10 of the biggest ransomware attacks in the second half of 2021
Ransomware attacks confirmed no sign of slowing down in 2021 as enterprises continued to fall sufferer to data theft and the forced shutdown of operations.
In the course of the very first fifty percent of 2021, attacks struck significant infrastructure organizations and authorities agencies, creating substantial fallout. Ransomware gangs specific bigger organizations with more and more big ransom needs.
Those tendencies continued, and no sector was left unturned in the 2nd fifty percent of 2021, such as cryptocurrency exchanges. Extortion remained a essential tactic for ransomware teams and in many cases, data leak internet sites called attention to attacks even just before firms disclosed the incidents. Attackers appeared to stick to via on many of people threats by exposing delicate files.
Below are ten of the greatest ransomware attacks for the 2nd fifty percent of the 12 months as 2021 arrives to a near.
one. Kaseya
On July 2, Kaseya endured a source chain attack when REvil operators hit the seller that provides remote administration software package for managed services companies (MSPs). In a assertion to its internet site, Kaseya attributed the attack to the exploitation of zero-day vulnerabilities in the on-premises model of its VSA item. The flaws authorized attackers to bypass authentication and use VSA to remotely send out arbitrary instructions, main to the deployment of ransomware on MSPs’ shoppers. The broad mother nature of the incident garnered the attention of the FBI, which issued an incident reaction guideline.
As of July, Kaseya said it was “mindful of fewer than 60 prospects” impacted by the attack, but the fallout attained “one,500 downstream businesses.” In an incident update on July 22, Kaseya said it “acquired a universal decryptor essential” from a third bash and that it was operating to remediate impacted prospects. It turned out the third bash was not REvil, as Kaseya confirmed it did not negotiate with the attackers and “in no uncertain conditions” did not pay a ransom to attain the resource.
2. Accenture
World-wide consulting business Accenture confirmed it endured a ransomware attack in August, while at the time the company said there was “no effect” on operations or on clients’ systems. LockBit operators claimed accountability for the attack and set a countdown to leak the stolen data to their general public leak site if a ransom was not paid. In the assertion to SearchSecurity, Accenture said it “immediately contained the matter and isolated the affected servers” and totally restored affected systems from backups. Having said that, in an SEC filing in October, Accenture disclosed that some consumer systems had been breached, and attackers stole and leaked proprietary company data.
3. Ferrara Candy Business
This attack built the record for its unlucky timing, as the sweet corn company was hit suitable just before Halloween. Ferrara disclosed to media outlets that it was hit by a ransomware attack on Oct. 9 and was operating with legislation enforcement in an investigation, as well as with a technological staff to “restore impacted systems.” Though productivity was impacted, as of Oct. 22 get the job done had resumed in “pick out producing facilities” and shipping operations had been just about back to typical, according to the company. Ferrara did not disclose the type of ransomware or reveal if a ransom was paid in get to resume operations.
four. Sinclair Broadcast Group
On October sixteen, an investigation into a likely protection incident from Sinclair Broadcast Group uncovered the media conglomerate had endured a ransomware attack and data breach. Subsequently, Sinclair contacted a cybersecurity forensic business and notified legislation enforcement along with other authorities agencies. Though the type of ransomware, the extent of stolen data and whether a ransom was paid continue to be unclear, the attack triggered disruptions to “selected workplace and operational networks.” That disruption provided some Sinclair-owned broadcast networks that skilled technological difficulties similar to the ransomware attack and had been temporarily unable to broadcast. As of a assertion on October 18, Sinclair said it “simply cannot identify” the attack’s “material effect on its business, operations or economic benefits.”
5. Eberspächer Group
A ransomware attack from the international automotive provider triggered extended downtime at output crops and, according to stories, forced paid time off for the some of the manufacturing unit workforce. In a assertion to its internet site, Eberspächer Group, which operates fifty crops, said it was the sufferer of a ransomware attack on Oct. 24 that impacted part of its IT infrastructure. Authorities had been contacted and precautionary actions had been taken to shut down all IT systems and disconnect the network. Updates posted to Twitter confirmed Eberspächer’s internet site was offline via Nov. 29, additional than just one month later on. Having said that, “most crops all over the world” had been providing as of Nov. 5, when Eberspaecher tweeted that it was “on the suitable track.”
six. National Rifle Association
At the finish of October, stories surfaced that the National Rifle Association (NRA) was the sufferer of a ransomware attack soon after Grief ransomware operators posted alleged confidential data to its general public leak site. Though the NRA did not validate the ransomware attack or problem a general public assertion, it did react on Twitter. Andrew Arulanandam, taking care of director of NRA general public affairs, said the “NRA does not examine issues relating to its bodily or digital protection.” It’s unclear what the ransom desire was, or whether the nonprofit organization paid it.
7. BTC-Alpha
In a assertion to SearchSecurity, cryptocurrency platform BTC-Alpha confirmed it was the sufferer of a ransomware attack at the beginning of November, suitable close to its 5-12 months anniversary. Though it appears no money had been impacted, the attack did acquire down BTC-Alpha’s internet site, as well as its app, which remained out of commission via Nov. twenty. In the beginning, a screenshot posted to Twitter by threat intelligence business DarkTracer sparked rumors of an attack from the cryptocurrency exchange. According to the screenshot, LockBit claimed to have encrypted BTC-Alpha’s data, a prevalent tactic employed by ransomware gangs to pressure victims into paying out. BTC-Alpha founder and CEO Vitalii Bodnar has due to the fact attributed the attack to a competitor and said he “doubts the attack was similar to LockBit,” but could not share additional info as the investigation was continue to underway.
[Alert] LockBit ransomware gang has introduced “Cryptocurrency Exchange” on the sufferer record. pic.twitter.com/pA2bh1Vmte
— DarkTracer : DarkWeb Legal Intelligence (@darktracer_int)
November 17, 2021
8. MediaMarkt
MediaMarkt built the record for each its dimension — around one,000 digital retail retailers in Europe and around fifty,000 workforce — as well as the substantial volume of the alleged desire built in this ransomware attack. A report by Bleeping Laptop or computer on Nov. 8 said the desire was $240 million and attributed it to the Hive ransomware group. Cybersecurity company Group-IB specific Hive’s action and located the ransomware-as-a-services group claimed hundreds of victims in just six months. According to Group-IB, it took Hive fewer than fifty percent a 12 months to split the report for best ransom desire. Though MediaMarkt confirmed to Bleeping Laptop or computer that a cyber attack took place, it can be unclear when the firm’s operations had been totally restored and whether a ransom payment was built.
9. Top-quality As well as
Pure fuel provider Top-quality As well as Corp. confirmed it was the sufferer of a ransomware attack that happened on Dec. 12. In a assertion on Dec. 14, the Canada-centered corporation said it “temporarily disabled selected pc systems and applications” in the wake of an investigation and “is in the system of bringing these systems back on the web.” Independent cybersecurity professionals had been hired to guide in the investigation. At the time of the assertion, Top-quality As well as said it had “no proof that the protection or protection of any buyer or other personal data had been compromised.” Top-quality As well as grew to become the hottest energy company to go through a ransomware attacks, next the significant-profile and disruptive attack on Colonial Pipeline Business previously this 12 months.
ten. Kronos
On Dec. eleven, Kronos Incorporated noticed unusual action in its private cloud that provided encrypted servers. Two days later on, the workforce administration service provider notified prospects that it was the sufferer of a ransomware attack. In pretty specific updates offered to its internet site, Kronos said in reaction it shut down additional than “18,000 bodily and virtual systems, reset passwords and disabled VPN site-to-site connections on the UKG side.” The incident impacted Kronos Personal Cloud, Workforce Central, Telestaff, Healthcare Extensions and UKG scheduling and workforce administration for banks. 1 substantial problem was the ransomware attack’s effect on worker paychecks, due to the fact the HR systems service provider is broadly known for its payroll and time administration systems. Very last up-to-date on Monday, Kronos said “due to the mother nature of the incident, it may possibly acquire up to numerous weeks to totally restore method availability.”
