Ransomware attacks have seen a dramatic and unprecedented uptick over the past year. Stay at home restrictions and chaos associated with the COVID-19 pandemic has created new vulnerabilities, while also spreading security too thin to adequately cover previously existing weak points.
What is a ransomware attack?
A ransomware attack occurs when a malicious hacker steals information from or locks up a company’s network and demands a ransom in exchange for regaining system control. Ransomware criminals often threaten to release or sell sensitive information online through hacker forums or online marketplaces.
Do companies recover from ransomware attacks?
After a ransomware attack, many businesses are simply unable to restore their systems quickly enough to keep up with the criminals. In desperation, 70% of companies hit with these attacks end up paying the ransom to free their networks and keep their sensitive data private. Unfortunately for them, even the most optimistic data shows that when they have given in to the demands of the criminals, only 26% of them actually get their files unlocked.
As cyber attacks become more common and continue to raise the stakes by targeting larger victims, payouts are becoming more frequent and increasingly large.
Here are some of the largest ransomware payouts in recent history
University of California San Francisco (UCSF): $1.14 million
The University of California San Francisco fell victim to a cyberattack on June 1st of 2020 that paralyzed the computer system of the UCSF School of Medicine. While the IT staff was able to prevent the infection from spreading, the servers were completely encrypted. After negotiations with a ransomware gang known as Netwalker, the school agreed to pay $1.14 million in the form of Bitcoin in exchange for a decryption key and the deletion of any stolen data. It is unknown if Netwalker kept up their end of the deal.
CWT Global: $4 million
After hackers made off with sensitive business files and claimed to have taken 30,000 computers offline, U.S. travel company CWT reportedly paid a ransom in an effort to recover their system. Online negotiations began with the criminals demanding a $10 million payout, but eventually CWT paid the hackers $4 million in Bitcoin. The hackers were reportedly in possession of two terabytes of data.
Colonial Pipeline: $4 million
In May of 2021, ransomware gang DarkSide attacked Colonial Pipeline’s business network, making it impossible for the company to bill its customers or track its fuel distribution. Because ransomware spreads so swiftly, Colonial shut down their operational technology network as a precautionary measure, essentially freezing the pipeline. U.S. residents felt the effects of this as gas stations across the country ran low on fuel, with some even having to close their pumps. The pressure was too much, and even though Colonial at first insisted that they wouldn’t play ball with the hackers, they eventually relented and forked over $4 million in Bitcoin to the criminals.
Brenntag: $4.4 million
An event that has been largely overshadowed by the hack of Colonial Pipeline is the ransomware attack carried out on U.S. chemical distribution company Brenntag, also at the hands of DarkSide. Over 150 GB of data was stolen from the company, initially held in exchange for over $7 million in ransom. After a few days of negotiation, Brenntag relented and paid $4.4 million in Bitcoin to DarkSide.
JBS: $11 million
JBS is the world’s largest meat company, as far as sales go. On May 30th of 2021, JBS was attacked by Russia-based ransomware gang REvil. The group left no trace as to how it was able to compromise JBS’ system, but effectively paralyzed the company with plants across the U.S. and Australia forced to stop operations. While JBS says that at the time of the payout most of their systems were back online, they claim to have paid $11 million in Bitcoin to ensure that REvil wouldn’t leak sensitive client or company information to the public. While a statement from the company says that they regret having to give in to REvil’s demands, they paid the ransom as an “insurance policy” against risking their customers.
CNA Financial: $40 million (reportedly)
Chicago-based insurance behemoth CNA was crippled by a ransomware attack in March of 2021, causing severe and widespread disruptions to its business. CNA was forced to take its systems completely offline, having fallen victim to a ransomware known as “Phoenix CryptoLocker,” courtesy of ransomware group Evil Corp who demanded $60 million.
While CNA has not made an official comment about their payment to Evil Corp, a report from Bloomberg says that the company paid a staggering $40 million to free their systems after about two weeks of being completely locked out.
How to prevent ransomware attacks
In spite of every hacked company issuing a statement regarding the “sophistication” of their attackers, some of the biggest and most damaging hacks in recent history have been executed thanks to people breaking some of these simple, common sense rules regarding passwords, updates, and basic cybersecurity education:
1. Update everything, all the time
Enable auto-updates when possible to stay on top of critical patches, and replace software that is no longer supported and potentially vulnerable. Keep a tight update schedule for all of your apps, operating systems, and devices.
2. Run a cybersecurity audit
Third party cybersecurity audits are utilized by companies to check the integrity of their security. These audits should be performed regularly, as tight cybersecurity is a moving target.
3. Get rid of that old hardware
Replace old hardware with refurbished firewalls or network switches to economically maintain security. Trading the old stuff for refurbished, name brand hardware from a reputable dealer is a great way to keep ahead of the curve and under budget.
4. Educated your workforce
Many hacks happen because people open the door to them by clicking on links to malware in phishing emails. Know that a lot of cybercrime is preventable with awareness, and make sure that your staff has an understanding of the dangers online.
5. Use a virtual private network
Virtual private networks, or VPNs, keep your web usage encrypted and secret. Using a VPN is a popular way to keep business internet traffic unseen and out of reach.
Insurance Giant CNA Hit with Novel Ransomware Attack by Elizabeth Montalbano, Threatpost, 26 March, 2021
The 5 biggest ransomware pay-outs of all time, by Luke Irwin, IT Governance, 18 May, 2021
One of the US’s largest insurance companies reportedly paid $40 million to ransomware hackers, by Mitchell Clark, 20 May, 2021
JBS Paid $11 Million to Resolve Ransomware Attack – WSJ wsj.com, by Jacob Bunge, The Wall Street Journal, 9 June, 2021
Only 26% of US companies that paid ransomware attackers had files unlocked, by Alison DeNisco Rayome, Tech Republic, 28 March, 2018
Pindrop Blog 70 Percent of Enterprise Ransomware Victims Paid Up, Data Shows, by Pindrop
This Year in Ransomware Payouts (2020 Edition) by Bianca Soare, Heimdel Security, 12 December, 2020
Beef supplier JBS paid ransomware hackers $11 million, by Kevin Collier, NBC News, 9 June, 2021
World’s Largest Meat Company Pays $11M in Bitcoin Ransomware Attack by Sebastian Sinclair, coindesk, 9 June 2021