Recent Cyberattacks With Ransomware Settlements

Ransomware attacks spiked exponentially through 2021, increasing by 350% since 2018. The number of times firms paid settlement fees also increased by over 100%, and downtime incidents rose 200% through 2021.

These alarming figures are increasingly due to cyber criminals and ransomware syndicates using more sophisticated attack tactics and demanding higher settlement fees. Cybersecurity Ventures estimated that the global cost of ransomware through 2021 was $20 billion, a 57-fold increase since 2015. That figure, which includes ransomware settlement fees, is expected to increase to a massive $265 billion by 2031.

The ongoing COVID pandemic also has contributed to the rising ransomware numbers. The sudden move to remote working opened the door for cyber criminals to target home-based employees whose devices are usually not adequately protected, thereby increasing the chances of a successful attack. Furthermore, Europol Insight suggests that the pandemic has made organizations "more conscious about losing access to their systems and more motivated to pay a settlement fee," further motivating attackers to launch more attacks. 

Ransomware uses malicious software (malware) to lock or block access to computers and data then demand a ransom. It allows hackers to seize control of devices then threaten to corrupt, delete, or publish data if the victim does not pay the settlement fee. Ransomware is typically spread through highly effective phishing campaigns and social engineering tactics that enable cyber criminals to target more victims.

Ransomware attacks recently reported and firms that agreed to a ransomware payment include:

In July 2020, hackers targeted travel firm CWT Global with the ransomware strain Ragnar Locker, which encrypts files and makes them inaccessible until a settlement fee is paid. Sensitive corporate data was stolen as a result, and 30,000 computers were taken offline. CWT Global eventually paid a settlement fee in Bitcoin worth $4.5 million. The amount the hackers demanded initially was $10 million. 

In June 2020, cyber criminals attacked the University of California San Francisco (UCSF), encrypting the institution’s servers and critical data. Hackers initially demanded a settlement fee of $3 million, but the university negotiated that down and eventually paid $1.14 million. It later revealed that none of its data had been compromised.

In May 2021, a ransomware attack against Georgia-based Colonial Pipeline threatened the largest fuel pipeline in the U.S. Eastern European hacking group DarkSide encrypted corporate data and threatened to leak it online unless a settlement was paid. As a result, the pipeline, which delivers half of the Atlantic Coast’s transport fuel, was preemptively shut down, causing an international crisis. Colonial Pipeline eventually paid a $5 million settlement fee.

In April 2021, another DarkSide attack resulted in the theft of 150GB of data from chemical distribution company Brenntag. Thousands of individuals’ personal information, such as birthdays, driver’s license numbers, health data, and social security numbers, were stolen. The German firm paid $4.4 million in settlement to restore the data and prevent it from being leaked.

In December 2019, U.K. foreign currency agency Travelex was targeted by a ransomware attack launched by hacking group Sodinokibi, also known as REvil. The attackers gained access to Travelex’s network and downloaded and encrypted 5GB of data, including customers’ credit card numbers, dates of birth, and national insurance numbers. They initially demanded a $6 million settlement, but Travelex ended up paying $2.3 million to decrypt the stolen data. 

The attack, coupled with the effects of the pandemic, led to Travelex going into administration in August 2020.

In April 2020, technology consulting firm Cognizant was targeted by the Maze ransomware attack. Maze infects and encrypts computers, then exfiltrate data to attackers’ servers and holds it for ransom. The attackers stole and threatened to publish corporate data unless it received a ransom fee. Cognizant revealed that the total costs of the attack, which included the settlement fee to restore the data and its services, to be between $50 million and $70 million.

In June 2021, a ransomware attack linked to Russian group REvil affected JBS, the biggest meat processor in the world and supplier of one-fifth of beef in the U.S. The attack shut down the company’s operations at abattoirs across Australia, Canada, and the U.S., which threatened food supply chains. JBS paid an $11 million settlement fee to prevent further complications. 

One of the largest known settlement payments to date was by CNA Financial, one of the biggest insurance firms in the U.S. In March 2021, the company fell prey to a ransomware attack and reportedly paid a settlement fee of $40 million, after hackers initially demanded $60 million.