Ransomware attacks showed no signal of slowing down in 2021 as enterprises continued to fall target to facts theft and the forced shutdown of operations.
Throughout the to start with 50 % of 2021, attacks struck crucial infrastructure businesses and federal government companies, causing significant fallout. Ransomware gangs focused bigger businesses with more and more massive ransom needs.
These traits continued, and no sector was remaining unturned in the next 50 % of 2021, including cryptocurrency exchanges. Extortion remained a vital tactic for ransomware groups and in quite a few instances, facts leak internet sites termed focus to attacks even prior to providers disclosed the incidents. Attackers appeared to follow via on quite a few of those people threats by exposing sensitive documents.
In this article are 10 of the most important ransomware attacks for the next 50 % of the year as 2021 arrives to a near.
On July 2, Kaseya suffered a supply chain assault when REvil operators strike the vendor that provides remote administration software for managed assistance providers (MSPs). In a assertion to its internet site, Kaseya attributed the assault to the exploitation of zero-day vulnerabilities in the on-premises model of its VSA merchandise. The flaws authorized attackers to bypass authentication and use VSA to remotely send out arbitrary commands, top to the deployment of ransomware on MSPs’ clients. The wide nature of the incident garnered the focus of the FBI, which issued an incident reaction guide.
As of July, Kaseya mentioned it was “knowledgeable of fewer than 60 prospects” impacted by the assault, but the fallout reached “1,500 downstream businesses.” In an incident update on July 22, Kaseya mentioned it “acquired a common decryptor vital” from a 3rd get together and that it was operating to remediate impacted prospects. It turned out the 3rd get together was not REvil, as Kaseya confirmed it did not negotiate with the attackers and “in no uncertain phrases” did not pay back a ransom to obtain the resource.
World wide consulting organization Accenture confirmed it suffered a ransomware assault in August, though at the time the business mentioned there was “no influence” on operations or on clients’ units. LockBit operators claimed obligation for the assault and established a countdown to leak the stolen facts to their general public leak web page if a ransom was not paid. In the assertion to SearchSecurity, Accenture mentioned it “straight away contained the make any difference and isolated the influenced servers” and completely restored influenced units from backups. However, in an SEC filing in Oct, Accenture disclosed that some consumer units ended up breached, and attackers stole and leaked proprietary business facts.
3. Ferrara Candy Enterprise
This assault manufactured the listing for its regrettable timing, as the sweet corn manufacturer was strike appropriate prior to Halloween. Ferrara disclosed to media stores that it was strike by a ransomware assault on Oct. nine and was operating with legislation enforcement in an investigation, as effectively as with a technological crew to “restore impacted units.” Even though productiveness was impacted, as of Oct. 22 perform experienced resumed in “select manufacturing amenities” and shipping and delivery operations ended up almost back to typical, according to the business. Ferrara did not disclose the type of ransomware or reveal if a ransom was paid in buy to resume operations.
4. Sinclair Broadcast Group
On Oct 16, an investigation into a probable safety incident in opposition to Sinclair Broadcast Group disclosed the media conglomerate experienced suffered a ransomware assault and facts breach. Subsequently, Sinclair contacted a cybersecurity forensic organization and notified legislation enforcement along with other federal government companies. Even though the type of ransomware, the extent of stolen facts and no matter whether a ransom was paid remain unclear, the assault induced disruptions to “specific workplace and operational networks.” That disruption involved some Sinclair-owned broadcast networks that professional technological challenges related to the ransomware assault and ended up quickly not able to broadcast. As of a assertion on Oct eighteen, Sinclair mentioned it “are not able to establish” the attack’s “substance influence on its small business, operations or monetary outcomes.”
5. Eberspächer Group
A ransomware assault in opposition to the worldwide automotive supplier induced prolonged downtime at output plants and, according to stories, forced paid time off for the some of the factory workforce. In a assertion to its internet site, Eberspächer Group, which operates fifty plants, mentioned it was the target of a ransomware assault on Oct. 24 that impacted aspect of its IT infrastructure. Authorities ended up contacted and precautionary steps ended up taken to shut down all IT units and disconnect the community. Updates posted to Twitter showed Eberspächer’s internet site was offline via Nov. 29, additional than just one month later. However, “most plants around the globe” ended up providing as of Nov. 5, when Eberspaecher tweeted that it was “on the appropriate track.”
six. Nationwide Rifle Association
At the end of Oct, stories surfaced that the Nationwide Rifle Association (NRA) was the target of a ransomware assault just after Grief ransomware operators posted alleged confidential facts to its general public leak web page. Even though the NRA did not verify the ransomware assault or difficulty a general public assertion, it did react on Twitter. Andrew Arulanandam, taking care of director of NRA general public affairs, mentioned the “NRA does not discuss matters relating to its actual physical or digital safety.” It really is unclear what the ransom demand was, or no matter whether the nonprofit business paid it.
In a assertion to SearchSecurity, cryptocurrency platform BTC-Alpha confirmed it was the target of a ransomware assault at the commencing of November, appropriate all-around its five-year anniversary. Even though it seems no resources ended up impacted, the assault did just take down BTC-Alpha’s internet site, as effectively as its application, which remained out of fee via Nov. 20. At first, a screenshot posted to Twitter by menace intelligence organization DarkTracer sparked rumors of an assault in opposition to the cryptocurrency trade. According to the screenshot, LockBit claimed to have encrypted BTC-Alpha’s facts, a common tactic utilized by ransomware gangs to stress victims into having to pay. BTC-Alpha founder and CEO Vitalii Bodnar has given that attributed the assault to a competitor and mentioned he “uncertainties the assault was related to LockBit,” but could not share additional data as the investigation was however underway.
[Alert] LockBit ransomware gang has declared “Cryptocurrency Trade” on the target listing. pic.twitter.com/pA2bh1Vmte
— DarkTracer : DarkWeb Legal Intelligence (@darktracer_int)
November 17, 2021
MediaMarkt manufactured the listing for the two its measurement — about 1,000 digital retail shops in Europe and about fifty,000 employees — as effectively as the significant sum of the alleged demand manufactured in this ransomware assault. A report by Bleeping Pc on Nov. 8 mentioned the demand was $240 million and attributed it to the Hive ransomware group. Cybersecurity business Group-IB detailed Hive’s exercise and located the ransomware-as-a-assistance group claimed hundreds of victims in just six months. According to Group-IB, it took Hive fewer than 50 % a year to crack the file for maximum ransom demand. Even though MediaMarkt confirmed to Bleeping Pc that a cyber assault took spot, it truly is unclear when the company’s operations ended up completely restored and no matter whether a ransom payment was manufactured.
nine. Superior Plus
Natural gasoline supplier Superior Plus Corp. confirmed it was the target of a ransomware assault that occurred on Dec. 12. In a assertion on Dec. fourteen, the Canada-dependent corporation mentioned it “quickly disabled specific laptop units and apps” in the wake of an investigation and “is in the system of bringing these units back on the net.” Impartial cybersecurity professionals ended up hired to aid in the investigation. At the time of the assertion, Superior Plus mentioned it experienced “no proof that the security or safety of any customer or other individual facts experienced been compromised.” Superior Plus turned the most recent vitality business to go through a ransomware attacks, next the substantial-profile and disruptive assault on Colonial Pipeline Enterprise before this year.
On Dec. 11, Kronos Included spotted uncommon exercise in its personal cloud that involved encrypted servers. Two days later, the workforce administration company notified prospects that it was the target of a ransomware assault. In fairly detailed updates delivered to its internet site, Kronos mentioned in reaction it shut down additional than “eighteen,000 actual physical and virtual units, reset passwords and disabled VPN web page-to-web page connections on the UKG side.” The incident impacted Kronos Personal Cloud, Workforce Central, Telestaff, Health care Extensions and UKG scheduling and workforce administration for banking companies. Just one significant issue was the ransomware attack’s influence on personnel paychecks, given that the HR units company is commonly known for its payroll and time administration units. Last current on Monday, Kronos mentioned “because of to the nature of the incident, it may just take up to various months to completely restore technique availability.”