Ransomware
CryptoLocker
aka TorrentLocker (imitators)
The 2013 ransomware that proved crypto-extortion could be hugely profitable, distributed by the Gameover ZeuS botnet until Operation Tovar.
CryptoLocker is the ransomware that proved the business model. From September 2013 it encrypted victims' files with strong RSA + AES crypto and demanded payment in Bitcoin or prepaid vouchers within a countdown deadline — and, unlike earlier "scareware," it actually held the keys.
Distribution
CryptoLocker spread largely via the Gameover ZeuS botnet (see Zeus) and malspam, extorting an estimated tens of millions of dollars from victims worldwide.
Operation Tovar
In June 2014, a multinational law-enforcement effort (Operation Tovar) took down Gameover ZeuS and crippled CryptoLocker's distribution; keys were later recovered for a free decryption service. The takedown is profiled on Cyber Breaches. It nonetheless inspired the entire modern ransomware wave.
Defense
Offline backups, malspam filtering, and blocking botnet distribution channels.