High Profile Ransomware Attacks

A timeline of the biggest ransomware attacks

Technology’s history is littered with unintended consequences. In Burning Chrome, William Gibson said “…the street has its uses. Although Bitcoin was not originally intended to be used for ransom payments it has quickly become an important tool for online criminals.

Ransomware is a type of ” malicious” that blocks access to computers and networks until a ransom is paid. Despite governments’ efforts to regulate cryptocurrency, and reduce its role in ransomware payment, attacks continue to mount.

According to Chain analysis, cryptocurrency ransomware payments amounted to $350 million in 2020. This is an increase of more than 300% over 2019. This estimate is probably too conservative, as US companies are legally obliged to report cyber attacks only when customers’ data has been compromised.

Kaseya (2021)

Kaseya declared that had infiltrated its systems on July 2, 2021. Kaseya is an IT solution provider for other companies. This made Kaseya a perfect target, which is a domino effect that had an impact on approximately 1,500 organizations across multiple countries. According to a Reuters report, Ravil, a cybercriminal organization, claimed responsibility and demanded ransoms ranging between a few thousand dollars and multiple million.

It is not clear how many businesses paid up. However, Ravil demanded $70,000,000 in bitcoin from Kaseya. Kaseya refused to pay and opted to cooperate with the FBI and US Cybersecurity and Infrastructure Agency. Kaseya received a universal encryption key on July 21st, 2021, and distributed it to affected organizations.

JBS (2021).

JBS USA, the US’s largest meat supplier, disclosed that it had been the victim of a hacker. This caused JBS USA to temporarily stop operations at five of its largest US-based facilities. The ransomware attack also affected the UK and Australia operations of JBS USA. JBS paid hackers an $11,000,000 ransom in Bitcoin, to stop further disruptions and minimize the impact on restaurants and grocery stores. FBI identified the hack as Ravil, a well-known criminal ring that is skilled in ransomware attacks.

Colonial Pipeline (2021)

After ransomware was infected by Darkside, America’s largest “refined product” pipeline, it went offline on May 7, 2021. Colonial Pipeline is a 5,500-mile-long pipeline that transports more than 100 million gallons per day. The attack had a significant impact: In the days following, the average US gallon of gasoline rose to $3 for the first time in seven-year as motorists rushed to the pumps.

According to the pipeline operator, it paid $4.4 million in cryptocurrency to hackers. The DOJ declared that it had repaid a portion of the ransom on June 7, 2021. US law enforcement officers were able to track the payment and recover $2.3 million using a private crypto wallet key.

Brenntag (2021)

German chemical distributor Brenntag was made aware that it had been the victim of a cyberattack by Darkside on April 28, 2021. Darkside stole 150GB of data and threatened to leak it if it didn’t pay ransom demands. Brenntag was able to negotiate the ransom originally set at $7.5 million with the criminals down to $4.4million. It paid the ransom on May 11.

CNA Financial (2021)

CNA Financial, the 7th largest commercial insurance company in the US, announced that it had been the victim of a sophisticated cyberattack. The attack was and was carried out in part by Phoenix, who used ransomware called Phoenix Locker. CNA Financial paid $40,000,000 to retrieve the data. CNA Financial has not disclosed the details of the transaction or the negotiations but claims that all systems have been restored since then.

CWT (2020).

CWT, a US-based business travel management company, disclosed that its systems were infected by a ransomware attack on July 31, 2020. It also revealed that it had paid the ransom. The ransomware Ragnar Locker was used by the attackers to steal sensitive corporate files and take 30,000 computers offline.