The three biggest ransomware attacks of 2021 - so far
The year 2021 has been prolific with cyberattacks. Here's three that have made a significant impact and a few tips on how to avoid being a target
Ransomware attacks have been on the rise in the past few months, with 93% more taking place in the first half of the year when compared to the same period in 2020. There are many reasons for that, but to start, the mere fact that the pandemic has made people migrate from the secure office systems to their private homes has been pointed out as a safety concern by specialists. Other than that, it needs to be said that cybercrime has become an industry of sorts, with criminals professionalising and even offering their services to third parties.
Cybercrime has become so ubiquitous that the victims range from private individuals specifically targeted to major companies and even global attacks. For example, one of the primary ransomware attacks in history, perhaps even the biggest one so far, is famously known as the 2017 WannaCry ransomware.
The threat exploited a vulnerability of older Microsoft operating systems to encrypt specific file types and demanded hundreds of dollars (from $300 to $600) from the victims as payment to decrypt them. It may not seem like a large amount, but the worm affected more than 250,000 victims across 150 countries. In the United Kingdom, NHG organisations had to cancel operations at short notice as systems were disrupted. Germany saw its giant Deutsche Bahn having issues with trains as the attack affected departure boards. Russia, Japan, India. All over the world, people, companies and governments were affected.
This was over five years ago. And ransomware is still a global threat. In 2021, we've had several ransomware attacks that have already made history. Here are three of them:
Colonial Pipeline attack
When the systems of the largest pipeline system for oil products in the US were attacked, the world stopped to watch the developments. The ransomware disrupted the supply of fuel on the East coast of the country. Afraid that they wouldn't be able to fill their tanks, Americans drove to petrol stations to refuel and store up - which affected supply even more. The company's systems were off from May 7 to May 12, when Colonial paid the ransom and resumed operations. The suspected culprits are a major hacker group allegedly based in Russia.
The Colonial Pipeline attack was a significant event not only because of the disruption and fears it created but because of how it happened in the first place. It became known that the hackers were able to infiltrate the systems using a compromised username and password. That is to say: the company could have avoided all of this had it simply used two-factor authentication and different logins for different systems.
Adding to this, in May, the Brazilian meatpacking giant was the target of an attack that forced it to halt its operations across the United States and affected processing plants in Australia and the UK. The attack sparked fears of food shortages and disruptions in the food supply chain. It also highlighted the depth of companies' reliance on their systems, with reports of workers having to perform butchering tasks manually.
Unable to access their systems, JBS USA eventually decided to pay the $11m ransom, one of the most considerable amounts ever paid. The hackers were also allegedly a Russia-based group, but the company declined to disclose how it was affected.
In July, the IT solutions company announced their systems had been infiltrated. Since it provides IT software for other companies, the attack on Kaseya generated a domino effect, eventually impacting some 1,500 organisations in multiple countries. The cybercriminal group REvil demanded a $70m ransom be paid in Bitcoins, but the company decided to cooperate with the FBI and the US Cybersecurity and Infrastructure Agency. Almost 20 days later, Kaseya used a universal decryptor key to regain access to its files.
The Kaseya attack shows how even IT companies can be subject - and in fact, could be seen as a prime target - to cybercrimes. So, companies can benefit from third-party security services but also need to apply their own data security tools and practices.