware attack that started in 2016. This attack got its name as it featured an image of the puppet from the Saw film franchise.

Jigsaw gradually deleted more of the victim’s files each hour that the ransom demand was left unpaid. The use of horror movie imagery in this attack caused victims additional distress.


CryptoLocker is ransomware that was first seen in 2007 and spread through infected email attachments. Once on your computer, it searched for valuable files to encrypt and hold to ransom.

Thought to have affected around 500,000 computers, law enforcement and security companies eventually managed to seize a worldwide network of hijacked home computers that were being used to spread Cryptolocker.

This allowed them to control part of the criminal network and grab the data as it was being sent, without the criminals knowing. This action later led to the development of an online portal where victims could get a key to unlock and release their data for free without paying the criminals.


Petya (not to be confused with ExPetr) is a ransomware attack that first hit in 2016 and resurged in 2017 as GoldenEye.

Rather than encrypting specific files, this vicious ransomware encrypts the victim’s entire hard drive. It does this by encrypting the primary file table making it impossible to access files on the disk.

Petya spread through HR departments via a fake job application email with an infected Dropbox link.


The resurgence of Petya, known as GoldenEye, led to a global ransomware attack that happened in 2017.

Dubbed WannaCry’s ‘deadly sibling’, GoldenEye hit over 2,000 targets, including prominent oil producers in Russia and several banks.

Frighteningly, GoldenEye even forced workers at the Chernobyl nuclear plant to check radiation levels manually as they had been locked out of their Windows PCs.


GandCrab is a rather unsavory ransomware attack that threatened to reveal victim’s porn watching habits.

Claiming to have highjacked users webcam, GandCrab cybercriminals demanded a ransom or otherwise they would make the embarrassing footage public.

After having first hit in January 2018, GandCrab evolved into multiple versions. As part of the No More Ransom Initiative, internet security providers and the police collaborated to develop a ransomware decryptor to rescue victim’s sensitive data from GandCrab.

Man burying his head in his hand on a couch

Ways to spot a ransomware email

Now you understand the different examples of ransomware attacks that individuals and companies have fallen prey to in recent years.

Many of those targeted in the ransomware attacks we have discussed became victims because they clicked on links in spam emails, or they may have opened infected attachments.

So, if you are sent a ransomware email, how can you avoid becoming the victim of an attack?

The best way to spot a ransomware email is to check the sender. Is it from a trusted contact? If you receive an email from a person or company you do not know, always exercise caution.

Avoid clicking on links in emails from untrusted sources, and never open email attachments in emails from senders you do not trust.

Be particularly cautious if the attachment asks you to enable macros. This is a common way ransomware is spread.

Hands typing on laptop keyboard

Using a ransomware decryptor

If you become the victim of a ransomware attack, do not pay the ransom.

Paying the ransom that the cybercriminals are demanding does not guarantee that they will return your data. These are thieves, after all. It also reinforces the ransomware business, making future attacks more likely.

If your data is backed up externally or in cloud storage, you will be able to restore the data that is being held to ransom. But what if you do not have a backup of your data? We recommend contacting your internet security vendor, to see if they have a decryption tool for the ransomware that has attacked you. Or visit the No More Ransom site – an industry-wide initiative designed to help all victims of ransomware.

Avoid becoming a victim of the next ransomware attack — protect yourself with free Kaspersky Anti-Ransomware Tool or Premium Kaspersky Anti-Ransomware Products

What are the different types of ransomware?

What are the different types of ransomware attack? Learn about common ransomware examples and how to protect yourself against them.

Kaspersky Logo