Recent Cyberattacks With Ransomware Settlements
Ransomware attacks spiked exponentially through 2021, increasing by 350% since 2018. The number of times firms paid settlement fees also increased by over 100%, and downtime incidents rose 200% through 2021.
These alarming figures are increasingly due to cyber criminals and ransomware syndicates using more sophisticated attack tactics and demanding higher settlement fees. Cybersecurity Ventures estimated that the global cost of ransomware through 2021 was $20 billion, a 57-fold increase since 2015. That figure, which includes ransomware settlement fees, is expected to increase to a massive $265 billion by 2031.
The ongoing COVID pandemic also has contributed to the rising ransomware numbers. The sudden move to remote working opened the door for cyber criminals to target home-based employees whose devices are usually not adequately protected, thereby increasing the chances of a successful attack. Furthermore, Europol Insight suggests that the pandemic has made organizations "more conscious about losing access to their systems and more motivated to pay a settlement fee," further motivating attackers to launch more attacks.
Examples of Companies That Faced Cyberattacks and Provided Settlements
Ransomware uses malicious software (malware) to lock or block access to computers and data then demand a ransom. It allows hackers to seize control of devices then threaten to corrupt, delete, or publish data if the victim does not pay the settlement fee. Ransomware is typically spread through highly effective phishing campaigns and social engineering tactics that enable cyber criminals to target more victims.
Ransomware attacks recently reported and firms that agreed to a ransomware payment include:
In July 2020, hackers targeted travel firm CWT Global with the ransomware strain Ragnar Locker, which encrypts files and makes them inaccessible until a settlement fee is paid. Sensitive corporate data was stolen as a result, and 30,000 computers were taken offline. CWT Global eventually paid a settlement fee in Bitcoin worth $4.5 million. The amount the hackers demanded initially was $10 million.
In June 2020, cyber criminals attacked the University of California San Francisco (UCSF), encrypting the institution’s servers and critical data. Hackers initially demanded a settlement fee of $3 million, but the university negotiated that down and eventually paid $1.14 million. It later revealed that none of its data had been compromised.
In May 2021, a ransomware attack against Georgia-based Colonial Pipeline threatened the largest fuel pipeline in the U.S. Eastern European hacking group DarkSide encrypted corporate data and threatened to leak it online unless a settlement was paid. As a result, the pipeline, which delivers half of the Atlantic Coast’s transport fuel, was preemptively shut down, causing an international crisis. Colonial Pipeline eventually paid a $5 million settlement fee.
In April 2021, another DarkSide attack resulted in the theft of 150GB of data from chemical distribution company Brenntag. Thousands of individuals’ personal information, such as birthdays, driver’s license numbers, health data, and social security numbers, were stolen. The German firm paid $4.4 million in settlement to restore the data and prevent it from being leaked.
In December 2019, U.K. foreign currency agency Travelex was targeted by a ransomware attack launched by hacking group Sodinokibi, also known as REvil. The attackers gained access to Travelex’s network and downloaded and encrypted 5GB of data, including customers’ credit card numbers, dates of birth, and national insurance numbers. They initially demanded a $6 million settlement, but Travelex ended up paying $2.3 million to decrypt the stolen data.
The attack, coupled with the effects of the pandemic, led to Travelex going into administration in August 2020.
Cognizant Technology Solutions Corp.
In April 2020, technology consulting firm Cognizant was targeted by the Maze ransomware attack. Maze infects and encrypts computers, then exfiltrate data to attackers’ servers and holds it for ransom. The attackers stole and threatened to publish corporate data unless it received a ransom fee. Cognizant revealed that the total costs of the attack, which included the settlement fee to restore the data and its services, to be between $50 million and $70 million.
In June 2021, a ransomware attack linked to Russian group REvil affected JBS, the biggest meat processor in the world and supplier of one-fifth of beef in the U.S. The attack shut down the company’s operations at abattoirs across Australia, Canada, and the U.S., which threatened food supply chains. JBS paid an $11 million settlement fee to prevent further complications.
One of the largest known settlement payments to date was by CNA Financial, one of the biggest insurance firms in the U.S. In March 2021, the company fell prey to a ransomware attack and reportedly paid a settlement fee of $40 million, after hackers initially demanded $60 million.
Tips to Prevent Ransomware
Organizations can avoid ransomware through employee education and the implementation of cybersecurity measures.
Use Anti-ransomware Software
Anti-ransomware software provides powerful protection against known threats, such as Locky, Petya, and WannaCry. These tools prevent ransomware by blocking attempts to encrypt data and scanning for behavior associated with ransomware activity.
Never Click on Unsafe Links
It is common for ransomware to be spread through emails containing links to spoofed websites. Users need to understand the risk, the signs of a phished message, and they must never click links within emails, especially if they do not recognize the sender’s name and email address.
Do Not Open Suspicious Email Attachments
Ransomware is also often spread through malicious attachments in email messages. Advise users not to open any attachments directly attached to an email.
Use Only Known Download Sources
Cyber criminals spread malware by attaching it to downloadable software, such as software packages listed on unofficial websites. As such, users should only download applications from known, official, and trusted sources.
Additionally, the Federal Bureau of Investigation (FBI) advises organizations to do the following when dealing with a ransomware attack:
- Immediately isolate infected computers and systems by removing them from the network.
- Isolate or shut down affected devices that have not been completely corrupted, which should allow the organization more time to recover data, contain the damage, and prevent the situation from worsening.
Department of Justice (DOJ) Website Increases Ransomware Focus
The Department of Justice (DOJ) took steps to help American businesses and individuals avoid the threat of ransomware by launching a new website in July 2021. The website, StopRansomware.gov, is the first joint federal government site designed to mitigate the effects of ransomware. It contains valuable content and resources from all federal government agencies that the DOJ hopes will help individuals and organizations better protect their networks and respond to ransomware events.
How Fortinet Can Help?
Fortinet enables organizations to safeguard their networks from ransomware through its FortiMail solution. FortiMail provides advanced, multi-layer protection from all email-borne threats and security attacks. It offers best-in-class performance because it is:
- Powered by FortiGuard Labs’ industry-leading threat intelligence
- Integrated into the Fortinet Security Fabric
This ensures FortiMail helps organizations detect, prevent, and respond to all email-based threats, including ransomware, phishing, spam, and zero-day threats.