Only halfway through 2021, the globe has already experienced unprecedented ransomware attacks on hospitals, schools, and other important facilities.
Even businesses that sell tools to aid in recovering from ransomware attacks, such as data backup suppliers and cyber insurance carriers, were not immune. Days apart, there were reports of two enormous ransom demands, one of which was exceptional. In spite of having backups and despite the fact that it did not ensure complete recovery of data, many businesses gave in to these demands. Although the attack’s full scope is frequently unknown, the effects of exposed data, downtime and disruption are often obvious. Here are the Top 5 ransomware attacks that shock the world
Buffalo Public Schools
Attacks on the education sector dramatically increased in 2020. That activity is still going on. While many schools in 2021 were affected by ransomware, the Buffalo Public School District in New York, which serves 34,000 children, may have had very sensitive data compromised. The entire school system was shut down on March 12 by a ransomware attack, which resulted in the cancellation of both in-person and remote instruction for a week. In a statement released on March 15 by Buffalo Schools Superintendent Kriner Cash, the school stated that it was “actively engaging with cybersecurity specialists, as well as local, state, and federal law enforcement, to comprehensively investigate this cybersecurity incident.” The 22nd of March saw the return of the educational system.
CNA Financial
On March 21, a ransomware attack targeted one of the largest insurance providers in the US, disrupting its network. CNA described it as a “sophisticated cyberattack” in a statement published on its website and said that out of an abundance of caution, it immediately took “action by proactively isolating computers” from the CNA network. The restoration wasn’t finished until May 12. According to CNA, the investigation “determined the extent of the incident’s impacted data as well as the servers on which the data stored.” The insurance company stated that it does not think the attack had an impact on the claims and underwriting systems, which house the majority of the policyholder data. Bloomberg, however, claimed that CNA paid the threat a $40 million ransom.
Quanta Computer
The creators of the Quanta Computer REvil ransomware launched another attack against Apple laptop manufacturer Quanta Computer on April 20. In a statement posted on its website, Quanta acknowledged that it had been assaulted by threat actors who allegedly tried to extort both Apple and Quanta. Collaboration with technical experts from several outside security businesses was one of the response methods. “Attacks by the Quanta Network on a small number of servers were reported as anomalous network circumstances to the appropriate law enforcement agencies and information security units, and they kept a close line of communication. Daily business operations at the company are unaffected “The statement from the corporation read.
USA JBS
JBS USA stated the global beef maker was attacked by the REvil ransomware organisation on May 30, forcing the company to cease operations, days after Colonial Pipeline Co. disclosed paying a sizable ransom. JBS stated that its global facilities were “totally operational after addressing the criminal cyberattack” in a statement dated June 3. For the quick recovery, it credited its own “fast response, strong IT systems, and encrypted backup servers.”
The subsidiary of the biggest beef producer in the world, however, acknowledged a week later that an $11 million demand had been met. REvil’s operators are well recognised for using data exfiltration in conjunction with threats to reveal stolen info if victims fail to pay. JBS said that one of the reasons it paid was to ensure that no data was leaked, yet the vast bulk of the business’s facilities was up and running when the payment was made. “Preliminary investigation results reveal that no company, customer, or employee data was stolen,” JBS stated in a news release dated June 9.
ExaGrid
ExaGrid, a backup storage provider that intends to assist businesses in recovering from a ransomware attack, experienced its own attack. The ExaGrid corporate network was compromised by the Conti ransomware group on May 4 and its internal documents were taken. ExaGrid paid a ransom of roughly $2.6 million to regain access to encrypted data, despite the fact that the initial demand was over $7 million, according to conversations that LeMagIT uncovered. No other information has been provided, and neither ExaGrid nor the attack have been confirmed or disputed.
