Last year, ransomware attacks were one of the most common cyberattacks among businesses. However, ransomware attacks are not just a concern for organizations like government, companies, or healthcare providers; they also affect employees and customers, as their data is often the collateral damage of suck attacks!
Ransomware attacks basically use malware to encrypt the data and files of the organization. They vary from extortion campaigns, which use DDoS (Distributed Denial of Service), to overwhelming their victims with traffic with the promise of stopping the attack in exchange for a ransom payment.
In this case, some organizations choose to pay ransom demands; however, it is generally not recommended as there is no guarantee that hackers will restore access to the infected system. In addition, by paying the ransom, you motivate the attackers to continue with these cybercrimes. Studies have shown that approximately 58% of ransomware victims paid in 2020, compared to 39% in 2017.
What are some of the biggest ransomware attacks in 2020?
1. Travelex ransomware attack
Threat actors started the year 2020 with an attack on a foreign exchange company called Travelex. The attackers forced the company to turn off all computer systems and rely on pen and paper. Therefore, the company had to take down its websites in 30 countries as a result.
Behind the attack was the notorious hackers’ group known as REvil, demanding $6 million from Travelex. The gang claimed to have accessed the company’s computer network six months previously, enabling it to download 5GB of sensitive customer information (such as dates of birth and credit card numbers). The group announced that if the ransom is paid, they will delete the data, but if not, the ransom would double every two days. After 1 week, REvil gang said they would sell the data to other cybercriminals.
2. Grubman Shire Meiselas & Sacks
In May, Grubman Shire Meiselas & Sacks, a law firm based in New York, with a host of celebrities including Madonna, Robert DeNiro, Elton John, was also a victim of REvil ransomware.
The attackers claimed to have used the REvil ransomware to steal personal information, including:
- client contracts
- email addresses
- telephone numbers
- personal correspondence
- non-disclosure agreements
As a typical double extortion attack, the ransomware operators stole all the data they considered valuable before encrypting them. With a total size of 756GB, the compromised data included sensitive private information of Lady Gaga, Madonna, Elton John, Bruce Springsteen, Mariah Carey, Barbara Streisand, and more. In addition, the attackers also claimed to have obtained sensitive data relating to Donald Trump, though he was never a client of the law firm.
Cybercriminals threatened to release the data in nine staggered releases if the company did not pay the ransom totaling $21 million. They also published 2.4GB of data relating to Lady Gaga online to show they are serious. Given that the law firm refused to pay, attackers doubled up the demand to $42 million. The group then used a new approach; therefore, the stolen data were put up for auction, with Madonna’s information sold at a base price of $1 million. The attack caused significant damage to the reputation of the company.
3. University of California, San Francisco
The University of California, San Francisco (UCSF), the world’s best medical research university, was infected with the NetWalker ransomware in June. The intrusion started at the servers of the School of Medicine. Many databases stored in the affected servers were encrypted by the attacker, even though the university managed to stop the infection from spreading by separating the rest of the network.
Eventually, the attack did not affect UCSF’s university hospitals and COVID-19 search labs. However, since the compromised databases included some valuable academic research work, the university decided, in the end, to pay $1.14 million in ransom to the attackers in exchange for a decryption tool to retrieve the data. This attack showed how vulnerable academic institutions are to ransomware attacks and led to a series of attacks on universities that followed in 2020.
4. Communications & Power Industries
In March, sources revealed that a major electronics manufacturer, Communications & Power Industries (CPI), was hit by a ransomware attack based in California.
We can see that even IT professionals can make mistakes, given that a domain admin with high-level privileges at the company clicked on a malicious link in mid-January while logged in to the system. After that, file-encrypted malware started to spread across hundreds and thousands of computers on the company’s network.
After the attack, multiple locations and onsite backups were affected. The hackers demanded a ransom of $500.000 in exchange for a decryption key. The media stated later that the hackers gained access to sensitive military data and files related to Aegis, a naval weapons system. Therefore, the company quickly give in to the demands of hackers and recover the data.
5. Cognizant
The ransomware attack against the Cognizant company was the biggest attack of 2020. Cognizant is a company that provides IT services to companies across various industries. The organization announced in April 2020 that the Maze ransomware infected the company’s network. This prevented its work from home capabilities and encrypted its servers.
However, the attack was limited to the internal network and did not impact customer systems. In addition, employees could not access their email and communicate with each other. The company was able to recover and restore its services only three weeks later. Nevertheless, the attack cost the company a staggering $50 to $70 million in revenues loss, among recovery and mitigation efforts!
6. LG Electronics and Xerox
On August 4, 50GB of data stolen from LG Electronics and 26GB of data stolen from Xerox were revealed on the data leak site of the Maze ransomware. This happened right after two months when the Maze ransomware hit both companies in June. They also refused to pay the initially demanded ransom and suffered the second phase of the double extortion attack.
The data released from LG Electronics includes the source code of its products. After leaking sensitive data, the attackers stated that they did not execute the ransomware because they did not want to interrupt LG’s operations as many of its customers are important social contributors. In the case of Xerox, the leaked data seems to be related to customer support, involving the personal information of employees and potential customers.
Final thoughts
We can notice that the latest ransomware attacks are becoming more selective about who to target and how much to demand. However, despite the damages, ransomware attacks can be effectively mitigated with adequate measures in place. Therefore, it is always important to have strong cybersecurity measures for vulnerabilities in the applications, systems, and networks!
Attributions:
Photo by Michael Geiger on Unsplash
