10 of the biggest ransomware attacks of 2021
Hackers are exploiting safety flaws globally, withholding the information of organizations, governments, and healthcare agencies and demanding tens of tens of millions of dollars in ransom. Even though the year is only midway through, the world has already seen unprecedented ransomware attacks on critical infrastructure, colleges, and healthcare networks.
In 2021, ransomware attacks against Colonial Pipeline, JBS foods, and different big corporations was all around the media tabloids.
On May 7, Colonial Pipeline Co. became a victim of a ransomware attack. According to Joe Giordano, head of the Touro College Illinois Cybersecurity Program, “the Colonial Pipeline attack had such an impact because the pipeline is a vital part of the national critical infrastructure system.” The system’s failure impacted gas delivery all over the US East Coast, causing panic and confusion. Despite having backups, Colonial paid a $4.4 million demand to be back online as soon as possible, it was later discovered.
Because most Americans are directly affected by gasoline shortages, many people found this strike very personal. The DarkSide group masterminded this attack, in which they targeted the firm’s billing system and internal operations. According to the Department of Justice, the FBI confiscated a port roughly a month later.
Sometime in May, computer maker Acer was targeted by the REvil hacking group, the same group that was responsible for an attack on the London-based foreign exchange company Travelex. The $50 million ransom was the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to gain access to Acer files and leaked images of confidential financial documents and spreadsheets.
TechTarget’s associate newspaper LeMagIT discovered a sample of REvil ransomware on the Hatching Triage malware analysis website. It involved a link to a REvil ransomware lawsuit for $ 50 million in Monero cryptocurrency.
Sometime in May this year, the European insurance company AXA was attacked by the Avaddon gang. The attack came a week after cyber insurer AXA France declared that it had changed its cyber insurance policy to discontinue coverage for ransom payments. On May 18, AXA stated that the branch was the victim of a targeted ransomware attack that hampered its operations in Thailand, Malaysia, Hong Kong, and the Philippines. AXA also stated that they would no longer reimburse many of their customers for ransomware payments. This targeted attack made headlines in which the cybercriminals gained access to a massive 3 TB of data.
Days after Colonial Pipeline Co. announced that it had paid a hefty ransom, JBS confirmed that the REvil ransomware group attacked the global beef producer on May 30, prompting the company to slam into the wall and knock it off and cease operations. The same Russia-based hacking group that attacked Acer, REvil, is believed to be behind the attack. Although there was no serious food shortage because of the cyber-attack, government officials urged consumers not to panic about buying meat in response. On June 10, it was confirmed that JSB paid the $ 11 million ransom, after reaching out to cybersecurity experts. This massive payment in Bitcoin is one of the largest ransomware payments ever made. One of the reasons JBS reported the payment was to make sure no data was leaked, but the vast majority of the company’s facilities were up and running at the same period the payment was made.
In February this year, Kia Motors, a Hyundai subsidiary, was said to have been hacked with ransomware, although many experts trust that the DoppelPaymer gang demanded a $20 million ransom. The group released a few stolen information, whereas reports on the attack have not come up in the news since then.
Some time ago, BleepingComputer reported that Kia Motors America is experiencing an IT outage across the country affecting its servers, self-pay services, dealer platforms, and phone support system. Kia employees told BleepingComputer it was a nationwide outage that began on February 23. According to Piyush Pandey, CEO at Appsian, it was reported that the attack against Kia Motors is a reminder that cybercriminals are primarily targeting data. In recent times, organizations spend their resources focused on their perimeter, but the primary focus should be to ensure the safety of data.
REvil ransomware attackers struck once more on April 20 against Apple pc producer Quanta laptop. The gang also sought a $ 50 million ransom from Quanta, and while Quanta may not be a household name, the company is one of Apple’s key business partners. After the company refused to negotiate with the hacking group, REvil took steps to target Apple. After Quanta leaked Apple’s product plans, they threatened to release more confidential information and documents. However, in May, REvil appears to have called off the attack and Apple has not revealed anything about the cyberattack since.
In a statement on its website, Quanta confirmed that it was targeted by cybercriminals attempting to pose a significant threat and allegedly attempting to blackmail both Quanta and Apple.
CDProjekt Red is a famous videogame development company primarily based in Poland. In February of this year, the company got hacked by the HelloKitty gang in which they had accessed source codes to game projects in development and encrypted devices. The cyber-criminals reportedly stole source codes for a number of the company’s video games, consisting of Cyberpunk 2077, Gwent, The Witcher 3, as well as the unreleased model of The Witcher 3.
According to CD Projekt Red, the stolen information is now being spread online. The organization additionally stated that it effected various protection measures after the attack. However, CDProjekt has no plans to pay the ransom money, and has backups in region to restoration the lost data.
IRELAND’S HEALTH SERVICE EXECUTIVE (HSE)
On May 14, the government organization that operates all public health services in Ireland shut down IT systems after a ransomware attack and since that time, services have yet to return to normal. The attack affected many health services in Ireland, such as the processing and diagnosis of blood tests. Although the HSE systems were disconnected only as a precautionary measure and the National Ambulance Services were operating normally, access to many health services was interrupted.
It was not until June 30 that the online record of health insurance certificates was restored. Despite the interruptions, the organization refused to pay the $ 20 million ransom in Bitcoin and avoided paying because the ransomware group Conti gave away the decryption key for the software for free. However, the Irish healthcare system continued to experience significant disruptions for months as it restored 2,000 ransomware-affected IT systems.
HSE made an official statement on its website informing that a small amount of HSE information has appeared on the darknet and that steps are being taken to help those affected by it. However, there was proof that both information belonging to patient and staff was accessed in the cyberattack, and that some of the data was disclosed, as well as leaked private records of names, addresses, phone numbers and 4,444 addresses.
Kaseya, an IT services company serving MSP and business clients, was another victim of the REvil ransomware, this time over the July 4 holiday weekend. Although only 0.1% of Kaseya’s customers were affected by a security breach, an estimated 800 to 1,500 SMBs were affected by its MSP. These stores included 800 branches of Coop, a Swedish supermarket chain that had to close temporarily because its checkouts could not be opened.
The attackers recognized a chain of vulnerabilities alternating from flawed authentication validation to SQL injection which is in Kaseya’s on-premises VSA software, which groups generally run in their DMZs. REvil used to be then in a position to use MSP’s Remote Monitoring and Management (RMM) tools to push out the assault to all linked agents.
DC POLICE DEPARTMENT
In April, the Metropolitan Police Department in D.C. experienced a ransomware attack with the aid of a Russian ransomware organization recognized as the Babuk group. The police department refused to comply with the group’s $4 million demand in trade for not leaking the agency’s data. The assault resulted in a large leak of inside data that is amounting to 250GB in information which covered police officer disciplinary archives and intelligence reports. Experts stated that it was the worst ransomware to hit a U.S. police department.
In this article we presented 10 of the major ransomware attacks that has happened this year and how they affected certain organizations.