2021 in many ways, was an impeccable year when it came to the developments in technology and the IT industry. We’re now entering an era where concepts such as Web 3.0, decentralization, etc., are slowly becoming a reality.
However, the year also saw some of the most damaging cyberattacks that have affected organizations and businesses globally. In recent years the frequency of cyberattacks and their complexity has been increasing.
Every other month we hear of an attack that is more evolved than the previous one, making us realize that yet again, we need to up our game when it comes to the security of our systems. So here’s a list of the top 5 cyber-attacks that have occurred in 2021.
The CNA Financial insurance company got attacked by ransomware in March this year. The cybercriminals demanded $60 million, which is perhaps one of the highest ever asked by criminals, and the company negotiated down to $40 million.
The ransomware was a variant of the Hades ransomware executable called the Phoenix Locker. The group gave the organization a decryption key in exchange for the money demanded, and the website was shut for two weeks after the attack.
Furthermore, the detailed statement and report of the attack were released much later, after two months.
JBS Foods is a meat-producing giant that was attacked in Spring this year. This was another ransomware attack, and the company had to pay a ransom of $11 million to get their system back. This amount was paid in Bitcoin. This led to a considerable loss to its business since its entire supply chain system took a huge hit.
Although it did not completely shut down, there was a significant scarcity of meat in the market, the prices surged, and their business underwent a massive loss. Besides the money, they paid to the cybercriminals and the amount they would have spent on recovering their systems and elevating their security.
What’s astounding about the attack is that reports show how the attack began in February 2021 and how slowly the data exfiltration process occurred over the next few months till June.
Kaseya is a Virtual Server Appliance (VSA) solution and was installed by businesses across numerous countries around the globe. It was attacked by a group of hackers called REvil and affected users from over 10 countries who were a part of about 1500 businesses. The group is said to be based off in Russia.
This happened because of Kaseya’s IT infrastructure. It was built such that all these companies that used Kaseya’s products were connected, and that’s how the cybercriminals could gain access to all of them.
Once again, the group had used the process of data exfiltration to lock the system. Furthermore, they demanded as high as $70 million as ransom in exchange for letting all the businesses resume operations and recover from the damage they’ve gone through.
This shows how if there was data exfiltration protection, all of this could’ve been prevented since the systems would’ve gotten red alerts of the attempts made by the cybercriminals.
As you can see, there seems to be so much common between these attacks that have happened over the year, and it is speculated that the same group of cybercriminals are behind at least two or three of the attacks that have happened this year.
The attack on Colonial Pipes seemed to be pretty similar to that of JBS Foods. This time though, a group of hackers called DarkSide from Russia had taken full responsibility for the attack.
The group attacked the organization’s operating system and IT infrastructure. As a result, the pipeline, which was usually being used to transfer fuel, had to be closed. This again resulted in the scarcity of fuel, price hikes, and significant damage to the business.
Once again, the data exfiltration process was employed wherein the attackers got account credentials from a legacy operational system that didn’t have two-factor authentication. After gaining access, they sent the malware as an executable file that started performing its exfiltration process.
About 100 GB worth of sensitive data was said to be stolen, and the company had to pay a ransom of $4.4 million to get their systems back up and resume proper operations.
Brenntag is a chemical distribution company based off in Germany. In May, it was attacked by the same Russian group called DarkSide, and this time, they managed to steal 150 GB worth of sensitive data.
In this case, the hackers obtained the account credentials on the Dark Web, where the stolen creds were being sold for a specific price. Once these credentials were obtained, they went through their usual drill of data exfiltration, just like in the previous case. Furthermore, the group even released a list containing the stolen credentials to prove that they were behind the attack.
The cybercriminals asked for a ransom of $7.5 million, but the company negotiated and brought it down to $4.4 million and paid the amount in Bitcoins.
Overall, the year has seen some of the highest ransoms ever demanded and paid in the history of ransomware attacks. REvil and DarkSide seem to have a strategy that paid off on more than one occasion. This shows the necessity of having the most secure infrastructures and always keeping systems and personnel alert.
Perhaps this would be an eye-opener for other organizations and businesses, which would elevate their cyber security, and hopefully, there will be fewer successful attacks in 2022.