10 of the biggest ransomware attacks in the second half of 2021

Ransomware assaults showed no indicator of slowing down in 2021 as enterprises ongoing to drop sufferer to info theft and the pressured shutdown of operations.

During the 1st 50 percent of 2021, assaults struck vital infrastructure corporations and federal government companies, resulting in considerable fallout. Ransomware gangs specific bigger corporations with ever more big ransom requires.

People trends ongoing, and no sector was still left unturned in the 2nd 50 percent of 2021, which includes cryptocurrency exchanges. Extortion remained a crucial tactic for ransomware groups and in lots of conditions, info leak internet sites known as interest to assaults even before companies disclosed the incidents. Attackers appeared to observe as a result of on lots of of those people threats by exposing delicate files.

Listed here are 10 of the major ransomware assaults for the 2nd 50 percent of the calendar year as 2021 will come to a near.

1. Kaseya

On July 2, Kaseya suffered a provide chain assault when REvil operators strike the vendor that offers remote administration program for managed provider providers (MSPs). In a assertion to its website, Kaseya attributed the assault to the exploitation of zero-working day vulnerabilities in the on-premises version of its VSA products. The flaws allowed attackers to bypass authentication and use VSA to remotely ship arbitrary commands, main to the deployment of ransomware on MSPs’ purchasers. The wide character of the incident garnered the interest of the FBI, which issued an incident response tutorial.

As of July, Kaseya stated it was “mindful of fewer than sixty clients” impacted by the assault, but the fallout achieved “1,500 downstream enterprises.” In an incident update on July 22, Kaseya stated it “received a common decryptor crucial” from a 3rd celebration and that it was working to remediate impacted clients. It turned out the 3rd celebration was not REvil, as Kaseya confirmed it did not negotiate with the attackers and “in no uncertain phrases” did not pay a ransom to receive the software.

Kaseya, Fred Voccola
In a video assertion, Kaseya CEO Fred Voccola talked about his company’s response to the provide chain assault and ensuing ransomware infections that took location just before the July 4th weekend.

2. Accenture

World-wide consulting company Accenture confirmed it suffered a ransomware assault in August, even though at the time the business stated there was “no impression” on operations or on clients’ methods. LockBit operators claimed responsibility for the assault and established a countdown to leak the stolen info to their public leak web-site if a ransom was not paid. In the assertion to SearchSecurity, Accenture stated it “immediately contained the make any difference and isolated the influenced servers” and entirely restored influenced methods from backups. On the other hand, in an SEC submitting in October, Accenture disclosed that some consumer methods had been breached, and attackers stole and leaked proprietary business info.

three. Ferrara Sweet Corporation

This assault manufactured the listing for its unlucky timing, as the sweet corn company was strike suitable before Halloween. Ferrara disclosed to media retailers that it was strike by a ransomware assault on Oct. nine and was working with legislation enforcement in an investigation, as very well as with a complex team to “restore impacted methods.” While productivity was impacted, as of Oct. 22 perform experienced resumed in “pick out production facilities” and shipping and delivery operations had been almost again to typical, according to the business. Ferrara did not disclose the sort of ransomware or reveal if a ransom was paid in get to resume operations.

4. Sinclair Broadcast Group

On October sixteen, an investigation into a likely security incident against Sinclair Broadcast Group disclosed the media conglomerate experienced suffered a ransomware assault and info breach. Subsequently, Sinclair contacted a cybersecurity forensic company and notified legislation enforcement alongside with other federal government companies. While the sort of ransomware, the extent of stolen info and whether a ransom was paid continue to be unclear, the assault brought on disruptions to “specific workplace and operational networks.” That disruption involved some Sinclair-owned broadcast networks that experienced complex difficulties associated to the ransomware assault and had been temporarily unable to broadcast. As of a assertion on October eighteen, Sinclair stated it “cannot decide” the attack’s “material impression on its enterprise, operations or economical outcomes.”

5. Eberspächer Group

A ransomware assault against the worldwide automotive supplier brought on prolonged downtime at creation crops and, according to experiences, pressured paid time off for the some of the manufacturing unit workforce. In a assertion to its website, Eberspächer Group, which operates 50 crops, stated it was the sufferer of a ransomware assault on Oct. 24 that impacted aspect of its IT infrastructure. Authorities had been contacted and precautionary actions had been taken to shut down all IT methods and disconnect the network. Updates posted to Twitter showed Eberspächer’s website was offline as a result of Nov. 29, far more than one month afterwards. On the other hand, “most crops all over the world” had been providing as of Nov. 5, when Eberspaecher tweeted that it was “on the suitable observe.”

6. Countrywide Rifle Affiliation

At the conclusion of October, experiences surfaced that the Countrywide Rifle Affiliation (NRA) was the sufferer of a ransomware assault following Grief ransomware operators posted alleged private info to its public leak web-site. While the NRA did not validate the ransomware assault or problem a public assertion, it did answer on Twitter. Andrew Arulanandam, handling director of NRA public affairs, stated the “NRA does not explore issues relating to its actual physical or electronic security.” It’s unclear what the ransom need was, or whether the nonprofit group paid it.

7.  BTC-Alpha

In a assertion to SearchSecurity, cryptocurrency system BTC-Alpha confirmed it was the sufferer of a ransomware assault at the beginning of November, suitable all around its five-calendar year anniversary. While it seems no funds had been impacted, the assault did take down BTC-Alpha’s website, as very well as its application, which remained out of commission as a result of Nov. 20. In the beginning, a screenshot posted to Twitter by risk intelligence company DarkTracer sparked rumors of an assault against the cryptocurrency exchange. According to the screenshot, LockBit claimed to have encrypted BTC-Alpha’s info, a widespread tactic employed by ransomware gangs to stress victims into spending. BTC-Alpha founder and CEO Vitalii Bodnar has because attributed the assault to a competitor and stated he “doubts the assault was associated to LockBit,” but could not share far more info as the investigation was nevertheless underway.

eight. MediaMarkt

MediaMarkt manufactured the listing for both of those its measurement — more than 1,000 electronic retail merchants in Europe and more than 50,000 employees — as very well as the considerable amount of the alleged need manufactured in this ransomware assault. A report by Bleeping Computer system on Nov. eight stated the need was $240 million and attributed it to the Hive ransomware group. Cybersecurity business Group-IB detailed Hive’s exercise and identified the ransomware-as-a-provider group claimed hundreds of victims in just 6 months. According to Group-IB, it took Hive considerably less than 50 percent a calendar year to crack the report for best ransom need. While MediaMarkt confirmed to Bleeping Computer system that a cyber assault took location, it truly is unclear when the company’s operations had been entirely restored and whether a ransom payment was manufactured. 

nine. Remarkable Plus

Natural gasoline supplier Remarkable Plus Corp. confirmed it was the sufferer of a ransomware assault that happened on Dec. twelve. In a assertion on Dec. fourteen, the Canada-based mostly company stated it “temporarily disabled specific computer system methods and apps” in the wake of an investigation and “is in the method of bringing these methods again on the internet.” Impartial cybersecurity authorities had been employed to help in the investigation. At the time of the assertion, Remarkable Plus stated it experienced “no evidence that the protection or security of any consumer or other individual info experienced been compromised.” Remarkable Plus grew to become the most recent power business to suffer a ransomware assaults, next the higher-profile and disruptive assault on Colonial Pipeline Corporation earlier this calendar year.

10.  Kronos

On Dec. 11, Kronos Included spotted unconventional exercise in its personal cloud that involved encrypted servers. Two days afterwards, the workforce administration supplier notified clients that it was the sufferer of a ransomware assault. In fairly detailed updates provided to its website, Kronos stated in response it shut down far more than “eighteen,000 actual physical and digital methods, reset passwords and disabled VPN web-site-to-web-site connections on the UKG aspect.” The incident impacted Kronos Private Cloud, Workforce Central, Telestaff, Healthcare Extensions and UKG scheduling and workforce administration for banking institutions. One particular considerable concern was the ransomware attack’s impression on staff paychecks, because the HR methods supplier is widely known for its payroll and time administration methods. Past updated on Monday, Kronos stated “due to the character of the incident, it may well take up to various months to entirely restore procedure availability.”