NEWS
The 10 Biggest Ransomware Attacks of 2021
Recent Cyber Attacks Hit Infrastructure and Critical Facilities Across the US
JUNE 10, 2021
Ransomware attacks on Colonial Pipeline, JBS Foods, and other major organizations made headlines in
2021, and show no sign of slowing down. Across the world, hackers are exploiting security weaknesses and
holding the data of companies, governments and healthcare organizations hostage, sometimes demanding
tens of millions of dollars in payment.
How is Ransomware Defined?
According to the U.S. Government’s Cybersecurity and Infrastructure Assurance Agency (CISA
(https://www.cisa.gov/ransomware)): “Ransomware is an ever-evolving form of malware designed to encrypt files
on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand
ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated
data or authentication information if the ransom is not paid.”
So what does that mean? Hackers take advantage of security weak spots to steal sensitive data or lock files.
These criminals will only give you the key to access your system, or return the files, once you’ve paid their
ransom.
�Recent Ransomware Attacks in the News
Over the past few months (and years), we have seen an increase in ransomware attacks, many of them high-
profile attacks. Recent cyber attacks that have used ransomware as their attack vector include attacks
perpetrated against the Colonial Pipeline, Steamship Authority of Massachusetts, JBS (the world’s largest
meatpacker), and the Washington DC Metropolitan Police Department. These attacks against U.S.
companies and organizations result in shutdown of critical infrastructure, which can create shortages,
increased cost of goods/services, financial loss due to shutdown of operations, and loss of money due to
having to pay the ransom to the hackers, and worse.
2020 also saw an increase in the frequency of cyber attacks and higher ransom payments. According to
Harvard Business Review (https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared), the amount
companies paid to hackers grew by 300%. The sudden increase in remote work and more lax security
protections at home gave hacker groups the perfect opportunity to breach sensitive data.
Healthcare Ransomware
During times of crisis, many hackers take advantage of upheaval and disorder and look for potential
monetary gain. With the onset of the COVID-19 crisis in 2020, there was increased attention on cyber
attacks in the healthcare space. A study by Comparitech (https://www.comparitech.com/blog/information-
security/ransomware-attacks-hospitals-data/) has shown that ransomware attacks had a huge financial impact on the
healthcare sector, with over $20 billion lost in impacted revenue, lawsuits, and ransom paid in 2020 alone.
Over the course of the year, over 600 hospitals, clinics, and other healthcare organizations were impacted
by 92 ransomware attacks.
CEO of cybersecurity firm FireEye, Kevin Mandia, shed some light on why these healthcare organizations
are targeted. "Pharmaceuticals, hospitals, healthcare, public companies, organizations that don’t have the
�talent and skills to defend themselves—they’re getting sucker-punched," Mr. Mandia said. Marene Allison,
J&J's chief information security officer, said that Johnson & Johnson experiences 15.5 billion cybersecurity
incidents on a daily basis. (Becker's Hospital Review (https://www.beckershospitalreview.com/cybersecurity/j-j-
experiences-15-5b-cybersecurity-incidents-per-day-ciso-says.html))
High-Profile Ransomware Attacks in 2021
By June, we’ve already seen many high-profile attacks on corporations and firms across the country and the
world. Just six ransomware groups are responsible for breaching the cybersecurity defenses of 292
organizations. These criminal organizations have so far taken more than $45 million in ransom money
from their attacks. (ZDNet (https://www.zdnet.com/article/more-than-290-enterprises-hit-by-6-ransomware-groups-in-2021/))
Here are 10 of the biggest ransomware attacks that made headlines in just the first half of 2021.
COLONIAL PIPELINE
Of all of the cyber and ransomware attacks in 2021 so far, the breach of Colonial Pipeline in late April had
the most news coverage. As Touro College Illinois Cybersecurity Program Director Joe Giordano notes,
“The Colonial Pipeline attack made such an impact because the pipeline is an important part of the national
critical infrastructure system. Taking the system down disrupted gas supplies all along the East Coast of the
United States, causing chaos and panic.”
As most Americans are directly impacted by gasoline shortages, this attack hit close to home for many
consumers. The DarkSide gang was behind the attack and targeted the firm’s billing system and internal
business network, leading to widespread shortages in multiple states. To avoid further disruption, Colonial
Pipeline eventually gave in to the demands and paid the group $4.4 million dollars in bitcoin.
This attack was particularly dangerous because consumers started to panic and ignored safety precautions.
Some East Coast residents tried to hoard gasoline in flammable plastic bags and bins, and one car even
caught on fire. After the chaos receded, government officials confirmed that Colonial Pipeline’s
cybersecurity measures were not up to par and may have been prevented if stronger protection was in
�place.
Thankfully, US law enforcement was able to recover much of the $4.4 million ransom payment. The FBI
was able to trace the money by monitoring cryptocurrency movement and digital wallets. But finding the
actual hackers behind the attack will prove a lot harder. (The New York Times
(https://www.nytimes.com/2021/06/04/us/politics/ransomware-cyberattacks-sept-11-fbi.html))
Although much of the money was recovered, Giordano doesn’t see hacker groups backing down in the near
future. “I think bad actors will be increasing their efforts in terms of ransomware attacks. Because of the
type of attack that it is and the anonymity of the Internet and dark web, it makes ransomware attacks a low-
risk endeavor for attackers looking to make some quick money. So many companies and institutions still
have weak security, and strong security requires constant vigilance and updates, not a one-time upgrade.
When more organizations start to take cybersecurity seriously and invest the time and resources to combat
threats, we’ll start to see these threats diminish.”
BRENNTAG
At around the same time in early May 2021, the same notorious hacker group that targeted Colonial
Pipeline, DarkSide, also targeted Brenntag, a chemical distribution company. After stealing 150 GB worth of
data, DarkSide demanded the equivalent of $7.5 million dollars in bitcoin.
Brenntag soon caved to the demands and ended up paying $4.4 million. Although it was a little more than
half of the original demand, it still stands as one of the highest ransomware payments in history. As of yet,
the money has not been recovered. (IT Governance (https://www.itgovernance.co.uk/blog/the-5-biggest-ransomware-pay-
outs-of-all-time))
ACER
�Also in May this year, the computer manufacturer Acer (https://www.bleepingcomputer.com/news/security/computer-
giant-acer-hit-by-50-million-ransomware-attack/) was attacked by the REvil hacker group, the same group
responsible for an attack on London foreign exchange firm Travelex. The $50 million ransom stood out as
the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to get
access to Acer’s files and leaked images of sensitive financial documents and spreadsheets.
JBS FOODS
Although Spring 2021 held hopeful news for the end of the pandemic, the increased trend of cyber attacks
that began in 2020 showed no signs of slowing down. Another high-profile ransomware attack took place
this May on JBS Foods, one of the biggest meat processing companies in the world. The same Russia-based
hacking group that attacked Acer, REvil, is thought to be behind the attack. (CNN
(https://www.cnn.com/2021/06/01/business/jbs-cyberattack-meat-shortage/index.html))
Although there weren't any major food shortages as a result of the attack, government officials told
consumers not to panic buy meat in response. On June 10th, it was confirmed that JSB paid the $11 million
ransom demand after consulting with cybersecurity experts. This massive payment in bitcoin is one of the
largest ransomware payments of all time. (CBS News (https://www.cbsnews.com/news/jbs-ransom-11-million/))
QUANTA
As with the Acer attack, the REvil gang also demanded a $50 million ransom from computer manufacturer
Quanta in April. Although Quanta may not be a household name, the company is one of Apple’s major
business partners. After the firm refused negotiations with the hacker group, REvil targeted Apple instead.
After leaking Apple product blueprints obtained from Quanta, they threatened to release more sensitive
documents and data. As of May, however, REvil seems to have called off the attack, and Apple has not
�mentioned the cyber attack.
NATIONAL BASKETBALL ASSOCIATION (NBA)
Businesses and organizations from all different kinds of industries are targeted by ransomware attacks. One
of the more surprising on the list this year was the National Basketball Association (NBA). In mid-April of
this year, the hacker group Babuk claimed to have stolen 500 GB of confidential data concerning the
Houston Rockets. Babuk warns that these confidential documents, including financial info and contracts,
will be made public if their demands are not met. As of this posting, no ransom payments have been made.
AXA
This May, the European insurance company AXA was attacked by the Avaddon gang. The attack happened
soon after the company announced important changes to their insurance policy. Essentially, AXA stated
they would stop reimbursing many of their clients for ransomware payments. This unique (and somewhat
ironic) attack on a cyber-insurance firm made headlines and the hacker group gained access to a massive 3
TB of data. (BlackFog (https://www.blackfog.com/the-state-of-ransomware-in-2021/))
CNA
Earlier this year in March, another large insurance firm fell victim to a ransomware attack. CNA’s
network was attacked on March 21 (https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-
phoenix-cryptolocker-ransomware/) and the hacker group encrypted 15,000 devices, including many computers
of employees working remotely. The attack is supposedly linked to the hacker group Evil Corp and uses a
new type of malware called Phoenix CryptoLocker.
CD PROJEKT
CDProjekt Red is a popular videogame development firm based in Poland. In February of this year, the firm
was hacked by the HelloKitty gang. The hacker group accessed source code to game projects in
development and encrypted devices However CDProjekt has no plans to pay the ransom money and has
�development and encrypted devices. However, CDProjekt has no plans to pay the ransom money, and has
backups in place to restore the lost data. (ExtremeTech (https://www.extremetech.com/gaming/319882-cyberpunk-
developer-hit-with-ransomware-attack))
KIA MOTORS
This February, Kia Motors, a subsidiary of Hyundai, was reportedly hacked with ransomware
(https://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/). Although
Kia reported a widespread IT and systems outage, they did not confirm the hack. Still, many experts believe
the claims by the DoppelPaymer gang demanding a $20 million ransom. The gang has released some
stolen data, but updates on the hack have not surfaced in the news for the past few months.
A Dire Need for Cybersecurity Experts
There are two key components necessary to address this issue. One is that companies need to take
cybersecurity seriously and invest in it with adequate resources. Secondly, there needs to be more highly
educated cybersecurity experts ready to address the scourge of ransomware attacks we’re currently facing.
Unlike some other STEM fields, a cybersecurity bootcamp and certification is sometimes all that’s needed
to get started in the field. But of course, completing a graduate certificate program is one of the best ways to
qualify for relevant job opportunities. The Touro College Illinois graduate certificate program in
cybersecurity (/cybersecurity/) for healthcare addresses the critical needs of the sector. Our hands-on courses
build expertise in network security, HIPAA, cloud security, medical device security, and incident response
and recovery.
