A timeline of the biggest ransomware attacks
It is impossible to avoid unintended consequences in the history of technology. As William Gibson said in Burning Chrome, “…the street finds its uses for objects.” Even though Bitcoin was not intended to be used for ransom payments when it was created, it has swiftly become a critical tool in the arsenal of internet criminals.
Ransomware is a type of “malware” that prevents users from accessing a computer or network until a ransom is paid. While countries work to regulate cryptocurrencies and reduce their role in ransomware payments, the attacks continue despite their best efforts.
According to Chain analysis, cryptocurrency ransomware payments totaled approximately $350 million in 2020, representing an increase of more than 300 percent over the previous year. Furthermore, because US corporations are only legally compelled to notify breaches if their customers’ personal information has been compromised, that estimate may be significantly too conservative.
More information can be found at The History of Hacking Ransoms and Cryptocurrency.
Below, we’ve tallied up the financial toll of some of the most high-profile incidents.
Kaseya stated on July 2, 2021, that one of their systems had been compromised. Providing IT solutions to other businesses was a perfect target for Kaseya, which, as a result of a domino effect, ended up having an impact on around 1,500 firms across different nations. According to a Reuters article, Ravil, a cybercriminal organization, claimed responsibility for the attack and sought ransoms ranging from a few thousand dollars to several millions of dollars in payment.
Whether or whether Kaseya agreed to pay up is unclear, but REvil sought $70 million in bitcoin in exchange for her cooperation. Kaseya declined to pay, instead choosing to cooperate with the FBI and the National Cybersecurity and Infrastructure Agency of the United States of America. Kaseya got a universal decryptor key on July 21, 2021, and provided it to the organizations that had been affected by the hack.
JBS USA, one of the top meat suppliers in the United States, announced on May 31, 2021, that it had been hacked, causing it to temporarily cease operations at five of its main US-based plants. The ransomware attack also caused significant disruptions to the company’s operations in Australia and the United Kingdom. An $11 million ransom in Bitcoin was paid to the hackers by JBS to prevent additional disruption and to limit the damage to grocery stores and restaurants. The FBI determined that the hack was carried out by Ravil, a sophisticated criminal ring that is well-known for its ransomware attacks.
Colonial Pipeline (2021)
On May 7, 2021, America’s largest “refined products” pipeline fell offline when a hacker organization known as Darkside penetrated it with malware, causing it to be shut down completely. It carries more than 100 million gallons of petroleum each day through a network of pipelines that span more than 5,500 kilometers. Following the attack, the average price of a gallon of gasoline in the United States surged to more than $3 per gallon for the first time in seven years, as cars flocked to the petrol pumps in record numbers.
According to the pipeline operator, it paid the hackers $4.4 million in cryptocurrencies in exchange for their services. On June 7, 2021, the Department of Justice stated that it had retrieved a portion of the ransom money. Using a private key for a bitcoin wallet, law enforcement agents in the United States were able to track down the payment and recover $2.3 million.
When the German chemical wholesaler Brenntag discovered it had been the target of a cyberattack by Darkside on April 28, 2021, they were alarmed. Darkside had stolen 150GB of data, which it threatened to release if ransom demands were not met. After a series of negotiations with the perpetrators, Brenntag was able to reduce the original ransom demand of $7.5 million to $4.4 million, which the company paid on May 11th.
CNA Financial (2021)
CNA Financial, the seventh-largest commercial insurer in the United States, announced on March 23, 2021, that it had been the victim of a “sophisticated cybersecurity attack.” The attack was carried out by a cybercrime syndicate known as Phoenix, which employed ransomware known as Phoenix Locker to extort money from victims. Finally, in May, CNA Financial paid a total of $40 million to reclaim the information. While CNA has been tight-lipped about the specifics of the discussion and transaction, the company claims that all of its systems have been fully restored since the incident.
On July 31, 2020, the corporate travel management company CWT announced that it had been impacted by a ransomware attack that had compromised its systems — and that it had paid the ransom demanded by the attackers. Ransomware named Ragnar Locker was used by the attackers, who claimed to have stolen valuable corporate files and taken down 30,000 systems at the target organization.
Given that CWT is a service provider to one-third of the firms in the S&P 500 index, the data release might have been terrible for the company’s operations. As a result, on July 28, just a few days before Reuters broke the story, the business paid the hackers around $4.5 million in compensation.
The University of California at San Francisco (2020)
It was announced on June 3, 2020, by the University of California at San Francisco that the UCSF School of Medicine’s information technology systems had been infiltrated June 1, 2020, by the Netwalker hacking collective. The medical research center had been working on finding a cure for COVID for quite some time now.
According to reports, Netwalker has conducted research on UCFS in the hopes of gaining information about the organization’s finances. Netwalker sought a $3 million ransom payment, citing the billions of dollars in annual revenue reported by UCFS as justification. After talks, UCSF paid Netwalker the bitcoin equivalent of $1,140,895 to end the cyberattack. At least two additional 2020 ransomware assaults targeting universities have also been traced back to Netwalker, according to reports from the BBC and other news outlets.
During the evening of New Year’s Eve 2019, the London-based foreign exchange company Travelex was penetrated by a ransomware group known as Sodinokibi (aka REvil). The attackers managed to get away with 5GB of consumer data, which included dates of birth, credit card information, and insurance policy information. In an attempt to control the infection, Travelex took down its website in 30 countries around the world.
In the aftermath of the ransomware attack, Travelex experienced difficulties with customer support. For his first demand, Sodinokibi demanded a payment of $6.5 million (£4.6 million). After several rounds of discussions, Travelex agreed to pay the cybercriminals $2.3 million (285 BTC at the time, or around £1.6 million) to regain access to its data.