We’ve discussed the rise of ransomware demands many times on this blog. However, it bears repeating that this cybercrime is one of the scourges of the modern tech era. As we reach the end of 2021, the unfortunate fact is that ransomware hackers are enjoying a profitable business, bringing in billions according to a report released by FinCEN, the US Treasury’s Financial Crimes Enforcement Network.
The report outlined the significant growth in ransomware demands and payouts in the first half of 2021, analyzing suspicious activity reports from financial institutions. It also estimated how much some hacking operations were making by analyzing blockchain transactions connected to their online wallets. Reports of suspicious ransomware-connected transactions added up to an estimated $590 million from January 2021 to June 2021. One of the more incredible numbers reported is that the top 10 hacking operations have taken over $5.2 billion worth of Bitcoin since 2018.
It’s a staggering figure, but it may not be an entirely accurate one. FinCEN arrived at that number by locating wallets connected to payments to the top 10 ransomware operations, then assessing their outgoing transactions. The hacking teams may conceivably have additional crypto hidden in wallets they haven’t accessed yet, or they may be keeping the wealth in the form of other types of currency. The research only included Bitcoin, and the report points to the fact that hackers are increasingly asking for alternative currencies, such as Monero.
Four months ago, Chainalysis labeled 2020 “the year of ransomware” and postulated that 2021 may earn the same title. While 2020 saw an impressive amount of ransomware activity, 2021 has indeed assumed the dubious title. FinCEN estimates that there was $200 million more paid out in the first six months of 2021 than all twelve months of 2020. Experts say that if the trend keeps up, cybercriminals could take in more from ransomware in 2021 than they have for the past ten years combined.
Notable 2021 Ransomware Demands and Attacks
In 2021 thus far, ransomware hackers publicly went after and extorted major tech companies, pipelines, hospitals, and insurance companies. These types of attacks are increasingly in the news and causing distress.
Colonial Pipeline: The late April Colonial Pipelineattack was the most public and made a significant impact as the pipeline is a vital part of the national infrastructure. The system being down disrupted the gas supply throughout the East Coast causing chaos and panic buying. Darkside hackers were named in the crime.
Brenntag: In early May, the same hacker operation that took down the Colonial Pipeline targeted Brenntag, a chemical distribution company – netting DarkSide $4.4 million, one of the highest ransomware payments in history.
Acer: Computer manufacturer Acer sustained an attack by the REvil hacker group. REvil hackers exploited a vulnerability in a Microsoft Exchange server to obtain access to Acer’s files and released sensitive financial documents and spreadsheets.
JBS Foods: Another high-profile May ransomware attack targeted JBS Foods, one of the largest meat processing companies in the world. Russia-based REvil was again behind the attack. JBS paid the $11 million ransom demand in bitcoin.
Quanta: The REvil hacker team demanded a $50 million ransom from computer manufacturer Quanta in April. Although Quanta is not as well known as other targets, it is one of Apple’s most significant business partners. Quanta refused to negotiate with REvil, who then turned and attacked Apple instead. However, the incident seemed to fizzle out and Apple never publicly acknowledged the attack.
The NBA: One of the most unexpected organizations on this list was the National Basketball Association (NBA). Hacker group Babuk stole 500 GB of confidential data regarding the Houston Rockets. As of this posting, no ransom payments were met.
AXA: European insurance company AXA was the target of the Avaddon gang. The attack happened soon after the company stated they would cease reimbursing many of their clients for ransomware payments.
CNA: Another big insurance firm was victimized in March, with the hacker operation encrypting 15,000 devices, including many computers of employees working remotely. The attack utilized a new type of malware known as Phoenix CryptoLocker.
KIA Motors: Kia Motors, a subsidiary of Hyundai, reported a widespread IT and systems outage. Although widely believed to be an attack, KIA never confirmed.
Cyber and ransomware attacks are not limited to large companies. SMBs are frequently targeted by cybercriminals. If your company is looking for protection against this type of attack, the experts at Alliance IT can help. Call today to learn more about proactive measures your organization can implement to strengthen your security.
