blog posts

History of the largest ransomware attacks in the world

In this article, the biggest ransomware attacks in the world of technology are collected and examined.

The history of technology is full of unintended consequences. Bitcoin, for example, was not originally designed as a means of paying ransom to criminals; But it quickly became a major tool for online criminals.

Ransomware is a group of “malware” that blocks access to a computer or network until a specified payment is made. Attacks continue despite government efforts to modify cryptocurrencies and reduce their role in paying ransomware.

According to data published by Chain analysis, cryptocurrency payments in the field of ransomware in 2020 amounted to $ 350 million, which in fact represents an annual increase of more than 300% compared to 2019. This estimate may be much higher, as US companies are legally required to report cyber-attacks only if their customers’ personal information is compromised.

The following are some of the major events in the field of ransomware attacks, in chronological order from 2021 to 1989. You can see the evolution of ransomware attacks by reading this information.

 

• Kaseya- 2021
• JBS – 2021
• Colonial Pipeline – 2021
• Brenntag-2021
• CNA Financial – 2021
• CWT-2021
• University of California – 2020
• Travelex – 2019
• WannaCry-2019
• Locky – 2016
• TeslaCrypt – 2015
• CryptoWall – 2014
• AIDS Trojan/PC Cyborg –  1989

Kaseya- 2021

On July 2, 2021, Kaseya announced that its systems had been compromised. Who provides IT services to other companies is, therefore, an ideal goal; Because by penetrating it, one can access and influence the information of almost 1500 organizations in several countries. According to Reuters, Ravil, a cybercrime group, claimed responsibility for the attack and demanded several thousand dollars to several million ransoms.

It is unknown at this time what he will do after leaving the post, but REvil has demanded about $ 70 million in bitcoin. The company refused to pay this astronomical sum and decided to cooperate with AFBI and the US Cyber ​​Security and Infrastructure Agency. On July 21, 2021, Xia created a global decryption key and distributed it to affected organizations.

JBS – 2021

On May 31, 2021, JBS USA, one of the largest suppliers of meat in the United States, discovered that it had been attacked by hackers. This caused JBS to temporarily shut down five large factories in the United States. The ransomware also disrupted the company’s operations in Australia and the United Kingdom. JBS paid $ 11 million in bitcoins to hackers to prevent further disruption and limit its impact on grocery stores and restaurants. AFBI attributed the hack to Ravil.

Colonial Pipeline – 2021

On May 7, 2021, the Colonial Pipeline, America’s largest petrochemical pipeline, went offline after a hacker group called Darkside. The Colonial Pipeline covers more than 5,500 miles and carries more than 100 million gallons of fuel daily. The impact of the attack was significant; In the following days, the average price of a gallon of gasoline in the United States rose to more than $ 3 for the first time in seven years; Because the drivers had rushed to the gas station.

Brenntag – 2021

On April 28, 2021, Brenntag, a German chemical distributor, discovered that Darkside had been the target of a cyber attack. The group stole 150 GB of information and announced that it would disclose it if the specified amount was not paid. After negotiating with the criminals, Brenntag discussed the requested $ 7.5 million, bringing it to $ 4.4 million; The amount was paid on May 11th.

CNA Financial – 2021

On March 23, 2021, CNA Financial, the seventh-largest commercial insurer in the United States, announced that it had “suffered a complex cyber security attack.” The attack was carried out by a group called the Phoenix, which used ransomware known as the Phoenix Locker. Finally, CNA Financial paid $ 40 million in May to retrieve information. The CNA did not divulge the details of the deal; But he says all of the company’s systems have been fully restored since then.

CWT – 2020

On July 31, 2020, the American Business Travel Management Company (CWT) revealed that it had been attacked by ransomware that had infected its systems. The company said it had been forced to pay ransom to hackers. Using ransomware called Ragnar Locker, the attackers claimed to have stolen companies’ sensitive files and taken 30,000 computers offline.

As a service provider to one-third of S&P companies, data dissemination can be catastrophic for the CWT business. The company paid about $ 4.5 million to the hackers on July 28, just days before the event was reported by Reuters.

University of California – 2020

On June 3, 2020, the University of California, San Francisco revealed that the UCSF Medical School IT systems had been compromised by a hacker group called the Netwalker on June 1. The medical research institute was working on the corona treatment.

Netwalker apparently researched the UCSF, hoping to find out more about its finances. Netwalker has demanded a $ 3 million ransom, citing billions of dollars in annual revenue from the University of California. Following the negotiations, the university paid Netwalker $ 1,140,895 in bitcoin. Netwalker is also blamed for at least two other ransomware attacks on universities in 2020, according to the BBC.

Travelex – 2019

On New Year’s Eve 2019, the London-based foreign exchange Travelex was attacked by a ransomware group called Sodinokibi (known as Ravil). The attackers gained access to 5 GB of customer information, including date of birth, credit card information, and insurance details. Travelex has disabled its website in 30 countries in an effort to curb ransomware.

WannaCry – 2017

In May 2017, a ransomware called WannaCry infected computers around the world by exploiting a vulnerability in Windows. WannaCry vulnerability was revealed in April 2017 during a massive leak of NSA documents and hacking tools engineered by a group called Shadow Brokers.

Locky – 2016

The Locky ransomware, discovered in February 2016, is notable for its large number of intrusions into computer networks. Attacks are usually carried out in the form of an email with an invoice attached to the person claiming to be a company employee. On February 16, 2016, an analysis was performed by Check Point, which identified more than 50,000 attacks by Locky in one day.

TeslaCrypt – 2015

The first TeslaCrypt prototypes were released in November 2014, But the ransomware was not widely circulated until March of the following year. The ransomware is said to have been developed based on a previous model called CryptoLocker.

TeslaCrypt initially targeted gamers. After the computer is infected, a window opens and instructs the user to pay a $ 500 Bitcoin ransom to unlock the infected system. Other sources make it clear that the demand for bitcoins varied from $ 250 to $ 1,000. In May 2016, TeslaCrypt developers released a key decryption key for infected users that unlocks infected computers.

CryptoWall – 2014

Extensive reports of CryptoWall ransomware-infected computer systems were released in 2014. Infected computers could not access the files; Unless the owner pays for access to a decryption app. CryptoWall has affected systems around the world. The attackers demanded payment in the form of prepaid cards or bitcoins. Also, CryptoWall ransomware has caused approximately $ 18 million in damage, according to Help Net Security. Numerous versions of CryptoWall have been released, making it more difficult to track and combat.

AIDS Trojan / PC Cyborg – 1989

As a model for all subsequent attacks, AIDS Trojan (known as PC Cyborg) is the first known example of a ransomware attack. In 1989, more than a decade before Bitcoin was created, a biologist named Joseph Pope distributed 20,000 floppy disks at the World Health Organization AIDS Conference in Stockholm. The floppy disks were labeled “AIDS Information – Preliminary Disks” and contained a trojan virus that installed itself on MS-DOS systems.

When the virus is installed on the computer, it counts the number of times the computer is booted. When the computer was booted 90 times, the virus hid all the directories and encrypted the filenames. An image of PC Cyborg Corporation was then displayed on the screen, saying that users should send $ 189 to the address of the Panama Post Office. The decoding process was relatively simple, But security researchers have released a free tool to help victims.

Conclusion

So It was the history of ransomware over time. What do you think about this hacking method? Have you ever been a victim of them?