Cybersecurity attacks have increased at an alarming rate in 2021, leaving no country or industry safe from organized groups of cybercriminals. According to MSSP Alert, there were already nearly 500 million attempted ransomware attacks by September, and the first half of the year saw more of these attacks than the entirety of 2020. This startling trend will only continue in the near future as global industries become increasingly digitized. As we move into 2022, let's look back at the most significant ransomware attacks of 2021.
Kia Motors
In February, the automotive manufacturer Kia Motors became the victim of a ransomware attack from the criminal group DoppelPaymer, which demanded 404 Bitcoins, worth approximately $20 million at the time. The ransomware impacted internal and customer-facing systems, including mobile apps, payment systems, owner's portals and dealership sites; however, Kia Motors and its parent company Hyundai attributed this to an "extended systems outage," according to Security Magazine. If the initial request was not paid within a specified timeframe, DoppelPaymer threatened to increase the ransom to 600 Bitcoins or else the group would publish the stolen data. What followed was a nationwide IT and phone system outage for Kia Motors, with no word on whether or not the automakers gave in to the hackers' demands.
Acer
The multinational hardware and software company, Acer, was also hit by a ransomware attack in March. The cybercrime ring REvil successfully breached Acer's internal systems, threatening to leak the exfiltrated data if the company didn't pay $50 million – the most significant known ransomware demand at the time. According to Forbes, if the hacker's requests weren't met after eight days, the price would increase to $100 million. While Acer has yet to provide information about the legitimacy of this leak, REvil has shared allegedly stolen spreadsheets showing company finances, bank balances and customer databases as proof of the attack.
CNA Financial
March also saw another major ransomware attack, this time on CNA Financial Corp, one of the largest insurance companies in the United States. Hackers utilized "Phoenix Locker," a variant of the "Hades" ransomware seen in 2020. According to MSSP Alert, the malware encrypted data on over 15,000 CNA Financial devices, affecting the company's private network and remote workers. CNA Financial eventually paid the $40 million demand to get the data back and regain control of its systems.
Colonial Pipeline
Arguably the most high-profile cyberattack of 2021, the Colonial Pipeline ransomware made headlines for its large-scale disruptions back in May. The company, which is responsible for nearly half of the U.S. East Coast's fuel, distributes over 100 million gallons each day through over 5,500 miles of pipelines. In the days following the attack, U.S. gas prices increased to over $3 per gallon for the first time since 2014. In conjunction with the FBI, Colonial Pipeline quickly paid the $4.4 million ransom to the hacker group DarkSide, recovering approximately $2.3 million by June, according to NPR. Later, pipeline operators revealed the attack vector as a single compromised password unprotected by multi-factor authentication.
Brenntag
Around the same time as the Colonial Pipeline attack, DarkSide also targeted Brenntag, a German chemical distribution company. The incident impacted the company's North American division, leading to the theft of 150 GB of files containing sensitive information. Hackers demanded 133.65 Bitcoin, valued at $7.5 million at the time, but Brenntag representatives were able to negotiate, paying $4.4 million in the end. According to Bleeping Computer, affiliates of the cybercriminal organization report stolen credentials as the attack vector, reiterating the importance of multi-factor authentication.
JBS Food
Later in May, REvil struck again, targeting JBS, the largest beef supplier in the world. The ransomware temporarily halted operations at five of the largest U.S. processing plants and disrupted the Australia and U.K. divisions, as reported by Reuters. Due to the significant impact on the food supply chain and the potential of sensitive data leaking to the public, the CEO of JBS decided to pay the $11 million ransom in Bitcoin, preventing further disruption.
Kaseya
In July, REvil executed yet another ransomware attack, this time on Kaseya, an IT solutions company. The attack vector was a fake software update installed through the company's virtual system administrator. According to REvil, the attack infiltrated and encrypted around one million devices, affecting both direct clients and customers. Kaseya declined to pay the ransom, instead choosing to coordinate with the FBI and the U.S. Cybersecurity and Infrastructure Agency. The authorities swiftly gained access to REvil's servers, retrieving the encryption keys and resolving the attack, according to ZDNet. Kaseya then distributed these decryptors to clients and customers impacted by the attack.
As the modern world becomes increasingly digitized, data breaches and ransomware attacks will only become more common. That's why Inventu offers a powerful terminal emulation tool that utilizes robust multi-factor authentication and easily integrates with your existing frameworks.
Here at Inventu Corporation, we equip organizations of all sizes with a revolutionary web terminal emulation tool called Inventu Viewer+, a high-performance emulation solution that is built with C at its core. Inventu Viewer+ supports SAML 2.0 and other identity technologies to enable securing your critical mainframe applications. This allows the deployment of reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers. All in all, the Inventu Viewer+ web terminal emulation solution meets employer and staff expectations in a way that feels both familiar and simple. Contact us today and see how Inventu can help you integrate your active terminal emulation with the best web identity frameworks available.
