By June, we’ve already seen many high-profile attacks on corporations and firms across the country and the world. Just six ransomware groups are responsible for breaching the cybersecurity defenses of over 290 organizations. These criminal organizations have so far taken more than $45 million in ransom money from their attacks. Without further ado here are 10 of the biggest ransomware attacks that made headlines in just the first half of 2021.
COLONIAL PIPELINE
Of all of the cyber and ransomware attacks in 2021 so far, the breach of Colonial Pipeline in late April had the most news coverage. As Touro College Illinois Cybersecurity Program Director Joe Giordano notes, “The Colonial Pipeline attack made such an impact because the pipeline is an important part of the national critical infrastructure system. Taking the system down disrupted gas supplies all along the East Coast of the United States, causing chaos and panic.”
As most Americans are directly impacted by gasoline shortages, this attack hit close to home for many consumers. The DarkSide gang was behind the attack and targeted the firm’s billing system and internal business network, leading to widespread shortages in multiple states. To avoid further disruption, Colonial Pipeline eventually gave in to the demands and paid the group $4.4 million dollars in bitcoin.
This attack was particularly dangerous because consumers started to panic and ignored safety precautions. Some East Coast residents tried to hoard gasoline in flammable plastic bags and bins, and one car even caught on fire. After the chaos receded, government officials confirmed that Colonial Pipeline’s cybersecurity measures were not up to par and may have been prevented if stronger protection was in place.
Thankfully, US law enforcement was able to recover much of the $4.4 million ransom payment. The FBI was able to trace the money by monitoring cryptocurrency movement and digital wallets. But finding the actual hackers behind the attack will prove a lot harder.
Although much of the money was recovered, Giordano doesn’t see hacker groups backing down in the near future. “I think bad actors will be increasing their efforts in terms of ransomware attacks. Because of the type of attack that it is and the anonymity of the Internet and dark web, it makes ransomware attacks a low-risk endeavor for attackers looking to make some quick money. So many companies and institutions still have weak security, and strong security requires constant vigilance and updates, not a one-time upgrade. When more organizations start to take cybersecurity seriously and invest the time and resources to combat threats, we’ll start to see these threats diminish.”
BRENNTAG
At around the same time in early May 2021, the same notorious hacker group that targeted Colonial Pipeline, DarkSide, also targeted Brenntag, a chemical distribution company. After stealing 150 GB worth of data, DarkSide demanded the equivalent of $7.5 million dollars in bitcoin.
Brenntag soon caved to the demands and ended up paying $4.4 million. Although it was a little more than half of the original demand, it still stands as one of the highest ransomware payments in history. As of yet, the money has not been recovered.
ACER
Also in May this year, the computer manufacturer Acer was attacked by the REvil hacker group, the same group responsible for an attack on London foreign exchange firm Travelex. The $50 million ransom stood out as the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to Acer’s files and leaked images of sensitive financial documents and spreadsheets.
JBS FOODS
Although Spring 2021 held hopeful news for the end of the pandemic, the increased trend of cyber attacks that began in 2020 showed no signs of slowing down. Another high-profile ransomware attack took place this May on JBS Foods, one of the biggest meat processing companies in the world. The same Russia-based hacking group that attacked Acer, REvil, is thought to be behind the attack. (CNN)
Although there weren't any major food shortages as a result of the attack, government officials told consumers not to panic buy meat in response. On June 10th, it was confirmed that JSB paid the $11 million ransom demand after consulting with cybersecurity experts. This massive payment in bitcoin is one of the largest ransomware payments of all time. (CBS News)
QUANTA
As with the Acer attack, the REvil gang also demanded a $50 million ransom from computer manufacturer Quanta in April. Although Quanta may not be a household name, the company is one of Apple’s major business partners. After the firm refused negotiations with the hacker group, REvil targeted Apple instead. After leaking Apple product blueprints obtained from Quanta, they threatened to release more sensitive documents and data. As of May, however, REvil seems to have called off the attack, and Apple has not mentioned the cyber attack.
NATIONAL BASKETBALL ASSOCIATION (NBA)
Businesses and organizations from all different kinds of industries are targeted by ransomware attacks. One of the more surprising on the list this year was the National Basketball Association (NBA). In mid-April of this year, the hacker group Babuk claimed to have stolen 500 GB of confidential data concerning the Houston Rockets. Babuk warns that these confidential documents, including financial info and contracts, will be made public if their demands are not met. As of this posting, no ransom payments have been made.
AXA
This May, the European insurance company AXA was attacked by the Avaddon gang. The attack happened soon after the company announced important changes to their insurance policy. Essentially, AXA stated they would stop reimbursing many of their clients for ransomware payments. This unique (and somewhat ironic) attack on a cyber-insurance firm made headlines and the hacker group gained access to a massive 3 TB of data. (BlackFog)
CNA
Earlier this year in March, another large insurance firm fell victim to a ransomware attack. CNA’s network was attacked on March 21(opens in a new tab) and the hacker group encrypted 15,000 devices, including many computers of employees working remotely. The attack is supposedly linked to the hacker group Evil Corp and uses a new type of malware called Phoenix CryptoLocker.
CD PROJEKT
CDProjekt Red is a popular videogame development firm based in Poland. In February of this year, the firm was hacked by the HelloKitty gang. The hacker group accessed source code to game projects in development and encrypted devices. However, CDProjekt has no plans to pay the ransom money, and has backups in place to restore the lost data. (ExtremeTech)
KIA MOTORS
This February, Kia Motors, a subsidiary of Hyundai, was reportedly hacked with ransomware. Although Kia reported a widespread IT and systems outage, they did not confirm the hack. Still, many experts believe the claims by the DoppelPaymer gang demanding a $20 million ransom. The gang has released some stolen data, but updates on the hack have not surfaced in the news for the past few months.
2 KEY COMPONENTS THAT ARE NECESSARY TO FIX THIS ISSUE
There are two key components necessary to address this issue. One is that companies need to take cybersecurity seriously and invest in it with adequate resources. Secondly, there needs to be more highly educated cybersecurity experts ready to address the scourge of ransomware attacks we’re currently facing.