Recent Ransomware Attacks & What We Learned

Ransomware is one of the most severe cyber threats facing businesses today. While this branch of cybercrime is far from new, it’s surging – ransomware attacks grew by 105% globally in 2021 alone. Many recent ransomware attacks are also among the largest and most significant.

While this trend is alarming, it also presents organizations with an opportunity to improve. The biggest ransomware attacks of the past two years reveal important security lessons that businesses should take to heart. 

This article is sponsored by the nonprofit Center for Internet Security (CIS). The Center for Internet Security, Inc. (CIS®) is responsible for globally recognized best practices for securing IT systems and data including the CIS Benchmarks™ and CIS Controls®. CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. See the CIS blog for more on cybersecurity best practices and current cyber issues.

Latest ransomware attacks & takeaways

With the growing threat of ransomware looming large, here are five of the latest ransomware attacks that have provided valuable lessons for all types of businesses:

  1. MediaMarkt
  2. Kaseya
  3. JBS
  4. Colonial Pipeline
  5. The University of California at San Francisco

1. MediaMarkt – November 2021

European electronics retailer MediaMarkt suffered a massive ransomware attack in early November 2021. The attack affected as many as 3,100 servers, rendering cash registers across numerous stores incapable of accepting credit cards or printing receipts. Hive—the ransomware group behind the attack—initially demanded $240 million, though it reduced the ransom shortly afterward.

MediaMarkt didn’t suspend operations after discovering the attack, but the company did limit in-store services and shut down some IT resources to contain it. After negotiating with Hive, MediaMarkt was able to lower the ransom to $50 million, though it remains unclear whether the company restored the compromised systems or paid the ransom.

What we learned:

The MediaMarkt attack is significant for its size and target. It highlights the growing trend of cybercriminals targeting retailers, who often have valuable data but may lack cybersecurity resources. The high initial demand also emphasizes attackers’ growing confidence and greed. Security professionals in retail sectors must prepare for increasingly severe attacks.

2. Kaseya – July 2021

Another one of the biggest ransomware attacks in recent years struck Kaseya in July 2021. The attack on the IT company trickled down to 1,500 organizations by infecting roughly 50 managed service providers using Kaseya’s products.

The infamous REvil group demanded $70 million to restore the damage, though Kaseya refused to pay. A third-party security firm developed a universal decryption key to undo the attack, but its sheer scale was enough to capture Homeland Security’s attention. The Cybersecurity and Infrastructure Security Agency (CISA) published ransomware guidelines less than two weeks later.

What we learned:

This attack highlights the importance of not paying the ransom, as Kaseya was able to avoid paying $70 million and restore their systems. It also demonstrates how attacks on one entity can spread to many others, like how the recent Red Cross hack targeted a third-party data center and affected more than 500,000 people.

3. JBS – May 2021

REvil was behind another of the latest ransomware attacks, too. The May 2021 attack on JBS Foods—a meat producer—halted production in at least five facilities, including the company’s five largest.

JBS opted to pay the ransom, which totaled $11 million. While security professionals advise against paying these ransoms, the company says they did it to avoid further disruption, including meat shortages in restaurants and grocery stores across the nation.

What we learned:

The JBS attack is one of the highest-profile examples of a ransomware attack on industrial facilities. These targets have become increasingly popular as Industry 4.0 technology adoption outpaces that of new security measures. It also stands as a warning of ransomware’s increasing complexity, as the attack was too sophisticated for JBS to undo without paying.

4. Colonial Pipeline – May 2021

The Colonial Pipeline incident is one of the most infamous ransomware attacks in recent history. The attack resulted in gas shortages and widespread panic as one of the country’s largest pipelines shut down. Despite its massive scale, the attack itself was fairly straightforward: exploiting a legacy VPN profile that didn’t have multi-factor authentication (MFA) turned on.

One day after the May 7 attack, Colonial Pipeline paid the $5 million ransom to resume operations and fight the resulting gas shortage. However, the FBI was able to recover $2.3 million from a Bitcoin wallet belonging to DarkSide, the group behind the attack.

What we learned:

This incident provided a painful reminder of how vulnerable the nation’s critical infrastructure is. As governments and private companies incorporate more connected technologies into these systems, they must also improve their security. Without measures like encryption, microsegmentation, MFA, and network monitoring, cyberattacks could cause massive damage.

5. The University of California at San Francisco – June 2020

Another infamous ransomware group, Netwalker, struck the University of California at San Francisco (UCSF) on June 3, 2020. Researchers at the school had been researching a cure for COVID-19 when the malware encrypted its files. It’s unclear how it initially infected the system, but it likely came from a phishing email.

Netwalker initially demanded $3 million in ransom, but UCSF negotiated it down to $1.14 million. The school paid the ransom, unable to decrypt its systems otherwise. UCSF wasn’t alone, either, as researchers found that Netwalker had targeted at least two other universities within two months of this attack.

What we learned:

Schools are difficult environments to secure and often contain valuable financial and personal information. As a result, they make ideal ransomware targets and may find themselves increasingly targeted in the future. Educational organizations must take cybersecurity as seriously as businesses do.

Learn from recent ransomware attacks

These recent ransomware attacks aren’t the only instances in 2021 and 2020. These incidents are becoming alarmingly frequent, but each attack highlights a shortcoming or developing trend to notice. Cybersecurity professionals must pay attention to these developments to stay ahead of threats and reduce their vulnerabilities.

Read next: How to Prevent Ransomware Attacks

Devin Partida
Devin Partida
Devin Partida writes about business technology and innovation. Her work has been featured on Yahoo! Finance, Entrepreneur, Startups Magazine, and other industry publications. She is also the Editor-in-Chief of ReHack.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles