Ransomware refers to malicious softwares that, when deployed, can prevent one from using their own computer. In order to get back access to the system, one has to pay a sum of money to cyber-criminals or hackers.
According to Chennai-based Cyber Security Works, Ransomware is increasingly targeting the critical industrial sectors — oil and gas, finance, healthcare, food and beverages, and transportation. Ransom attacks have increased in volume (by 37 per cent) during the ongoing pandemic, and Common Vulnerabilities and Exposure (CVE) saw a jump of over 356 per cent this year compared to 2019. SonicWall recorded an all-time high of 78.4 million ransomware attacks globally in June 2021.
Airline company Air India, food major Haldiram’s, and Pune’s smart city project Pimpri-Chinchwad Municipal Corporation faced major cyber attacks in India itself.
Sign up for your weekly dose of what's up in emerging technology.
Today, we take a peek at the biggest ransomware attacks of 2021 so far. To know about last year’s attacks, check here.
Colonial Pipeline Company
American oil pipeline system Colonial Pipeline Company suffered a major ransomware attack in May this year. The cyberattack affected its computerised equipment managing the pipeline originating from Houston, Texas, disrupting the fuel supply to most of the US East Coast for days.
Despite affecting just its IT systems, Colonial Pipeline Company shut down its entire pipeline operations to prevent further harm. With the FBI’s help, the company paid $4.4 million in bitcoin, as demanded by the hackers.
According to the FBI, the attack was carried out by DarkSide. A month after payment, the Department of Justice reported that the FBI was able to seize a portion of the payment using a private key.
Taiwanese computer giant Acer was hit by a REvil ransomware attack in March this year. The hackers demanded a whopping $50 million. They shared images of stolen files as proof of breaching Acer’s security and the consequent data leak. These included images of financial spreadsheets, bank communications, and bank balances.
According to media reports, the group got access to Acer’s network through a Microsoft Exchange vulnerability that had earlier led to the hacking of 30,000 US governmental and commercial organisations’ emails.
The ransomware gang reportedly made more than $100 million in one year from large business extortions. The same hackers were responsible for the 2020 ransomware attack on Travelex.
While the computer manufacturer never confirmed if they actually paid the ransom, it said that companies like theirs are constantly under attack and had reported abnormal situations observed to the required law enforcement and data protection authorities.
Chicago-based CNA Financial Corp., one of the largest insurance companies in the USA, had noticed a breach in March this year. The ransomware attack is said to have led to the compromise of data of around 75,000 individuals. This data might have included names, health benefits information, and Social Security numbers of the company’s present and former employees, contract workers, and their dependents.
According to media reports, later in May, CNA Financial agreed to have paid $40 million to get back access to its network. Reportedly, the hackers used a malware called Phoenic Locker, a variant of Hades which Russian cybercrime syndicate Evil Corp creates.
Around the same time as the Colonial Pipeline Company cyberattack, hackers group DarkSide targeted Germany-headquartered chemical distribution company Brenntag. DarkSide reportedly demanded $7.5 million, or 133.65 bitcoin, for gaining access to 150 GB worth of data. Additionally, DarkSide shared a data leak page consisting of a description of the data stolen and screenshots of a couple of files to prove its claims.
The ransom was negotiated, and ultimately, Brenntag ended up paying $4.4 million.
A subsidiary of Hyundai, Kia Motors, suffered ransom in February this year. Attackers DopplePaymer gang reportedly asked for $20 million for a decrypter and not leak the stolen data. As claimed by Kia Motors, the subsequent ‘IT outage’ affected the mobile UVO Link apps, payment systems, owner’s portal, phone services, and internal sites used by Kia Motors America.
While these were global attacks, India isn’t far from making headlines for cybersecurity breaches, either. If one were to go by media reports, India was most hit by ransomware attacks this year, so far. A report by Check Point research suggests that with ransomware attacks shot up by 102 per cent globally in 2021 from last year, India was the worst hit with 213 weekly ransomware attacks per organisation. Last year, Microsoft appointed a Threat Protection Intelligence Team to deal with the attacks.
To know all about how the Colonial Pipeline Company ransomware happened and how the FBI was able to plot a crypto ransom recovery, click here.