A Dive into Prominent Ransomware Names that Shook Healthcare, Education, and Cyber Insurance

Unraveling the Infamous Malware that Defined a Decade of Cyber Threats

In the ever-evolving world of cyber threats, ransomware has emerged as a formidable monster, impacting organizations throughout all sectors, notably healthcare, education, and cyber insurance. The very mention of certain ransomware names sends shivers down the spines of IT professionals, recalling stories of paralyzed operations, compromised data, and very large ransom amounts needing to be paid leading to organizations going out of business. When organizations fall victim to ransomware, they experience long periods of downtime, loss of organizational trust and many times customers were negatively impacted.

This article aims to shed light on some of the menacing malware types that have made headlines in healthcare, education, and cyber insurance over the past decade.

Healthcare: A Vulnerable Target Full of Sensitive Data

1. WannaCry (2017): This global menace hit hard by employing a ransomware that had a worm component. The UK’s National Health Service (NHS) was one of its prime victims. Nearly 70,000 devices, including computers, MRI scanners, and blood-storage refrigerators, were impacted, leading to significant disruption to patient care and lots of downtime for UK health providers. In fact 81 out of 236 trusts across England were affected. A further 603 primary care and other NHS organizations were infected by WannaCry, including 595 GP practices. 19k appointments were canceled.
2. Ryuk (2019): This ransomware which is attributed to the hacker group WIZARD SPIDER struck several US healthcare providers, leading to a declaration of emergency in some states. Data encryption disrupted patient care, and monetary losses through ransom payments are estimated to have totaled $150 million.
3. Petya/NotPetya (2017): Though not exclusive to healthcare, Petya/NotPetya’s aggressive attack on pharmaceutical giant Merck led to estimated damages of $1.4 billion

Education: Ransomware Attacks on Education Systems

1. GandCrab (2018): GandCrab and its many variants affected institutions across the globe, causing significant amounts of downtime. In Florida, a school district’s computer system had to be shut down for close to a week while they worked to restore their backups. 
2. ProLock (2020): This variant of ransomware was known for “big game hunting”, meaning that they went after larger targets in order to receive larger payments from victims who could afford it. Universities and other school districts that had coveted research and personal data were under attack from the cybercriminals behind ProLock, leading to financial losses and reputational damage.
   

Cyber Insurance: Infiltrating the Protectors

1. Maze (2019): Infamous for targeting cyber insurance companies and releasing client data if ransoms weren’t met, Maze was a nightmare for the very institutions offering protection against cyber threats due to double extortion, meaning that not only was every device encrypted as it spread through the network, it also exfiltrated data to the group’s servers, which allowed Maze to be one of the top three earners in 2019.
2. Sodinokibi/REvil (2020): This ransomware has been dubbed the Crown Prince of Ransomware due to it being highly evasive and how many measures are needed to contain it. From transportation to cyber insurance, these attacks infiltrated systems mostly in the US and it is believed that they have collected over $200 million in ransom payments.
3. DarkSide (2021): DarkSide targeted large corporations, including prominent cyber insurance firms, causing mayhem and commanding hefty ransoms. From CompuCom to a unit of Toshiba Corp. this ransomware attacked many different organizations, collecting over $90 million in ransom payments.

A Persistent Threat That Creates a Need for Robust Defense

The aforementioned ransomware names aren’t one off examples, instead they represent very tangible threats that organizations grapple with daily. In understanding how cybercriminals work, their patterns, and impacts, institutions can better prepare themselves. When organizations choose to utilize BullWall’s advanced ransomware containment solutions, it provides them with the means to stop an active ransomware attack and lessen the damage caused by an attack.

Learn More

BullWall offers a ransomware assessment pentest to help you assess how your current tools respond to various ransomware variants. Or you can schedule a demo.