Ransomware attacks have increased alarmingly in 2021. No industry is safe from this malicious act, and every computer file is at risk of being encrypted.
As security practitioners have come to learn, ransomware is a type of malicious software created to block access to a computer system until a sum of money is paid – basically, the act of holding your files or computer hostage, and it is only released once the ransom is paid. In the data shown by BlackFog, you can see this year’s steady growth of ransomware attacks compared to last year’s monthly attacks.
To shed further insight on the gravity of the evolving ransomware threat, let’s look at 10 major attacks that happened this year before we explore ways to defend against this growing menace.
1. Kia Motors
In February, Kia Motors was demanded by DoppelPaymer to pay up 404 Bitcoins, which equates to approximately US$20 million. To add more pressure to pay the ransom, if the initial demand was not paid in a specific timeframe, the ransom increases to 600 Bitcoins.
The group behind the attack threatened Kia Motors to publish exfiltrated data within two to three weeks if they failed to settle the payment. The effect of this ransomware made Kia Motors America suffer a nationwide IT and phone system outage.
2. Acer
Acer, a business specializing in hardware and electronic software, was targeted with a ransomware attack in March. The multinational computer giant was hit by a REvil ransomware attack demanding US$50 million.
The team behind the attack announced that they had successfully breached Acer on their data leak site and even shared some images of the allegedly stolen files as proof.
These leaked images presented a spreadsheet where it showed the finances of the company. According to some resources, the leak also included bank balances and bank communications.
3. Washington DC Police Department
Experts in this space say that the worst ransomware attack on a US police department happened in May to the DC Police Department. The department experienced a ransomware attack by a Russian-speaking group called Babuk Group.
The hackers locked highly confidential files from the department and demanded US$4 million to prevent data leaks. The Russian group mentioned that they had gathered 250GB of files, including data on informants, gangs, and histories of the employees in the department.
The hackers also posted that the department counter-offered the ransom amounting to $4 million. $100,000 was the amount that the department was willing to pay, but the hackers saw it as too small. Even months after the attack, the department didn’t release any statement regarding whether they settled with the hackers.
4. CNA Financial Corp
CNA Financial Corp is one of the largest insurance companies in the United States. In March, the financial giant paid around US$40 million to regain control of its data and system.
The hackers in this particular scenario used a malware named “Phoenix Locker.” This particular malware was considered a variant of ransomware called “Hades.”
According to some sources, the malware encrypted data on over 15,000 machines on CNA’s network. The malware also affected the company’s private network, so employees who were working remotely also felt the effect of the malware.
5. ExaGrid
ExaGrid is in the business of providing backup storage to help businesses recover after a ransomware incident. In May, the business suffered a ransomware attack of its own.
The Conti ransomware group breached the ExaGrid network and stole documents and data. Conti was able to get its hands on 800GB of confidential data, including client records, contracts and source codes LeMagIT reported that ExaGrid paid around US$2.6 million to reclaim its files and access the encrypted data.
6. Colonial Pipeline Company
The Colonial Pipeline ransomware attack has been seen as the most high-profile ransomware attack in 2021. The company was responsible for bringing nearly 50% of the US East Coast’s fuel.
This incident was believed as the largest ransomware attack to target an oil company in the history of the US. In May, the DarkSide group deployed ransomware on the company’s computer system that overlooks and manages the pipeline. The surprising thing about this incident is how easily the hackers were able to access the system.
Later, Colonial Pipeline’s CEO revealed that the business didn’t use multi-factor authentication, which explained the ease of hacking to the system. Although the attack didn’t affect the company’s operating system, it did affect its billing system. This forced Colonial Pipeline to temporarily pause its operations. In just a few hours of the attack, Colonial Pipeline paid the ransom of US$4.4 million with the help of the FBI. In June, the Department of Justice updated that 50% of the ransom payment was recovered.
7. JBS
The JBS ransomware attack is proof that any industry is vulnerable to malware. JBS is the largest beef supplier in the world and was attacked by the REvil ransomware group in May.
The incident caused the company to halt operations, which ultimately impacted the food supply chain, showing how big of a company JBS is in its industry.
While deciding whether to pay the ransom is a much-debated topic in these cases, a business as big as JBS opted to make sure its files and data weren’t leaked publicly. According to JBS’ CEO, the decision to pay was a difficult one to make, but to avoid any risk for its clients and customers, it decided to pay up the US$11 million ransom.
8. Accenture
Accenture is a global consulting firm that a ransomware attack operated by LockBit did not spare. The ransom asked was reportedly US$50 million in exchange for a whopping 6TB of stolen data.
The company was able to discover the attack through monitoring its systems. But regardless of the malware present, Accenture continued its operations and clients’ systems.
Given that LockBit slowly shared the stolen data with the public, it’s safe to assume that Accenture didn’t pay the ransom. An internal Accenture memo stated that even though the perpetrators could acquire certain documents from a few clients, those pieces of information were far from sensitive.
9. CD Projekt Red
CD Projekt Red is a video game developer company behind the big games The Witcher and CyberPunk 2077. In February, the company faced a ransomware attack that disrupted its development in the highly anticipated game Cyberpunk 2077.
A ransomware attack for a business that relies heavily on marketing and product-market fit can greatly affect marketing results and content metrics.
The hackers of CD Projekt Red were able to get a hold of source codes of different games circulated online. The hackers also threatened to leak accounting, legal, HR, and investor relations documents other than the source codes. A few days after the attack, CD Projekt Red publicly mentioned their new security measures and other necessary implementations. The company also stated that it had contacted Interpol and Europol as part of its action against the hackers.
10. Brenntag
Brenntag, a chemical distribution company headquartered in Germany, experienced a ransomware attack in May from DarkSide.
This incident affected the North American division of the company and led to 150GB of stolen sensitive data. The group created a page displaying the types of stolen data and screenshots of some files to prove their claims.
The initial demand of the group was around 133 Bitcoin, which was valued at US$7.5 million at the time. Through negotiations, the company was able to lower the ransom to $4.4 million and paid it.
5 Ways To Prevent Or Limit The Impact Of Ransomware Attacks
As you’ve just read, ransomware attacks spare no one – these criminal groups don’t care what industry your business is in or how big of a company you are. If your security measures aren’t solid and complex enough, you’ll always run the risk of being attacked by malware.
Even if you’re a small to mid-size business, it is still important to have solid ransomware defense and guard against the possibility of an attack. Here are five ways to do so:
1. Always have backups
Creating backups isn’t just done to have second copies of client information, inventory management, business data, and files. Backing up necessary files allows you to recover from a ransomware attack is to restore data from a backup.
But you can’t just backup your data and call it a day; to combat or prevent ransomware attacks, you need to be one step ahead.
Hackers know that most companies have a backup stored somewhere in their network. That’s why they use software that scans their targeted network for backup files. A way to counter this would be to save your copy of backup files offsite. The usage of cloud storing services is usually the top choice here. By storing important files and data on the cloud, you’re generally keeping your files more safe from ransomware and other security breaches.
2. Use software to help detect ransomware
A ransomware attack usually comes from an executable file or a script that downloads the specific file and runs it. One way to combat this is by running software that detects ransomware or other malware files.
These applications notify the system whenever malware does something suspicious, like renaming a number of files. Other software protects the network from different malware. It’s one of those applications that can detect ransomware before it can execute.
3. Keep your software up-to-date
Most businesses have software in their network to have an added layer of security when it comes to the sensitive information they’re holding.
Some of them would be disclosing their software on their Privacy page, just like how Gili Sports above reassures by stating the software it is using.
But installing software that guards businesses against ransomware isn’t enough. Software or applications like this need to be monitored if it is due for an update. These updates are important because the newer version can be more efficient in providing your network security and support. That’s why keeping your software up to date is one of the best tools to lessen the risk of a ransomware attack.
If you don’t have the time to check for updates constantly, you can turn on auto-updates so these programs can update themselves.
4. Cybersecurity awareness training for your employees
A way to increase cyber resilience and lessen the risk of being hacked or attacked is by promoting cybersecurity awareness training for employees.
You can buy a course or tickets to virtual conferences to allow them to learn from individuals who are knowledgeable in the space. Letting them join these seminars and training is a good investment for your business. Given that they are the ones who’re working for your business, and often handling sensitive data, it’s always a good decision to educate employees on what to do and not to do online.
5. Monitor your network regularly
Even though ransomware attacks are a big challenge, you can prevent worse-case scenarios from happening if you detect them early enough.
Ask your web designers to equip your website with excellent online security. Have a strong network monitoring tool paired with up-to-date applications and systems, and lessen the risk of malware infiltrating your network.
Lower the risk of attacks
The increase in ransomware attacks has made organizations more aware of their security preparedness. More and more businesses are now taking their files and data management seriously.
There are no questions that ransomware attacks are a scary situation to be in. Without the proper software and safety measures, every important piece of information your business has is vulnerable to hacks.
Fortunately, there are still ways to stop ransomware in its tracks. By following the five practices mentioned above and constantly learning more about this space, you’re making your files and business a lot safer.
About the author: Christian Cabaluna is a finance blogger at Novum™ with 5+ years of first-hand experience. When he is not writing in his favorite coffee shop, Christian spends most of his time reading (mainly about money-related topics), cooking, watching sitcoms, visiting beaches, and catching beautiful sunsets.