10 of the biggest ransomware attacks of 2021
Hackers exploit safety flaws globally, withhold the information of organizations, governments, and healthcare agencies. In 2021, ransomware attacks against Colonial Pipeline, JBS foods, and different big corporations was all around the media tabloids.
On May 7, Colonial Pipeline Co. became a victim of a ransomware attack. The system’s failure impacted gas delivery all over the US East Coast, causing panic and confusion. Colonial paid a $4.4 million in ransom just to have their operations back to normal.
The DarkSide group masterminded this attack, in which they targeted the firm’s billing system and internal operations.
Acer was a strong target by the REvil hacking group. This gang exploited a vulnerability in a Microsoft Exchange server to gain access to Acer files.
TechTarget’s associate newspaper LeMagIT discovered a sample of REvil ransomware on the Hatching Triage malware analysis website. It involved a link to a REvil ransomware lawsuit for $ 50 million in Monero cryptocurrency.
Sometime in May this year, the Avaddon gang attacked AXA. This was a targeted ransomware attack that hampered its operations in Thailand, Malaysia, Hong Kong, and the Philippines.
AXA stated that they would no longer reimburse many of their customers for ransomware payments. This targeted attack made headlines in which the cybercriminals gained access to a massive 3 TB of data.
On May 30, JBS confirmed that the REvil ransomware group attacked the global beef producer prompting the company to slam into the wall and knock it off and cease operations. This happened days after Colonial Pipeline Co. announced that it had paid a hefty ransom to these hackers.
The attackers got away with an estimated sum of about $11 million in ransom after the attack.
In February this year, Kia Motors which is a Hyundai subsidiary, was said to have been hacked with ransomware. Although many experts trust that the DoppelPaymer gang demanded a $20 million ransom, the group released a few stolen information. Later on, there were reports on the attack which have not come up in the news since then.
Some time ago, BleepingComputer reported that Kia Motors America is experiencing an IT outage across the country affecting its servers, self-pay services, dealer platforms, and phone support system.
After that, Kia employees told BleepingComputer it was a nationwide outage that began on February 23.
REvil ransomware attackers struck once more on April 20 against Apple pc producer Quanta laptop. Even though the gang also sought a $50 million ransom from Quanta, despite not being a household name, the company is one of Apple’s key business partners.
After the company refused to negotiate with the hacking group, REvil later on took steps to target Apple. Thereafter, Quanta leaked Apple’s product plans in which they threatened to release more confidential information and documents.
However, in May, REvil appears to have called off the attack and Apple has not revealed anything about the cyberattack since. After a short while, a statement on its website confirmed that it was targeted by cybercriminals attempting to pose a significant threat and allegedly attempting to blackmail both Quanta and Apple.
CDProjekt Red is a famous videogame development company primarily based in Poland. In February of this year, the company got hacked by the HelloKitty gang in which they had accessed source codes to game projects in development and encrypted devices.
Furthermore, the cyber-criminals reportedly stole source codes for a number of the company’s video games. These games consist of Cyberpunk 2077, Gwent, The Witcher 3, as well as the unreleased model of The Witcher 3.
According to CD Projekt Red, the stolen information is now being spread online. However, CDProjekt has no plans to pay the ransom money and has backups in region to restoration the lost data.
IRELAND’S HEALTH SERVICE EXECUTIVE (HSE)
On May 14, the government organization that operates all public health services in Ireland shut down IT systems. This happened after a ransomware attack struck the company in which they have not recovered from till this day. The attack affected many health services in Ireland, for example, the processing and diagnosis of blood tests amongst other services.
Despite the interruptions, the organization refused to pay the $ 20 million ransom in Bitcoin. They avoided paying because the ransomware group Conti gave away the decryption key for the software for free. However, the Irish healthcare system continued to experience significant disruptions for months as it restored 2,000 ransomware-affected IT systems.
Later on, HSE made an official statement on its website informing that a small amount of HSE information has appeared on the darknet and also, that steps are being taken to help those affected by it.
Kaseya, an IT services company serving MSP and business clients, was another victim of the REvil ransomware . Although only 0.1% of Kaseya’s customers were affected by a security breach, an estimated 800 to 1,500 SMBs were affected by its MSP.
In addition, the attackers recognized a chain of vulnerabilities ranging from flawed authentication validation to SQL injection which is in Kaseya’s on-premises VSA software, in which groups generally run in their DMZs.
Formerly, REvil used to be then in a position to use MSP’s Remote Monitoring and Management (RMM) tools to push out the assault to all linked agents.
DC POLICE DEPARTMENT
In April, the Metropolitan Police Department in D.C. experienced a ransomware attack from Russian Babuk group. The police department refused to comply with the group’s $4 million demand in trade for not leaking the agency’s data.
The assault resulted in a large leak of inside data that is amounting to 250GB in information which covered police officer disciplinary archives and intelligence reports.
In conclusion, experts stated that it was the worst ransomware to hit a U.S. police department.
In this article we presented 10 of the major ransomware attacks that has happened this year and how they affected certain organizations.