Log In


Problems logging in?

Contact us

Welcome to the redesigned Risk Management Plus+ Online, a robust website brought to you by Travelers designed to help you mitigate your management liability and crime exposures. The new Risk Management Plus+ Online includes articles, checklists, best practice minute videos, podcasts, and a sample employee handbook to help you manage not only your employment practices risks, but also cyber, crime, directors & officers, fiduciary, kidnap & ransom, and identity fraud exposures. The site has been redesigned to provide this content in a streamlined and efficient manner.

Ransomware Surged In 2021: What Should Employers Consider To Stop Another Surge In 2022?

The growth of remote work and lax home cybersecurity created opportunity for ransomware. Hackers also took advantage of the pandemic and the chaos from the pandemic to target the health care sector.

The frequency of cyberattacks and the amount companies paid in ransoms increased last year, with ransom payments rising 300 percent, according to Harvard Business Review. Comparitech found that ransomware attacks cost the healthcare sector more than $20 billion in lost revenue, lawsuits, and ransom payments.

Ransomware attacks could also lead to loss of life. An Alabama woman has sued a hospital over allegations that a ransomware attack it experienced in 2019 led her newborn to not receive tests that could have prevented a severe brain injury that allegedly killed the baby nine months later.

This year also saw a number of large ransomware attacks, and ransomware shows no signs of slowing down.

One of the largest ransomware attacks was the breach of Colonial Pipeline, which is an essential part of the national critical infrastructure, in April 2021. The attack disrupted gas supplies and led to shortages in many states. Colonial Pipeline paid $4,400,000 in bitcoin to the hackers, although law enforcement recovered most of the ransom payment.

In May 2021, the same hacker group, DarkSide, stole 150 GB of data from chemical distribution company Brenntag in a ransomware attack. The organization eventually paid $4,400,000 of the demanded $7,500,000 ransom.

That same month, the REvil hacker group exploited a Microsoft Exchange server vulnerability to access the computer manufacturer Acer's files, leaking sensitive financial documents. REvil demanded a $50 million ransom, the largest known ransom to date. Also in May, JBS Foods, a major global meat processor, paid an $11 million ransom after being hit with ransomware, likely by the REvil hacker group.

Other victims of major ransomware attacks in 2021 included computer manufacturer Quanta, the National Basketball Association, European insurance company AXA, videogame developer CDProjekt Red, and IT infrastructure manager Kaseya.

In the Kaseya attack, REvil sent a fake software update through the organization's Virtual System Administrator that infiltrated Kaseya's clients and their customers. REvil claims it encrypted and held for ransom one million systems. Coop, a Swedish supermarket chain, closed 800 stores for a week as a result. Fortunately, the FBI accessed REvil's servers and obtained the encryption keys.

Ransomware attacks can lead to large financial losses, not only from the cost of the ransom but also by shutting down critical infrastructure creating shortages and higher prices.

In Nov. 2021, Europol arrested five suspected associates of the REvil hacker group. "The 10 Biggest Ransomware Attacks of 2021" illinois.touro.edu (Nov. 12, 2021).


In its “Ransomware Guide,” the Cybersecurity & Infrastructure Security Agency states that internet-facing vulnerabilities and misconfigurations is a ransomware infection vector and recommends that organizations address them in the following ways.

First, conduct regular vulnerability scanning to identify and address vulnerabilities, particularly on internet-facing devices.

Patch and update software and operating systems to the latest available versions in a timely manner to protect against known vulnerabilities. Make sure devices are properly configured—for example, by disabling ports and protocols not in use—and enable security features.

Cybercriminals often access networks through exposed and poorly secured remote services in order to carry out a ransomware attack. Therefore, it is important to follow best practices concerning Remote Desktop Protocol (RDP) and other remote desktop services, including auditing the network for systems using RDP, closing unused RDP ports, locking accounts after a certain number of attempts, using multi-factor authentication (MFA), and tracking RDP login attempts.

Cybercriminals also use Server Message Block (SMB) to spread malware. Protect your network by disabling or blocking SMB protocol outbound and removing or disabling outdated versions of SMB. CISA “Ransomware Guide” www.cisa.gov (Sep. 2020).

Finally, your opinion is important to us. Please complete the opinion survey:

Twitter Feed