The growth of remote work and lax home cybersecurity created opportunity for ransomware. Hackers also took advantage of the pandemic and the chaos from the pandemic to target the health care sector.
The frequency of cyberattacks and the amount companies paid in ransoms increased last year, with ransom payments rising 300 percent, according to Harvard Business Review. Comparitech found that ransomware attacks cost the healthcare sector more than $20 billion in lost revenue, lawsuits, and ransom payments.
Ransomware attacks could also lead to loss of life. An Alabama woman has sued a hospital over allegations that a ransomware attack it experienced in 2019 led her newborn to not receive tests that could have prevented a severe brain injury that allegedly killed the baby nine months later.
This year also saw a number of large ransomware attacks, and ransomware shows no signs of slowing down.
One of the largest ransomware attacks was the breach of Colonial Pipeline, which is an essential part of the national critical infrastructure, in April 2021. The attack disrupted gas supplies and led to shortages in many states. Colonial Pipeline paid $4,400,000 in bitcoin to the hackers, although law enforcement recovered most of the ransom payment.
In May 2021, the same hacker group, DarkSide, stole 150 GB of data from chemical distribution company Brenntag in a ransomware attack. The organization eventually paid $4,400,000 of the demanded $7,500,000 ransom.
That same month, the REvil hacker group exploited a Microsoft Exchange server vulnerability to access the computer manufacturer Acer's files, leaking sensitive financial documents. REvil demanded a $50 million ransom, the largest known ransom to date. Also in May, JBS Foods, a major global meat processor, paid an $11 million ransom after being hit with ransomware, likely by the REvil hacker group.
Other victims of major ransomware attacks in 2021 included computer manufacturer Quanta, the National Basketball Association, European insurance company AXA, videogame developer CDProjekt Red, and IT infrastructure manager Kaseya.
In the Kaseya attack, REvil sent a fake software update through the organization's Virtual System Administrator that infiltrated Kaseya's clients and their customers. REvil claims it encrypted and held for ransom one million systems. Coop, a Swedish supermarket chain, closed 800 stores for a week as a result. Fortunately, the FBI accessed REvil's servers and obtained the encryption keys.
Ransomware attacks can lead to large financial losses, not only from the cost of the ransom but also by shutting down critical infrastructure creating shortages and higher prices.
In Nov. 2021, Europol arrested five suspected associates of the REvil hacker group. "The 10 Biggest Ransomware Attacks of 2021" illinois.touro.edu (Nov. 12, 2021).