Following on from our State of Ransomware 2020 blog, we’ll be tracking the 2021 publicized ransomware attacks each month to share with you via this blog.  This year we expect the number of attacks to increase and newer forms to become more sophisticated and disruptive. To keep informed of what’s happening every month, follow this blog and register for our free monthly ransomware report.

BlackFog Ransomware Report

Get our Monthly Ransomware Report as a PDF

Download
Ransomware prevention

Free Customized Ransomware Assessment

Yes Please!
Download Trial

Don’t take our word for it. Download a free trial

Download

Ransomware Attacks by Industry

Ransomware Attacks by Country

Ransomware Attacks by Month

January

Let’s begin with January and look at the 19 attacks we uncovered during the month.

  1. We start the month with an attack on new York based Apex Laboratory. The company were forced to disclose the attack which happened earlier in 2020 after data stolen during the attack showed up online. A notice posted on Dec 31st revealed that they were the victim of a cyberattack and that certain systems in its environment were encrypted and inaccessible.
  2. Next up is UK-based infrastructure support service provider Amey. The company was targeted by the Mount Locker ransomware gang in mid-December. Documents including correspondence with government departments was posted online in late December.
  3. In October 2020 Hackney Council in London reported that they had been the victim of a very sophisticated cyberattack. The attack drew immediate speculation from experts that ransomware was involved, however, this wasn’t confirmed until January when the PYSA ransomware gang leaked council data online in a double extortion style attack. The data appears to contain a significant amount of personally identifiable information.
  4. The Northern Territory Government in Australia was next to reveal an attack that forced its systems offline for 3 weeks. The attack involved a supplier of one its cloud-based IT systems and they insisted government data was not compromised during the attack.
  5. Colorado-based rail operator and logistics provider OmniTRAX was hit by a ransomware attack that targeted its corporate parent company, Broe Group. The Conti gang were behind the attack which posted exfiltrated data on its leak site. The leak suggests that Broe Group, who is headquartered at the same location refused to pay the ransom.
  6. Norway based AKVA Group, a global supplier of technology to the aquaculture industry revealed that they had been hit by a ransomware attack and that hackers were demanding a ransom. In a statement to the Stock Market in Oslo the company disclosed that they were working with the relevant Norwegian authorities to limit damage and get a full assessment of the situation. The incident resulted in a drop in the share price.
  7. Dassault Falcon Jet Corp, the US subsidiary of Dassault Aviation, suffered a ransomware attack at the hands of the Ragnar Locker gang. According to media reports and the dates of breach reported by the company it seems the attackers maintained access to company systems for roughly six months, between June and December. Compromised data included information belonging to employees such as name, personal and company email address, home address, driver’s license number, passport information, data of birth, etc.
  8. Wentworth Golf and Country Club, one of the most exclusive clubs in England was forced to send an email of apology to its 4000 members who include, high profile celebrities, sports stars, and top business people, after its members’ list was accessed by cybercriminals. According to The Telegraph, club members discovered the incident earlier when an unauthorized message appeared on the Wentworth website claiming “your personal files are encrypted!” with a Bitcoin cryptocurrency payment demand for decryption.
  9. City of Angers in France indicated on its social networks that the city had suffered a ransomware cyberattack over the weekend of January 15th. The attack targeted the information system of the city and the metropolis which caused the closure of certain municipal services.
  10. The Conti ransomware group claimed an attack on the Scottish Environment Protection Agency (SEPA) which saw around 1.2GB of data stolen from its digital systems including databases, contracts, and strategy documents. The hackers published over 4000 files after the organization refused to pay the ransom.
  11. Center Hospitalier de Wallonie Picarde (CHwapi) in Tournai, Belgium became the first healthcare reported attack of the year. The hospital was forced to redirect incoming patients to other facilities after the attack crippled its systems. According to the investigators no ransom demands were made by the hackers which could indicate that the hospital was targeted by mistake.
  12. WestRock, one of the world’s largest paper and packaging companies suffered an attack which affected some of its operational and information technology systems. WestRock is working with security experts on system recovery efforts to minimize the impact on its customers. In a press release the company described the incident as likely leading to a loss of revenue and incremental costs that could affect its bottom line.
  13. Palfinger, an Austria-based Hydraulics Engineering company experienced a global cyberattack that took down their e-mail system and disrupted business operations. A security notice titled ‘Cyberattack’ stated that their Enterprise resource planning (ERP) systems were down and that “a large proportion of the group’s worldwide locations were affected.” The company that operates in almost 30 countries has made it official that its email systems were the worst hit in the file encrypting malware related attack.
  14. Tennessee Wesleyan University (TWU) revealed in a press release that all of the university’s networks were closed after staff and campus officials became aware of a ransomware attack. Online learning was unaffected but staff and students were asked not to use the university systems.
  15. Pan-Asian retail giant Dairy Farm were hit by a REvil ransomware attack with the attackers allegedly demanding a $30 million ransom. The group operates over 10,000 outlets across grocery, convenience store, health and beauty, home furnishing, and restaurants in Asia. Dairy Farm stated that they were not aware of any data being stolen during the attack, however, screenshots seen by BleepingComputer showed that the threat actors continued to have access to email and computers after the attack.
  16. UK Research and Innovation (UKRI) disclosed that a ransomware attack had disrupted services and may have led to data theft. The incident impacted two of the group’s services including a portal used by the Brussels-based UK Research Office and an extranet utilized by UKRI councils.
  17. Illinois based DSC Logistics, a third-party logistics provider and supply chain management company disclosed they had been victims of a cyberattack after a ransomware gang threatened to expose their exfiltrated data on a leak site. Egregor is suspected to be behind the attack.
  18. Georgia based Crisp Regional Health Services discovered they had been a victim of ransomware when nurses working at the facility started seeing ‘files encrypted’ on some of its computer systems. Phone systems were affected, however, the facility disclosed that workflow and patient care was not compromised. The organization is working with external cybersecurity and forensic professionals to determine if patient data was accessed or exfiltrated during the attack.
  19. The last reported attack of the month involved Serco, a global government outsourcer responsible for running part of the UK’s COVID-19 Test and Trace system. The British business which employs 50,000 people confirmed the attack and disclosed that only its mainland European operations had been impacted. Sky News became aware of the incident after spotting a sample of the Babuk ransomware uploaded to VirusTotal. Apparently included was the ransom note addressed to Serco the attackers claimed: “We’ve been surfing inside your network for about three weeks and copied more than 1TB of your data.”
BlackFog Ransomware Report

Get our Monthly Ransomware Report as a PDF

Download
Ransomware prevention

Free Customized Ransomware Assessment

Yes Please!
Download Trial

Don’t take our word for it. Download a free trial

Download