all-in-one privacy solution":["Proton Unlimited to wszechstronne rozwiązanie zapewniające prywatność"],"Black Friday":["Czarny Piątek"],"No ads. Privacy by default.":["Brak reklam. Prywatność w standardzie."],"People before profits":["Ludzie przed zyskiem"],"Security through transparency":["Bezpieczeństwo dzięki przejrzystości"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Najlepsze oferty Proton Mail ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["Jedyna na świecie usługa poczty elektronicznej wspierana przez społeczność"]},"specialoffer:limited":{"${ hours } hour":["${ hours } godzina","${ hours } godziny","${ hours } godzin","${ hours } godziny"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Pozostało: ${ hoursLeft }, ${ minutesLeft } i ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minuta","${ minutes } minuty","${ minutes } minut","${ minutes } minuty"],"${ seconds } second":["${ seconds } sekunda","${ seconds } sekundy","${ seconds } sekund","${ seconds } sekundy"],"Limited time offer":["Oferta ograniczona czasowo"]},"specialoffer:listitem":{"Create multiple addresses":["Utwórz wiele adresów"],"Hide-my-email aliases":["Aliasy hide-my-email"],"Quickly unsubscribe from newsletters":["Szybko anuluj subskrypcję biuletynów"],"Use your own domain name":["Korzystaj z własnej nazwy domeny"]},"specialoffer:logos":{"As featured in":["Opinie naszych klientów"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Uzyskaj zaszyfrowaną usługę e-mail, która chroni Twoją prywatność"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Wyprzedaż Proton Mail z okazji Czarnego Piątku – uzyskaj do 40% zniżki"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Uzyskaj do 40% zniżki na subskrypcje Proton Mail w ten Czarny Piątek. Znajdź wspaniałe oferty naszych bezpiecznych planów usługi poczty elektronicznej w szyfrowaniu end-to-end."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Wyprzedaż Proton Mail z okazji Czarnego Piątku | Do 40% zniżki na bezpieczną pocztę elektroniczną"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* Płatne ${ TOTAL_SUM } za pierwszy rok"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["* Płatne ${ TOTAL_SUM } za pierwsze 2 lata"],"30-day money-back guarantee":["30-dniowa gwarancja zwrotu pieniędzy"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Płatne ${ TOTAL_SUM } za pierwsze 2 lata"],"Billed at ${ TOTAL_SUM } for the first year":["Płatne ${ TOTAL_SUM } za pierwszy rok"],"You save ${ SAVE_SUM }":["Oszczędzasz ${ SAVE_SUM }"]},"specialoffer:off":{"${ PERCENT_OFF } off":["-${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Uwielbiam ProtonMail"],"My favorite email service":["Moja ulubiona usługa e-mail"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Dziękuję Protonowi za dbanie o nasze bezpieczeństwo w skomplikowanym internetowym uniwersum."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Dostajesz to, za co płacisz. W przypadku przedsiębiorstw big tech, jeśli nie płacisz nic, zostaniesz wykorzystany. Przestałam korzystać z Gmail i przeniosłam się na @ProtonMail"]},"specialoffer:time":{"Days":["Dni"],"Hours":["Godz."],"Min":["Min"]},"specialoffer:title":{"And much more":["I wiele więcej"],"Make your inbox yours":["Spraw, aby Twoja skrzynka odbiorcza była naprawdę Twoja"],"Safe from trackers":["Bezpieczeństwo od skryptów śledzących"],"Stay organized":["Zachowaj porządek"],"Black Friday email deals":["Oferty e-mailowe na Czarny Piątek"],"Don’t just take our word for it":["Nie musisz wierzyć nam na słowo"],"Our story":["Nasza historia"],"Transfer your data from Google in one click":["Przenieś dane z Google jednym kliknięciem"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Uzyskaj dostęp do zablokowanych treści i przeglądaj prywatnie Internet. Obejmuje ponad ${ TOTAL_VPN_SERVERS } serwerów w ponad ${ TOTAL_VPN_COUNTRIES } krajach z możliwością połączenia do 10 urządzeń, a także dostęp do globalnych usług streamingu, blokadę reklam, złośliwego oprogramowania i wiele więcej."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Łatwo udostępniaj swój kalendarz rodzinie, znajomym oraz współpracownikom i wyświetla kalendarze zewnętrzne."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Zawiera obsługę 1 niestandardowej domeny e-mail, 10 adresów e-mail, 10 aliasów hide-my-email, udostępnianie kalendarza i nie tylko."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Obejmuje obsługę 3 niestandardowych domen e-mail, 15 adresów e-mail, nielimitowane aliasy hide-my-email, udostępnianie kalendarza i nie tylko."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Zarządzanie nawet 25 kalendarzami, aplikacje mobilne, bezpieczne szyfrowanie metodą end-to-end, importowanie kalendarza za pomocą jednego kliknięcia z Google i więcej."]},"Status banner":{"Learn more":["Dowiedz się więcej"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Uwaga: obecnie występują problemy z usługą ${ issues[0] }."],"We are experiencing issues with one or more services at the moment.":["Mamy problemy z co najmniej jedną usługą."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["W tej chwili mamy problemy z usługą Proton VPN"],"Learn more":["Dowiedz się więcej"]},"steps":{"Step":["Krok"]},"suggestions":{"Suggestions":["Sugestie"]},"Support":{"Sub category":["Podkategoria","Podkategorie","Podkategorii","Podkategorii"]},"Support article":{"${ readingTime } min":["${ readingTime } min","${ readingTime } min","${ readingTime } min","${ readingTime } min"],"Category":["Kategoria","Kategorie","Kategorii","Kategorii"],"Didn’t find what you were looking for?":["Nie znaleziono szukanej frazy?"],"General contact":["Skontaktuj się, wykorzystując ogólne zapytanie"],"Get help":["Uzyskaj pomoc"],"Legal contact":["Skontaktuj się z działem prawnym"],"Media contact":["Skontaktuj się z zespołem medialnym"],"Partnerships contact":["Skontaktuj się z zespołem ds. partnerstwa"],"Reading":["Odczytywanie"]},"Support troubleshooting":{"App version":["Wersja aplikacji"],"Browser":["Przeglądarka"],"Check if this helps":["Sprawdź, czy to pomoże"],"Choose a product":["Wybierz produkt"],"Did this solve your issue?":["Czy Twój problem został rozwiązany?"],"Faster assistance is just a few clicks away":["Szybsze wsparcie uzyskasz w kilka kliknięć"],"How can we help?":["Jak możemy pomóc?"],"No, contact support":["Nie, skontaktuj się z pomocą techniczną"],"Please fill out one field after another":["Wypełnij pola jedno po drugim"],"Please make your selections":["Dokonaj wyboru"],"Proton account":["Konto Proton"],"Proton for Business":["Proton for Business"],"Thank you for your feedback":["Dziękujemy za podzielenie się opinią"],"What can we help with?":["W czym możemy pomóc?"],"Yes":["Tak"]},"support_modal_search_query":{"Search query":["Zapytanie wyszukiwania"]},"support_search_button":{"Search":["Szukaj"]},"support_search_i_am_looking_for":{"I'm looking for":["Szukam"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["W celu szybszego rozwiązania problemu dokonaj zgłoszenia przez aplikację Bridge: Pomoc > Zgłoś problem."],"Information":["Informacje"]},"SupportForm:option":{"Account Security":["Bezpieczeństwo konta"],"Contacts":["Kontakty"],"Custom email domain":["Niestandardowa domena e-mail"],"Email delivery and Spam":["Dostarczanie wiadomości e-mail i spam"],"Encryption":["Szyfrowanie"],"Login and password":["Login i hasło"],"Merge aliases and accounts":["Scalanie aliasów i kont"],"Migrate to Proton":["Migracja do Proton"],"Notifications":["Powiadomienia"],"Other":["Inne"],"Plans and billing":["Plany i rozliczenia"],"Proton for Business":["Proton for Business"],"Sign up":["Rejestracja"],"Storage":["Przestrzeń dyskowa"],"Users, addresses, and identities":["Użytkownicy, adresy i tożsamości"]},"SupportForm:optionIntro":{"Select a topic":["Wybierz temat"]},"swiss_baseed_feature":{"Swiss based":["Ulokowany w Szwajcarii"]},"Testimonial":{"Awards":["Nagrody"],"Customers":["Klienci"],"Featured":["Wyróżnione"],"Go to testimonial source":["Przejdź do źródła referencji"],"Open source of award":["Otwórz źródło nagrody"],"Open source of quote":["Otwórz źródło cytatu"],"Reviews":["Opinie"],"Videos":["Pliki wideo"],"Watch on TikTok":["Oglądaj na TikTok"],"Watch on YouTube":["Oglądaj na YouTube"]},"TestimonialCategory":{"Awards":["Nagrody"],"Customers":["Klienci"],"Featured":["Wyróżnione"],"Media":["Multimedia"],"Reviews":["Opinie"],"Videos":["Pliki wideo"]},"Text":{"If you need help, check out our ${ supportLink }.":["Jeśli potrzebujesz pomocy, sprawdź naszą ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["Strona, której szukasz, mogła zostać usunięta lub link jest przestarzały."]},"Title":{"On this page":["Na tej stronie"],"Related articles":["Powiązane artykuły"],"Share ${ thisPage }":["Udostępnij ${ thisPage }"],"Switch to Proton Pass - Contact us":["Przejdź na Proton Pass - Skontaktuj się z nami"],"Thank you!":["Dziękujemy!"],"this page":["tę stronę"]},"Tooltip":{"More information":["Więcej informacji"]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Uzyskaj dostęp do zablokowanych treści i przeglądaj prywatnie Internet. Obejmuje ponad ${ TOTAL_VPN_SERVERS } serwerów w ponad ${ TOTAL_VPN_COUNTRIES } krajach, najwyższe prędkości VPN, ${ TOTAL_VPN_CONNECTIONS } połączeń VPN, usługi streamingu na całym świecie, blokowanie reklam oraz złośliwego oprogramowania i wiele więcej."]},"wallet_signup_2024:Action":{"Get Proton Wallet":["Wybierz Proton Wallet"]},"wallet_signup_2024:Homepage hero product link title":{"Wallet":["Portfel"]},"wallet_signup_2024:Homepage product navigation bar":{"Wallet":["Portfel"]},"wallet_signup_2024:menu item":{"Bitcoin guide":["Przewodnik po systemie Bitcoin"],"Proton Wallet news":["Aktualności Proton Wallet"],"Proton Wallet support":["Wsparcie dla Proton Wallet"]},"wallet_signup_2024:Pricing":{"Includes everything in Proton Unlimited and":["Zawiera wszystko, co Proton Unlimited oraz"],"Limited availability":["Ograniczona dostępność"],"The easiest way to securely own, send, and receive Bitcoin":["Najprostszy sposób na bezpieczne przechowywanie, wysyłanie i odbieranie waluty Bitcoin"]},"wallet_signup_2024:ProductRange":{"Discover Proton Wallet":["Odkryj rozwiązanie Proton Wallet"],"Store and transact Bitcoin privately with an encrypted self-custody wallet.":["Bezpiecznie przechowuj i przesyłaj Bitcoiny dzięki szyfrowanemu portfelowi typu self-custody."]},"wallet_signup_2024:wallet bitcoin":{"Learn about Bitcoin, the Internet's value network.":["Dowiedz się więcej o internetowym systemie gotówkowym Bitcoin."]},"wallet_signup_2024:wallet overview":{"Ensure you're always in control of your Bitcoin.":["Miej pełny nadzór nad swoimi Bitcoinami."]},"wallet_signup_2024:wallet security":{"The encrypted, open-source wallet that puts you in control.":["Szyfrowany portfel o otwartym kodzie źródłowym, który daje Ci pełną kontrolę."]}}},"base":"blog","cdn":{"enabledForAssets":true,"enabledForImages":true,"url":"https://pmecdn.protonweb.com/"},"unleashApi":"https://account.proton.me/api"};
window.frameworkContext = frameworkContext;
const context = frameworkContext.base === '' ? '' : `${frameworkContext.base}/`;
window.__toAssetUrl = (filename) => {
if (frameworkContext.cdn !== undefined && frameworkContext.cdn.enabledForAssets === true) {
return `${frameworkContext.cdn.url}${context}${filename}`;
} else {
return `/${context}${filename}`;
}
};
})();
What is a ransomware attack? (and 11 famous examples) | Proton
Ransomware attacks are a serious concern for organizations. In these attacks, cybercriminals typically encrypt a company’s data, making it inaccessible until a ransom is paid.
These breaches can do far more than disrupt daily operations. Suffering a ransomware attack both exposes an organization’s security shortcomings and allows sensitive information to fall into the hands of bad actors. It can cause significant financial and reputational damage that can be harder to recover than the data itself — many organizations lose thousands, if not millions, of dollars in the aftermath.
This article will explore what a ransomware attack is, recount some of the most well-known incidents, and outline how you can protect yourself and your organization from an attack by using secure business solutions.
Ransomware is a form of malware that encrypts a victim’s data or locks them out of their files and systems. The attackers behind it usually demand payment from their victims (often in cryptocurrency) to let them regain access and avoid sensitive data leaks.
Attack methods often involve exposed passwords or phishing emails and malicious downloads that act as Trojan horses for bad actors to gain access to an organization’s systems. Common targets include government institutions, corporations, hospitals, and prominent individuals for whom such attacks can cause major financial losses and operational disruptions.
Most legal authorities encourage victims not to give in to ransom requests. Even if you pay the ransom, there is no guarantee the attackers will release the data, and paying creates an incentive to target you again. Ultimately, the decision whether to pay depends on your circumstances and should only be a last resort. The best way to avoid paying a ransom is to keep your network secure in the first place.
Famous ransomware attacks
In 2023, the total amount of money received by ransomware attackers amounted to $1.1 billion(nowe okno) — an increase of over 140% from the previous year. These attacks are why many organizations enforce security measures such as end-to-end encryption or multi-factor authentication. Some even hold dedicated budgets to pay attackers whenever they strike.
Here are some of the most well-known ransomware attacks to occur throughout the past decade.
Johnson Controls ransomware attack
In 2023, attackers targeted the US building automation and security company Johnson Controls. The attackers, believed to be ransomware group Dark Angels, caused significant disruptions and limitations to the organization’s operations. It is reported that the attackers stole 27 TB of data and encrypted the company’s servers and other devices. They then demanded a $51 million ransom(nowe okno). This breach was particularly concerning for the Department of Homeland Security(nowe okno), with which Johnson Controls holds classified contracts. While it is unclear whether Johnson Controls paid the ransom, the company reported(nowe okno) that the response and remediation costs were approximately $27 million.
ICBC Bank ransomware attack
The Industrial and Commercial Bank of China (ICBC) is the largest bank in the world(nowe okno) with assets amounting to 6.3 trillion dollars in 2023 — the same year that ICBC’s US unit was victim of a ransomware attack claimed by cybercriminal group LockBit. The attack disrupted the bank’s financial services, blocking access to customer data and transaction systems. As a result ICBC became temporarily indebted to BNY Mellon for $9 billion(nowe okno) in unsettled trades, and employees were forced to use Gmail because their corporate email was no longer available — further exposing the bank to the Pandora’s box of Google privacy concerns. According to LockBit, ICBC paid a ransom to minimize the significant disruption already caused; however, the exact value of the payment has not been confirmed.
WannaCry ransomware attack
In 2017, attackers used the WannaCry ransomware cryptoworm to exploit a vulnerability in Windows operating systems. The attack affected over 200,000 systems globally, including hospitals, governments, and businesses. It resulted in an estimated $4 billion in damages worldwide and was one of the largest ransomware attacks in history. Victims included the National Health Service (NHS) in England and Scotland. Around 70,000 NHS devices, including MRI scanners and blood-storage refrigerators, are estimated to have been affected by WannaCry, which resulted in some non-critical patients having to be turned away for care. The attack caused controversy when it was revealed that the The National Security Agency already knew about the vulnerability but, rather than share the information with Microsoft, used it for their own advantage.
Fulton County ransomware attack
The 2017 attack on government infrastructure in Fulton County, Georgia(nowe okno) led to numerous public service disruptions, partially within the county court system. The attack was claimed by LockBit, which, in a bid for ransom, threatened(nowe okno) to “demonstrate how local structures negligently handled information protection” and reveal documents marked as confidential alongside lists of those responsible for that confidentiality. The data accessed by LockBit included Fulton County residents’ personal information and records relating to former President Donald Trump’s pending criminal case. Despite the threat, the county — which was working with legal officials — refused to pay the ransom(nowe okno) and worked to gradually restore its systems.
Philhealth Medusa ransomware attack
Philhealth is a state-owned corporation that provides universal health coverage in the Philippines. In 2023, ransomware group Medusa stole almost 750 GB of data from the corporation, potentially affecting millions(nowe okno) of Philhealth members. The stolen data included sensitive medical information, patient names, dates of birth, and addresses. In response to the ransomware attack, the corporation refused to pay the demanded ransom of $300,000, and instead issued an alert(nowe okno) to those who may have been affected, informing them of the need to monitor their credit card reports and financial accounts.
British Library ransomware attack
In 2023, a ransomware attack encrypted the British Library’s data and systems, disrupting access to digital resources and archives. When the library did not give in to the attacker’s demands for payment, the data — which included the personal data of the library’s staff and users — was put up for auction and later dumped on the dark web. The attackers also destroyed some servers to inhibit system recovery and to cover their tracks, deleting around 600 GB of data in the process. A report(nowe okno) published by the British Library identified several vulnerabilities that may have facilitated the attack. These included a reliance on third-party support and a lack of multi-factor authentication measures for internal systems. However, the exact point and method of entry has not been confirmed.
Colonial Pipeline ransomware attack
Colonial Pipeline is the largest fuel pipeline in the US and supplies almost half of the gasoline on the East Coast. A 2021 ransomware attack on the corporation caused widespread fuel shortages as it ceased operations for several days, prompting gasoline panic-buying and price spikes(nowe okno) in some states. Colonial Pipeline paid a ransom(nowe okno) of $4.4 million in the form of 75 bitcoin to the attackers, however around 64 bitcoin of the ransom was later recovered by the DOJ. The attack is believed to have been facilitated by an employee password that was found on the dark web and demonstrates the importance of secure password management for businesses.
HCL Technologies ransomware attack
In 2023, one of the world’s largest IT companies, HCL Technologies, was hit by a ransomware attack that impacted its global operations, disrupted client services, and lost confidential data.
On the day the attack occurred, shares of the company fell on the National Stock Exchange of India. While the attack did not seem to significantly disrupt HCL Technologies’ operations, it does highlight the potential vulnerabilities of cloud environments, which can be targets for attackers who identify vulnerabilities during the data upload and retrieval process. End-to-end encrypted cloud environments, like Proton Drive, protect against these risks by encrypting data throughout its journey, so that even if it is intercepted, it cannot be accessed without authorization.
CDK ransomware attack
Automotive software company CDK Global suffered what it called a “cyber ransom event(nowe okno)” in 2023. The attackers encrypted CDK Global’s data, disrupting thousands of auto dealerships that use the company’s software for operations, including scheduling, sales, and orders. It is reported that the company paid a $25 million ransom(nowe okno) to the attackers two days after the attack. Despite this it still faced a lengthy recovery process, reputational damage, and questions surrounding potential customer data breaches. Multiple dealerships affected by the breach filed complaints(nowe okno) with the Securities and Exchange Commission.
Ascension ransomware attack
In 2022, major US healthcare organization Ascension(nowe okno) was attacked by Black Basta.The attack disrupted access to digital health records, phone systems, and systems used to order tests, procedures, and medication. As a result, doctors and nurses were faced with significant challenges in their ability to treat patients for multiple weeks. The attack is believed to have occurred after an individual working in one of Ascension’s facilities accidentally downloaded a malicious file(nowe okno).
Sony ransomware attack
In 2014, Sony Pictures was attacked by a group dubbed Guardians of Peace. During the attack, vast amounts of confidential information were lost or leaked, including sensitive employee data and unreleased media. US investigators have attributed blame for the attack to North Korean hackers and believe it was in response to plans to release The Interview, a movie that depicts the fictional assassination of leader Kim Jong Un. In response to the attack, Sony Pictures(nowe okno) canceled its plans to release the movie in theaters as planned, which raised numerous questions on the topic of free speech and expression.
Protect your organization from a ransomware attack
From accidental downloads to exposed passwords, many ransomware attacks occur as a result of human error. So, the best way to protect your organization from a ransomware attack is by implementing strict security practices for you and your employees to follow — such as not downloading files sent by external email addresses or using multi-factor authentication to access internal systems.
Alongside this, one of the most reliable ways to secure your organization’s data is by using an end-to-end encrypted cloud storage solution like Proton Drive. Unlike cloud storage services like Google Drive or Dropbox, your files and folders are encrypted with a key that only you possess — not even Proton can access your data. This makes it far less susceptible to attackers in the event of a server breach.
If your organization does ever experience data loss, Proton Drive’s version history feature lets you restore older versions of files that may have been accidentally overwritten or altered. And, as Proton Drive is part of a suite of solutions, you may also consider using Proton’s encrypted email, password manager, or virtual private network(nowe okno) to strengthen your organization’s security across your entire network.
Dbaj o prywatność swoich plików, udostępniaj je bezpiecznie