Ransomware cyberattacks are a big business, so big in fact, that research anticipates a business is attacked by a cybercriminal every 11 seconds and damage costs from these attacks will hit around $20 billion by 2021.
In 2020, we’ll be tracking the publicized ransomware cyberattacks each month and sharing them with you via this blog.
Starting with January, let’s look back at some of the attacks that occurred around the globe.
- Hackers celebrated the last New Year’s Eve of the decade with an attack on Travelex, taking down it’s websites across 30 countries and causing chaos for foreign exchange transactions worldwide during the month of January. The ransom was rumoured to be the sum of $6M.
- Next we head to the Middle East where Oman’s largest insurance company was hit by a ransomware attack causing data loss but no publicized monetary loss.
- To the United States next where Richmond Country Schools in Michigan had to postpone opening after the Christmas break when hackers demanded $10K in Bitcoin to restore access to the server.
- Another US city and another school, as this time students in the Pittsburgh Unified School District of Pennsylvania were left without internet access after a ransomware attack disabled the district’s network systems during the festive break.
- Next we move on to Florida where patients of a medical practice in Miramar reported that they received ransom demands from a cybercriminal threatening to release their private medical data unless a ransom was paid.
- Back to the education sector again as the Panama-Buena Vista School District in California experienced a ransomware attack that caused a technology and phone outage at multiple schools. While the school was working with the FBI regarding the attack, they let parents and students know that they couldn’t access any grades so report cards would be delayed.
- Moving on to the small town of Colonie in New York where cybercriminals hacked into the computer system and demanded $400K in Bitcoin cryptocurrency to unlock it.
- Next up is a synagogue in New Jersey who fell victim to a cyberattack and a ransom demand of around $500K.
- Next we are back to Florida where 600 computers were taken offline after a cyberattack at Volusia County Public Library.
- Back to Europe now where the hackers responsible for the Travelex shut down target the German car parts company Gedia. The group used two Russian-speaking underground forums on the Dark Web to threaten to publish 50GB of sensitive data, including blueprints and employees’ and clients’ details, unless Gedia agreed to pay a ransom.
- France is next as the Bouygues construction company was paralysed by a major cyberattack affecting the entire computer network and shutting down all of the company’s servers. A ransom of €10M was requested by the cybercriminals.
- Back the United States now where Electronic Warfare Associates (EWA), a 40-year-old electronics company and a well-known US government contractor suffered a ransomware infection.
- Up next is Oregon, where all of the computer systems for Tillamook County went down. Despite early thoughts that the outages were a technical issue it was later confirmed they suffered a ransomware attack.
- Lastly we head to the City of Racine in Wisconsin where a ransomware attack caused the city’s website, email, voicemail, and payments systems to be knocked offline.
February saw the same amount of reported attacks with almost 60% of attacks occurring in the education and public sector verticals. Here’s a roundup of the ransomware attacks we have been tracking.
- The first attack of the new month was reported in Baton Rouge Louisiana on Feb 3rd when ITI Technical College became the victim of a cyberattack via a phishing email sent at the end of January.
- Next up, another school to report as Scotland’s Dundee and Angus College was hit with what they described as a cyber-bomb which took down their entire IT system.
- Deliveries across Australia were stranded in the next reported attack as logistics company Toll Group confirmed they had to shut down their systems because of ransomware.
- Over to the United States now, this time it’s the North Miami Beach Police Department who reported they had become a victim of ransomware.
- Back to the education sector where this time it’s two Texas schools in the same district who were affected. The city of Garrison managed to make a quick recovery but the Nacogdoches Independent School District faced more of a struggle to rebound from the attack.
- To England next where a ransomware attack on Redcar Council forced staff back to pen and paper and 35,000 UK residents were without online public services.
- Next up was a Valentine’s Day cyberattack on INA Group, Croatia’s biggest oil company and its largest petrol station chain. The suspected ransomware attack had a crippling effect on business operations.
- Staying in Europe, the next attack occurred in Denmark where facilities firm ISS World was crippled by a ransomware attack that left hundreds of thousands of employees without access to their systems or email.
- Another US school district is up next, this time it’s The South Adams Schools district in Indiana where an overnight ransomware attack affected all of the schools IT systems.
- The education sector is up again as the Gadsden Independent School District in Alabama suffered a ransomware attack that managed to take down all of their internet and communications systems across all of its 24 school sites.
- Back to Texas again where La Salle County confirmed a ransomware demand was responsible for its ongoing technology issues.
- Jordan Health in New York State, a non-profit organization that operates 9 health centres in Rochester and Canandaigua was the next to suffer at the hands of cybercriminals when they reported a ransomware attack had shut down all of their IT systems.
- Back to Australia for the next incident. This time ransomware affected the Australian wool industry when sales were stopped by a ransomware attack at wool industry software company Talman.
- Closing a month of reported cyberattacks we are back in Kansas where legal services giant Epiq Global reported they had suffered a ransomware attack on the last day of the month. The attack affected the organization’s entire fleet of computers across its 80 global offices.
March’s numbers were on par with the first two months of the year with attackers still focusing on the education and public sector verticals. Here’s a roundup of what we uncovered for the month.
- The first ransomware attack of the month took place on March 2nd in La Salle County in Illinois where a cyberattack affected around 200 computers and 40 servers in the county government.
- On the same day hackers targeted Visser, a parts manufacturer for Tesla based in Colorado. Security researchers say the attack was caused by the DoppelPaymer ransomware, a new kind of file-encrypting malware which first exfiltrates the company’s data.
- On the same day it was revealed that the provincial government in P.E.I. Canada suffered a data breach when internal government documents were posted online following a ransomware attack.
- Next up is Missouri where Three Rivers College were forced to cancel almost all of their classes following a ransomware attack.
- California based defense contractor CPI was the next company to reveal they had been knocked offline by a ransomware attack. Sources say the company who makes components for military devices and equipment paid a ransom of about $500,000 after an attack in January but they were not yet operational.
- Next, we learned that EVRAZ, owned by Roman Abramovich and one of the world’s largest steel manufacturers, suffered a Ryuk ransomware infection that managed to take down its North American branches.
- Durham city was the next target when a Ryuk ransomware attack affected everything from the police to fire services. The county government services were also taken offline when 80 servers were impacted by the attack.
- The Fort Worth Independent School District in Texas was the next to fall victim after a string of cyberattacks took place across several Texas school districts in 2019.
- Next to be hit was the Champaign-Urbana Public Health District in Illinois. Their website was taken down by the NetWalker ransomware attack, hampering the organization’s response efforts amid the Coronavirus pandemic.
- The next attack takes us to the UK where cybercriminals hit London based Hammersmith Medical Research firm who were on standby to carry out trials of a possible future vaccine for the Covid-19 coronavirus.
- Another London based company was the next victim of the month. Finastra, a fintech firm that provides technology solutions to banks were forced to shut down their key systems globally after detecting a cyberattack.
- Next up Connecticut based medical and military contractor Kimchuk who announced they were hit by DoppelPaymer, a newer strain of ransomware that exfiltrates data out of an infected network before encrypting user files.
- Over to Missouri next where TI Power Systems, a supplier of the energy company Ameren Missouri was hit by a ransomware attack that allowed the malicious actors behind the attack to steal information from the firm.
- Finally, we end a month of attacks in South Carolina where Bluffton Fire and Rescue was the next in a long line of government entities in the state to be compromised by cyberattacks in recent months.
April had a slow start and it initially seemed that cyberattacks were on a downward trend for the month. But things picked up mid-month starting with a major attack in Portugal. Here’s a roundup of what we uncovered.
- Portuguese Energy giant Energias de Portugal (EDP) were the first to report they had been a victim of a major attack when cybercriminals held them to ransom for a massive 9.9 million Euros!
- On the same day in Canada, the Law Society of Manitoba revealed that two un-named law firms in the province had been locked out of their computer systems after they were infected with ransomware.
- Up next is the small city of Olean in New York. Few details were released but we know that a ransomware attack shut down all of the computers at the Olean Municipal Building.
- Next up was a Maze ransomware attack on information technologies services giant Cognizant . The New Jersey headquartered organization is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue.
- Over to Denmark now where Agribusiness group Danish Agro, were the target of a ransomware attack on Sunday, April 19.
- Colorado-based Parkview Medical Center reported that their technology infrastructure was hit with a ransomware attack on April 21, causing a number of IT network outages amid the battle with Covid-19.
- Next is the City of Torrance in the Los Angeles metropolitan area who was allegedly attacked by DoppelPaymer Ransomware. The attackers demanded a 100 bitcoin ($689,147) ransom for a decryptor, to take down files that have been publicly leaked, and to not release more stolen files.
- Back to Canada next where accounting firm MNP were hit by a cyberattack which forced a company-wide shutdown of its computer systems.
- Next it was reported by the Architects Journal that a hacker had accessed the servers of Zaha Hadid Architects in London and had stolen confidential information in an attempt to extort money from the firm.
- CivicSmart, a Milwaukee, USA based company known for its parking meter technology was the next victim of a ransomware attack that exposed internal files in an attempt to elicit a ransom payment.
- Next up, Pennsylvania headquartered pharmaceutical giant ExecuPharm revealed that ransomware attackers had recently encrypted its servers and had stolen corporate and employee data.
- The final reported attack of the month takes us back to Canada, where the website and email services of the Northwest Territories Power Corporation were shut down after they received a ransomware message from unknown hackers.