When the internet developed into a sophisticated platform, it gradually evolved over time into a platform being exploited by cybercriminals. These cybercrimes preyed on people’s vulnerability to schemes especially when it involves winning money or downloading from suspicious websites.
Despite the massive information campaigns organized against cybercrimes, cybersecurity has always been breached as cybercrime schemes have also developed sophisticated schemes ranging from identity theft to ransomware.
The increasing threat of ransomware
In a report by the CyberEdge Group 2021 Cyberthreat Defense Group, 86.2% of surveyed organizations in the US experienced cyberattacks.
In a survey conducted by the Datto’s Global State of the Channel Ransomware Report in 2020, 89% of more than 200 Managed Service Providers (MPS), partners, and clients stated that ransomware is the most common cyberattack.
Ransomware is malicious software that will restrict users’ access to their accounts or websites until the payment has been made to unlock their attack. According to the U.S. Government’s Cybersecurity and Infrastructure Assurance Agency, ransomware would encrypt data and render systems unusable. Ransomware is an ever-evolving form of malware designed to encrypt files on a device. Most ransomware attacks would threaten to leak or sell data if no payment will be made.
Ransomware attacks have targeted corporate websites to extort money from businesses but it has also targeted government websites. These attacks were performed by nation-state actors to sow discord, disrupt organizational processes, and even take full control of these websites leading to information breaches of confidential national security data, identities, and financial statements.
Ransomware is not just detrimental to national security but is also detrimental to the economy. According to a report by Sophos, ransomware attacks have managed to collect up to $1.5 million as an average global cost. These figures are a manifestation of how sophisticated, detrimental, and global ransomware attacks are and to business, government or non-government, are actually safe.
The costly ransomware attacks from all over the world:
Kaseya is a company that provides IT Management Software to Managed Services Providers and IT Teams to improve efficiency and security.
Around July 2021, Kaseya was attacked by the hacker group REvile with an intention to inflict heavy economic losses worldwide. The hacker group sent a fake software update to Kaseya’s Virtual System Administrator. Through the fake update, the hacker group was able to access the data of Kaseya’s clients.
Kaseya has stated that the hacking group has gained access to their servers by exploiting zero-day vulnerabilities. A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched.
The consequence: More than 1,500 downstream businesses were affected by the breach.
Businesses such as schools and a national railway station were affected. Some businesses were disrupted or had to close down temporarily.
The demand price: The hacker group demanded Kaseya to pay $70 million in bitcoin to regain access to their clients’ databases.
The outcome: The FBI intervened in the attack. They were able to gain access to REvil’s system and recovered and restored the IT infrastructure of their clients.
- JBS Foods
It’s not just software companies that hacker groups were targeting. In May 2021, a ransomware attack made by REvil again was made against JBS foods, one of the biggest meat processing companies worldwide.
The consequence: Because of the ransomware attack, cattle slaughtering for a day was disrupted. It threatened food supply disruption and would’ve raised food prices for consumers.
The demand price: By late May 2021, the hacker group posted a message on the JBS website that is inviting anyone that they could pay the $11 million in bitcoin as a ransom so that they could only recover the encrypted files.
The outcome: On June 10, 2021, it was confirmed that JSB paid the $11 million ransom demand after consulting with cybersecurity experts. This massive payment was paid in bitcoin which the ransomware group demanded.
Another hacker group this time called the DarkSide, a criminal hacker group based in Eastern Europe, has attacked Brenntag in May 2021.
Brenntag SE is a chemical distribution company based in Berlin, Germany. The company has operations in more than 77 countries worldwide. Brenntag connects customers and suppliers of the chemical industry.
The consequence: DarkSide has stolen 150 GB worth of data.
The demand price: DarkSide demanded the equivalent of $7.5 million in bitcoin.
The outcome: Brenntag ended up paying $4.4 million, half of the demand price. It is considered to be one of the most expensive payments in ransomware history.
In May 2021, the European insurance company AXA was attacked by the Avaddon gang. According to the reports by The Daily Swig, the ransomware attack happened when the company altered changes in their policy in paying for cybersecurity insurance claims.
Ironically, this policy change led to the Revenge attack by the Avaddon group because the policy change would compromise their business model
AXA is a giant insurance firm that provides a broad range of insurance products tailored according to the needs of individuals and businesses. Some of their insurance policies include savings, health, personal protection, and retirement plans.
The consequence: AXA revealed that Avaddon was able to steal three terabytes of data. These data included personal data and medical records.
The demand: The ransomware group demanded AXA to pay an undisclosed amount of money within ten days or else the personal data of their vast clientele would be released publicly.
The outcome: Avaddon group actually released 20 screenshots to prove that they were serious in collecting their demand. Because of the attack, AXA France needed to suspend their operations until analyses were drawn. Steps were also taken to notify corporate clients and individuals about the breach.
- Colonial Pipeline
In May 2021, DarkSide has attacked one of the vital infrastructures in the US which is the Colonial Pipeline. Colonia Pipeline supplies about half of the East Coast’s gasoline because they carry 2.5 million barrels a day of gasoline, diesel, and other related products on its route from Texas to New Jersey.
According to a report by the S&P’s Oil Price Information Service, there were about 1,000 gas stations that encountered shortages. Other reports include 3,900 gas stations reported running out of fuel in Virginia and 5,400 gas stations also ran out of gas in North Carolina.
The ransomware attack against Colonial Pipeline is reported to be one of the most devastating attacks against critical infrastructure.
The consequence: The company had to shut down its operations, causing panic buying and price hikes on gas.
The demand: DarkSide has demanded a ransom of about $11 million
The outcome: Colonial Pipeline released a statement that they paid $4.4 million worth of bitcoin to DarkSide. Aside from the demand price that they paid, Colonial also needed to spend more for restoring their systems for several months since the attack.
Protection versus expensive restorations
These reported ransomware attacks have cost more trouble than any other type of robberies. Most of these unfortunate industries have not anticipated the amount of damage that ransomware attacks could inflict upon them. The attacks have targeted industries that they could gain significant monetary benefits from. These attacks could harm critical infrastructures and various businesses if they won’t prepare for cyberspace attacks.
Investing in cybersecurity is a much fair cost for your protection and reputation. You could give us a call or request a demo about what CTS could offer you. Learn from what the other industries How Can You Safeguard Your Business From Ransomware Attacks?