Ransomware attacks showed no signs of slowing down in 2021 as businesses continued to fall victim to data theft and forced shutdowns.
During the first half of 2021, Attacks hit critical infrastructure organizations and government agencies and had a significant impact. Ransomware gangs targeted larger companies with ever larger ransom demands.
These trends continued, and no sector was left unturned in the second half of 2021, including cryptocurrency exchanges. Blackmail remained a key tactic used by ransomware groups, and in many cases data breach sites alerted them to attacks even before companies disclosed the incidents. Attackers appeared to be tracking many of these threats by revealing sensitive files.
Here are 10 of the biggest ransomware attacks for the second half of the year as 2021 ends.
On July 2nd, Kaseya suffered from one Attack on the supply chain when REvil operators meet the vendor who provides remote management software for Managed Service Providers (MSPs). In one Explanation On its website, Kaseya attributed the attack to the exploitation of zero-day vulnerabilities in the on-premise version of its VSA product. The bugs allowed attackers to bypass authentication and use VSA to remotely send arbitrary commands, resulting in ransomware being deployed on the MSPs’ clients. The broad nature of the incident caught the attention of the FBI, the issued a guide to incident response.
In July, Kaseya said there were “fewer than 60 known customers” affected by the attack, but the impact reached “1,500 downstream companies”. In a July 22nd incident update, Kaseya said it had “received a universal decryption key” from a third party and was working to fix affected customers. It turned out that the third party was not REvil, as Kaseya confirmed that she did not negotiate with the attackers and “in plain language” did not pay a ransom to obtain the tool.
Global consulting firm Accenture confirmed that it suffered a ransomware attack in August, even though the company said at the time it had “no impact” on customers’ operations or systems. LockBit operator asserts Take responsibility for the attack and set a countdown to release the stolen data to their public leak site if no ransom has been paid. In a statement to SearchSecurity, Accenture said it “immediately contained the matter and isolated the affected servers” and fully restored affected systems from backups. However, in an SEC filing in October Accenture released that some client systems have been attacked and that attackers have stolen and leaked proprietary company data.
3. Ferrara Candy Company
This attack was put on the list because of its unfortunate timing as the sweet corn maker was hit just before Halloween. Ferrara disclosed to the media that it was hit by a ransomware attack on October 9th and is working with law enforcement and a technical team on an investigation to “restore affected systems”. Although productivity was impacted, work at “select manufacturing sites” resumed on October 22nd, and shipping operations were almost back to normal, according to the company. Ferrara did not disclose the nature of the ransomware, nor did it disclose whether a ransom was paid to restart operations.
4. Sinclair Broadcast Group
On October 16, a potential security incident was reported against Sinclair Broadcast Group announced that the media company had suffered a ransomware attack and a data breach. Sinclair then contacted a forensic cybersecurity firm and notified law enforcement along with other government agencies. While the nature of the ransomware, the extent of the data stolen and whether a ransom was paid remained unclear, the attack caused disruption to “certain office and business networks”. This malfunction included some of Sinclair’s own broadcast networks that were experiencing technical difficulties related to the ransomware attack and were temporarily unable to broadcast. A sofa Explanation On October 18, Sinclair said it could “not determine the material impact of the attack on its business, operations or financial results.”
5. Eberspaecher Group
A ransomware attack on the international automotive supplier led to prolonged downtimes in production plants and noisy Reports, forced paid time off for part of the factory workforce. The Eberspächer Group, which operates 50 plants, announced in a statement on its website that it was the victim of a ransomware attack on October 24th that attacked part of its IT infrastructure. Authorities were contacted and precautions were taken to shut down all IT systems and disconnect the network. Updates published at Twitter showed that the Eberspaecher website was offline until November 29, more than a month later. However, “most of the plants worldwide” delivered on November 5th, as Eberspächer tweeted that it was “on the right track”.
6. National Shooting Association
End of October, Reports announced that the National Rifle Association (NRA) fell victim to a ransomware attack after Grief ransomware operators allegedly posted confidential information on their public leak site. While the NRA did not confirm the ransomware attack or make a public statement, it responded Twitter. Andrew Arulanandam, executive director of NRA Public Affairs, said the NRA is not discussing matters related to its physical or electronic security. It’s unclear what the ransom note was or if the nonprofit paid it.
7th BTC alpha
In one Explanation According to SearchSecurity, the cryptocurrency platform BTC-Alpha confirmed that it was the victim of a ransomware attack in early November, shortly before its fifth anniversary. Although no funds appear to have been affected, the attack destroyed BTC-Alpha’s website as well as the app, which remained out of service until November 20th. First, a screenshot posted on Twitter by threat intelligence firm DarkTracer sparked rumors of an attack on the cryptocurrency exchange. According to the screenshot, LockBit claimed to have encrypted BTC-Alpha’s data, a common tactic used by ransomware gangs to pressure victims to pay. BTC-Alpha founder and CEO Vitalii Bodnar has since attributed the attack to a competitor, saying he “doubts the attack was LockBit related” but cannot share further information as the investigation is ongoing.
[ALERT] The LockBit ransomware gang announced “Cryptocurrency Exchange” on the victim list. pic.twitter.com/pA2bh1V seine
– DarkTracer: DarkWeb Criminal Intelligence (@darktracer_int)
November 17, 2021
MediaMarkt made the list for both its size – over 1,000 consumer electronics stores in Europe and over 50,000 employees – and the alleged demand for this ransomware attack. A report from Beeping computer said on Nov. 8 the demand was $ 240 million and attributed it to ransomware group Hive. Cybersecurity company Group-IB details Hive’s operations and found that the ransomware-as-a-service group killed hundreds in just six months. According to Group-IB, it took Hive less than half a year to break the record for the highest ransom note. While MediaMarkt confirmed to Bleeping Computer that a cyber attack occurred, it is unclear when the company’s operations were fully restored and whether a ransom payment was made.
9. Superior Plus
The natural gas supplier Superior Plus Corp. confirmed that he was the victim of a ransomware attack on December 12th Explanation On Dec. 14, the Canada-based company said it had “temporarily disabled certain computer systems and applications” and “is in the process of bringing those systems back online” as part of an investigation. Independent cybersecurity experts were hired to assist with the investigation. At the time of the statement, Superior Plus said there was “no evidence that the security of customers or other personal information was compromised”. Superior Plus became the newest energy company to fall victim to a ransomware attack following the high profile and disruptive attack on ransomware attacks Colonial pipeline company earlier this year.
On December 11th, Kronos Incorporated discovered unusual activity in its private cloud, which included encrypted servers. Two days later, the workforce management provider informed its customers that it had fallen victim to a ransomware attack. Pretty detailed Update Made available on its website by Kronos, Kronos said in response that it has shut down more than 18,000 physical and virtual systems, reset passwords and disabled VPN site-to-site connections on the UKG side. The incident concerned Kronos Private Cloud, Workforce Central, Telestaff, Healthcare Extensions and UKG planning and workforce planning for banks. A major concern was that Effects of the ransomware attack on the payroll of employees, as the HR system provider is well known for its payroll and time management systems. Last updated on Monday, Kronos said, “Due to the nature of the incident, it can take up to several weeks for system availability to be fully restored.”
#biggest #ransomware #attacks