The Biggest Ransomware Attacks of 2021

One of the many aftershocks of the COVID-19 pandemic has been a spike in ransomware attacks, as cybercriminals take advantage of organizations pivoting to remote work. The FBI’s Internet Crime Complaint Center recently reported that ransomware attacks — a software attack that holds data stolen from people or organizations hostage until ransom is paid — rose 20% in 2020. The resulting losses almost tripled from the year before.[i]Recent ransomware attacks have led to beef shortages in supermarkets and long lines at gas stations, as well as multimillion-dollar ransom payments and law enforcement raids in cyberspace.

2021 Ransomware Attacks that Shook the World

This year’s ransomware attacks have targeted many organizations, from police departments to automakers. Companies will rarely acknowledge that they made ransomware payments (they are illegal in some countries) or that they were breached, but cybercriminals often post their exploits online to force payment. 

Here are some of the biggest ransomware attacks this year, by industry: 

• Automotive: A major car manufacturer suffered an IT outage that took its operations offline. Though the company denied that ransomware was the cause, bloggers posted a notice from a known cybergang, demanding $20 million in ransom.
• Business services: A consulting firm was initially silent about being attacked by a gang that claimed to have lifted 6 terabytes of data from its servers. The group demanded $50 million in ransom and published some files online to prove its point.
• Food and agriculture: An internationally owned meatpacking conglomerate briefly shuttered plants and stopped deliveries of its products to grocers in June, which resumed after the company paid $11 million in ransom to an organization the FBI identified as a cybercrime syndicate. 
• Healthcare: A national health system was shut down by a ransomware attack that left staff working with pen and paper for days and affected services for months. After demanding $20 million in ransom, the attackers allegedly handed over the decryption key for free, but still threatened to publish confidential information if they were not paid.
• Insurance: An insurer made a $40 million ransom payment to regain control of its systems. This is believed to be the largest ransomware payment to date.
• Law enforcement: One of the worst ransomware attacks against police targeted the police department in a major U.S. city. A cybergang demanded $4 million in ransom and released police disciplinary files.
• Oil and gas: Perhaps the most high-profile ransomware attack of 2021 was the breach of a pipeline operator, which briefly snagged fuel deliveries along the East Coast of the United States and led to longer lines at gas stations. The FBI later recovered $2.3 million of the ransom paid to the cybercriminal gang, which had demanded 75 Bitcoin (nearly $3 million) to return control to the pipeline company.
• Tech: A computer company was hit with a $50 million extortion attempt. The cybercriminals posted sensitive documents online to back up their threat, and warned that they’d double the ransom demand if it wasn’t paid quickly.

2021 Ransomware Attack Trends

Fraudsters continue to evolve and change their tactics with each attack. Below are some of this year’s ransomware attack trends. 

• Ransomware as a service: Cybercriminals don’t even need to code their own attacks anymore. Crime syndicates have built a new business model offering out-of-the-box ransomware attacks for sale on the Dark Web. Some of the criminals even offer customer service to help clients with their exploits.
• Contactless delivery: Old-school malware required some human assistance to break into networks, either though compromised credentials or by tricking a user into downloading a malicious program. Now, many ransomware attacks are also performed with “worms”: that is, malware that exploits a vulnerability or a back door in software code of often-used apps to do its work.
• Pay or publish: Fraudsters have upped the ante by not only exfiltrating and deleting an organization’s sensitive data, but threatening to publish it or sell it on the Dark Web if the ransom is not paid.
• Supply chain attacks: Why attack a company’s well-guarded system when it’s easier to target one of its suppliers, who may be less protected? Cybercriminals have found success with supply chain attacks, where they gain access to their target through a vendor’s compromised credentials or infected systems.

Key Takeaways from 2021 Ransomware Attacks

Among the key takeaways in 2021 are an appreciation of the surging costs of damages and new government initiatives to get them under control.

• High costs: The costs of ransomware go beyond the price of the ransom payment, and include downtime, mitigation costs, rising insurance premiums and reputational damage. Ransomware damages like these averaged $4.62 million in the Cost of a Data Breach Report 2021, with mega-breaches carrying price tags as much as 100 times higher.[ii] The average ransomware payment climbed to $570,000 in the first half of 2021, up from $312,000, according to the Unit 42 threat intelligence group.[iii] As seen above, the bigger ransoms now run in the tens of millions of dollars.
• Government response: With the rise in ransomware attacks, the U.S. government has become more alert to the threat, especially as it affects the country’s infrastructure. A number of attacks against research and healthcare facilities during the COVID-19 pandemic brought home the need to protect essential functions from ransomware attacks. In just one response, the U.S. Senate is now considering the Defense of United States Infrastructure Act, to strengthen cybersecurity within the nation’s infrastructure.[iv] Meanwhile, the Biden administration has announced several initiatives such as a “zero trust” IT architecture for federal agencies and their contractors.[v]

What Businesses Can Do to Fight Against Sophisticated Ransomware Attacks

The World Economic Forum has cited cybercrime, and ransomware in particular, as a threat to the global economy, recommending a multi-stakeholder approach where organizations share information and run tests and training to prevent attacks. In the U.S., following the pipeline attack described above, the Cybersecurity and Infrastructure Security Agency (CISA) issued a series of recommendations to avoid ransomware:[vi]

• Require employees and others to use multi-factor authentication (MFA) for logging in to computers and networks.
• Enable strong spam filters to screen phishing emails.
• Train users about ransomware risks via simulated phishing attacks.
• Use URL blocklists to filter online traffic.
• Update and patch software quickly and regularly.
• Limit access to resources over networks with remote access and require MFA.
• Run antivirus/antimalware scans regularly.
• Prevent unauthorized execution through measures such as restricting the applications and folders that can execute programs, and by monitoring and blocking unknown connections.

Protecting Against Advanced Ransomware Attacks

Preventing ransomware requires a range of solutions from various providers, integrated via APIs for ease of administration. Among them are tools like Mimecast’s that block malicious URLs, protect against malware attachments and defend against impersonation attacks that can be used to deliver ransomware. The right multi-layered approach will also offer archiving and continuity services via the cloud. 

The Bottom Line

Ransomware attacks have become far more sophisticated and increasingly costly to organizations in 2021. Cybercriminal gangs now have more ways to leverage their breaches, including the threat of publishing sensitive information. Many also sell tools to other criminals in exchange for a cut of the ransom payments. This kind of organized criminal activity requires an organized response. Companies need to become proactive about cybersecurity training, patching and updating their software and implementing proper cybersecurity tools. 

[i] “Internet Crime Report 2020,” Internet Crime Complaint Center.

[ii] “Cost of a Data Breach Report 2021,” IBM and Ponemon

[iii] “Extortion Payments Hit New Records as Ransomware Crisis Intensifies,” Palo Alto Networks Unit 42

[iv] “Rosen-Backed Cybersecurity and Wildfire Bills Advance Out of Senate Homeland Security Committee,” U.S. Sen. Jacky Rosen

[v] “The U.S. Government Is Moving to Zero Trust Cybersecurity. So Should You,” Security Boulevard

[vi] “DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks,” Cybersecurity and Infrastructure Security Agency