set a trap

cyberXtrap

TOP RANSOMWARE ATTACKS OF 2021

         As we all know, the year 2020 falls out of ordinary circumstances. This is because many organizations were in a situation to adapt to new environment and meet new challenges. The sudden change disrupted the schedule of billions of people around the world by forcing them to stay indoors. This pandemic situation continued to the year 2021 advanced digital transformation and migration to cloud to go with the work-from-home culture. Moreover, the pandemic raised the cybercrime due to the uncertainty throughout the remote working space.

         Throughout the year 2021, cybercrimes took attention in headline as immense disruptions that affected major organizations, government agencies and also supply chains for essential goods such as gasoline, meat etc. We may observe that among most of the cybercrimes, ransomware attacks have raised traumatically in the year 2021. Ransomeware is one form of malicious software that encrypts a computer and a ransom is demanded from the victim in order to gain decryption. 

         Let’s explore some of the major ransomware attacks took place in the year 2021.

COLONIAL PIPELINE

         The Colonial Pipeline turned out as a victim of a ransomware attack occurred in May 2021. The Colonial Pipeline is one of the largest and most crucial oil pipelines in the U.S. The Colonial Pipeline transports refined oil for gasoline, jet fuel and the hack led to scarcity of the fuel across the East Coast. 

         The Colonial Pipeline hack took place as a result of single compromised password. Most of the organizations use VPN for secure and encrypted remote access into a corporate network. It seems that a Colonial Pipeline employee used the similar password for the VPN in another location and that password was compromised.

         The DarkSide hackers was behind the attack. Firstly, the attackers stole 100 Gigabytes of data and then after this data theft, the attackers ruined the Colonial Pipeline IT network with ransomware that infected many computer systems that includes billing and accounting. The DarkSide hackers demanded a ransom of 75 bitcoin, which was approximately $4.4 million on May 7. The Colonial Pipeline paid the ransom to the DarkSide hackers in order to speed up the recovery time. The Department of Justice found the digital address of the wallet used by the hackers and got the court order to seize the bitcoin. Out of 75 bitcoin, 65 bitcoin were recovered, which was approximately $2.4 million.

ACER

         Acer is one of the world’s largest vendors of personal computers and device manufacturer. In the year 2021, Acer has gone through cyber attacks in the month of March and in the month of October.

         In March 2021, Acer has been stricken with a $50 million ransomware demand from the Taiwanese firm. This is one of the biggest ransomwares to date. The Bleeping Computer, which is an information security and technology news publication site, first reported the attack and has published a replica of the ransom note.  The attack was carried out by the REvil ransomware gang, which is known for the double extortion technique. In the double extortion technique, the cyber attackers go beyond just encryption and threatens the victim like, they wound leak the victim’s confidential data if their demand was not met. But Acer did not come up with a clear-cut answer about the REvil ransomware attack. Alternatively, they said that they have reported abnormal situations to the relevant authorities.

         In October 2021, Acer again undergoes a gigantic data breach on local after-sales service system in India. The cyber attackers affirmed that they had exfiltrated 60 Gigabytes of files and databases from the service systems in India. The lost data includes distributor, client and retailer details and also the log-in information, financial and audit details. Acer has confirmed the hack and said that their security team identified an “isolated attack” on their local after-sales service system in India. After the attack is identified, they immediately took action on the basis of their security protocols and they did full scan of their systems. They also reported that they had no material influence to their operations and business continuity.

JBS FOODS

         JBS Foods is a leading meat supplier in the world. JBS Foods became a victim of ransomware attack in the last weekend of May 2021, which disrupted their operations in North America and Australia. As a response to this ransomware attack, the subsidiary of Brazilian firm ceased slaughtering of cattle at all of their U.S plants. These actions threatened the food supply chains and elevated the high food prices further.

         The attack was done by REvil hacker gang, which is the Russia-linked hacker gang. The attackers locked the users out of their databases and refused access to relevant information until the victim settles the demanded ransom. JBS Foods paid a ransom of $11 million. The CEO of JBS Foods, Andre Nogueira decided to pay the ransom. He said that this was a hard decision to compel up with for their company and also for him personally. Also, he added in his statement that this decision had to be made in order to resist any potential risk to their customers. 

BRENNTAG       

         Brenntag is a leading global chemicals and ingredients distribution company. This worldwide organization is headquartered in Essen, Germany, operating in more than 77 countries globally. Brenntag was hit by the ransomware attack in the month of May, 2021. DarkSide Hackers Gang, who targeted Colonial Pipeline in U.S, had done this ransomware attack. The cyber attackers attacked the North American division of Brenntag.

         Brenntag organization assured that the information stolen might comprise of birthdates of the candidates, social security numbers, driver’s license numbers and health information. But there is no confirmation for the misuse of the stolen information. Moreover, the affected candidates were instructed to scrutinize their account statements and observe free credit reports for identity theft and fraudulent ventures. This hacker gang had claimed to have stolen 150 GigaBytes of data during their hack. Also, in order to confirm their claims, the hackers gang designed a private leak page that encompasses the delineation of the stolen information and screenshots of some files. At first, the DarkSide Ransomware Hackers desired $7.5 million ransom. But after the negotiation, Brenntag paid $4.4 million ransom to DarkSide Ransomware Gang.

CONCULSION

         Ransomware technique used by hackers caused a lot of damage and insecure feel for the organizations and countries. These attacks emphasize the significance of enforcing multi-factor authentication for all the logins of a network. Also, there is a need for highly educated cybersecurity experts to address the attacks we are facing nowadays. Educating the users play vital role in cybersecurity.

         As we all know, the year 2020 falls out of ordinary circumstances. This is because many organizations were in a situation to adapt to new environment and meet new challenges. The sudden change disrupted the schedule of billions of people around the world by forcing them to stay indoors. This pandemic situation continued to the…