illinois.touro.edu Open in urlscan Pro
50.57.205.190  Public Scan

Form analysis
2 forms found in the DOM

/search

<form class="search__form" action="/search">
  <div class="search__input__container global_search_form"><label class="hide" for="search_1">Search Website</label><input id="search_1" class="search__input" type="text" name="q" placeholder="Search here"><input type="hidden" name="contentName"
      value="all"><button class="search__button" type="submit"><span class="svgstore svgstore--search"><svg>
          <title>Submit Search</title>
          <use xlink:href="/media/redesign/assets/images/svgstore.svg#search"></use>
        </svg></span></button></div>
</form>

/search

<form class="search__form" action="/search">
  <div class="search__input__container global_search_form"><label class="hide" for="search_2">Search Website</label><input id="search_2" class="search__input" type="text" name="q" placeholder="Search here"><input type="hidden" name="contentName"
      value="all"><button class="search__button" type="submit"><span class="svgstore svgstore--search"><svg>
          <title>Submit Search</title>
          <use xlink:href="/media/redesign/assets/images/svgstore.svg#search"></use>
        </svg></span></button></div>
</form>

Text Content

skip to main content
Open Search Close Search Touro College and University System Open Menu Close
Menu
 * 
 * About
 * Cybersecurity
 * Data Analytics
 * Admissions & Aid
 * News
 * Search

 * The Touro College & University System

 * TouroOne TouroOne link(opens in a new tab)
 * Help Desk Help Desk(opens in a new tab)
 * Covid-19 Covid-19 link(opens in a new tab)

Search WebsiteSubmit Search
Popular Searches
 * Tuition
 * Cybersecurity Program
 * Data Analytics Program
 * Help Desk Touro Help Desk(opens in a new tab)

News
 * Go to Homepage
 * News
 * The 10 Biggest Ransomware Attacks of 2021


THE 10 BIGGEST RANSOMWARE ATTACKS OF 2021


RECENT CYBER ATTACKS HIT INFRASTRUCTURE AND CRITICAL FACILITIES ACROSS THE US

November 12, 2021
Share The 10 Biggest Ransomware Attacks of 2021 on Facebook facebook (opens in a
new tab) Share The 10 Biggest Ransomware Attacks of 2021 on LinkedIn linkedin
(opens in a new tab) Share The 10 Biggest Ransomware Attacks of 2021 on Twitter
twitter (opens in a new tab)
Recent ransomware attacks have targeted a wide range of high-profile
organizations and companies, including Colonial Pipeline, an oil pipeline
system.

Ransomware attacks on Colonial Pipeline, JBS Foods, and other major
organizations made headlines in 2021, and show no sign of slowing down. Across
the world, hackers are exploiting security weaknesses and holding the data of
companies, governments and healthcare organizations hostage, sometimes demanding
tens of millions of dollars in payment.


HOW IS RANSOMWARE DEFINED?

According to the U.S. Government’s Cybersecurity and Infrastructure Assurance
Agency (CISA(opens in a new tab)): “Ransomware is an ever-evolving form of
malware designed to encrypt files on a device, rendering any files and the
systems that rely on them unusable. Malicious actors then demand ransom in
exchange for decryption. Ransomware actors often target and threaten to sell or
leak exfiltrated data or authentication information if the ransom is not paid.”

So what does that mean? Hackers take advantage of security weak spots to steal
sensitive data or lock files. These criminals will only give you the key to
access your system, or return the files, once you’ve paid their ransom.


RECENT RANSOMWARE ATTACKS IN THE NEWS

Over the past few years, we have seen an increase in ransomware attacks, many of
them high-profile attacks. Cyber attacks in 2021 that have used ransomware as
their attack vector include attacks perpetrated against the Colonial Pipeline,
Steamship Authority of Massachusetts, JBS (the world’s largest meatpacker), and
the Washington DC Metropolitan Police Department. These attacks against U.S.
companies and organizations result in shutdown of critical infrastructure, which
can create shortages, increased cost of goods/services, financial loss due to
shutdown of operations, and loss of money due to having to pay the ransom to the
hackers, and worse.

2020 also saw an increase in the frequency of cyber attacks and higher ransom
payments. According to Harvard Business Review(opens in a new tab), the amount
companies paid to hackers grew by 300%. The sudden increase in remote work and
more lax security protections at home gave hacker groups the perfect opportunity
to breach sensitive data.


HEALTHCARE RANSOMWARE

During times of crisis, many hackers take advantage of upheaval and disorder and
look for potential monetary gain. With the onset of the COVID-19 crisis in 2020,
there was increased attention on cyber attacks in the healthcare space. A study
by Comparitech(opens in a new tab) has shown that ransomware attacks had a huge
financial impact on the healthcare sector, with over $20 billion lost in
impacted revenue, lawsuits, and ransom paid in 2020 alone. Over the course of
the year, over 600 hospitals, clinics, and other healthcare organizations were
impacted by 92 ransomware attacks.

CEO of cybersecurity firm FireEye, Kevin Mandia, shed some light on why these
healthcare organizations are targeted. "Pharmaceuticals, hospitals, healthcare,
public companies, organizations that don’t have the talent and skills to defend
themselves—they’re getting sucker-punched," Mr. Mandia said. Marene Allison,
J&J's chief information security officer, said that Johnson & Johnson
experiences 15.5 billion cybersecurity incidents on a daily basis. (Becker's
Hospital Review(opens in a new tab))

And it’s not only finances and patient data that’s at risk; given the crucial
importance of healthcare, ransomware attacks can also lead to loss of life.
According to NBC News(opens in a new tab), Teiranni Kidd sued Springhill Medical
Center in Alabama after a botched delivery. In 2019, the hospital was the victim
of a ransomware attack that shut down their IT infrastructure. The hospital
failed to inform Kidd of the attack. According to the article, Kidd and her
child received “diminished care” and missed key tests that could have prevented
the baby’s severe brain injury, which led to her death nine months later. This
is just one example and we’re likely to see more dire ways cyber attacks affect
human life.


HIGH-PROFILE RANSOMWARE ATTACKS IN 2021

In 2021, we’ve seen many high-profile attacks on corporations and firms across
the country and the world. Just six ransomware groups are responsible for
breaching the cybersecurity defenses of 292 organizations. These criminal
organizations have so far taken more than $45 million in ransom money from their
attacks. (ZDNet(opens in a new tab))

Here are 10 of the biggest ransomware attacks that made headlines in 2021.

COLONIAL PIPELINE

Of all of the cyber and ransomware attacks in 2021, the breach of Colonial
Pipeline in late April had the most news coverage. As Touro College Illinois
Cybersecurity Program Director Joe Giordano notes, “The Colonial Pipeline attack
made such an impact because the pipeline is an important part of the national
critical infrastructure system. Taking the system down disrupted gas supplies
all along the East Coast of the United States, causing chaos and panic.”

As most Americans are directly impacted by gasoline shortages, this attack hit
close to home for many consumers. The DarkSide gang was behind the attack and
targeted the firm’s billing system and internal business network, leading to
widespread shortages in multiple states. To avoid further disruption, Colonial
Pipeline eventually gave in to the demands and paid the group $4.4 million
dollars in bitcoin.

This attack was particularly dangerous because consumers started to panic and
ignored safety precautions. Some East Coast residents tried to hoard gasoline in
flammable plastic bags and bins, and one car even caught on fire. After the
chaos receded, government officials confirmed that Colonial Pipeline’s
cybersecurity measures were not up to par and may have been prevented if
stronger protection was in place.

Thankfully, US law enforcement was able to recover much of the $4.4 million
ransom payment. The FBI was able to trace the money by monitoring cryptocurrency
movement and digital wallets. But finding the actual hackers behind the attack
will prove a lot harder. (The New York Times(opens in a new tab))

BRENNTAG

At around the same time in early May 2021, the same notorious hacker group that
targeted Colonial Pipeline, DarkSide, also targeted Brenntag, a chemical
distribution company. After stealing 150 GB worth of data, DarkSide demanded the
equivalent of $7.5 million dollars in bitcoin.

Brenntag soon caved to the demands and ended up paying $4.4 million. Although it
was a little more than half of the original demand, it still stands as one of
the highest ransomware payments in history. (IT Governance(opens in a new tab))

ACER

Also in May this year, the computer manufacturer Acer(opens in a new tab) was
attacked by the REvil hacker group, the same group responsible for an attack on
London foreign exchange firm Travelex. The $50 million ransom stood out as the
largest known to date. REvil hackers exploited a vulnerability in a Microsoft
Exchange server to get access to Acer’s files and leaked images of sensitive
financial documents and spreadsheets. 

JBS FOODS

Although Spring 2021 held hopeful news for the end of the pandemic, the
increased trend of cyber attacks that began in 2020 showed no signs of slowing
down. Another high-profile ransomware attack took place this May on JBS Foods,
one of the biggest meat processing companies in the world. The same Russia-based
hacking group that attacked Acer, REvil, is thought to be behind the attack.
(CNN(opens in a new tab))

Although there weren't any major food shortages as a result of the attack,
government officials told consumers not to panic buy meat in response. On June
10th, it was confirmed that JSB paid the $11 million ransom demand after
consulting with cybersecurity experts. This massive payment in bitcoin is one of
the largest ransomware payments of all time. (CBS News(opens in a new tab))

QUANTA

As with the Acer attack, the REvil gang also demanded a $50 million ransom from
computer manufacturer Quanta in April. Although Quanta may not be a household
name, the company is one of Apple’s major business partners. After the firm
refused negotiations with the hacker group, REvil targeted Apple instead. After
leaking Apple product blueprints obtained from Quanta, they threatened to
release more sensitive documents and data. By May, REvil seemed to have called
off the attack.

NATIONAL BASKETBALL ASSOCIATION (NBA)

Businesses and organizations from all different kinds of industries are targeted
by ransomware attacks. One of the more surprising on the list this year was the
National Basketball Association (NBA). In mid-April of this year, the hacker
group Babuk claimed to have stolen 500 GB of confidential data concerning the
Houston Rockets. Babuk warned that these confidential documents, including
financial info and contracts, would be made public if their demands were not
met. As of this posting, no ransom payments have been made.

AXA

This May, the European insurance company AXA was attacked by the Avaddon gang.
The attack happened soon after the company announced important changes to their
insurance policy. Essentially, AXA stated they would stop reimbursing many of
their clients for ransomware payments. This unique (and somewhat ironic) attack
on a cyber-insurance firm made headlines and the hacker group gained access to a
massive 3 TB of data. (BlackFog(opens in a new tab))

CNA

Earlier this year in March, another large insurance firm fell victim to a
ransomware attack. CNA’s network was attacked on March 21(opens in a new
tab) and the hacker group encrypted 15,000 devices, including many computers of
employees working remotely. The attack is supposedly linked to the hacker group
Evil Corp and uses a new type of malware called Phoenix CryptoLocker.

CD PROJEKT

CDProjekt Red is a popular videogame development firm based in Poland. In
February of this year, the firm was hacked by the HelloKitty gang. The hacker
group accessed source code to game projects in development and encrypted
devices. However, CDProjekt refused to pay the ransom money, and has backups in
place to restore the lost data. (ExtremeTech(opens in a new tab))

KASEYA

REvil, the same hacker group that targeted Acer, Quanta, and JBS Foods, again
made headlines in July with an attack on Kaseya. While not a name commonly known
by consumers, Kaseya manages IT infrastructure for major companies worldwide.
Similar to the attacks on Colonial Pipeline and JBS Foods, this hack had the
potential to disrupt key areas of the economy on a large scale.

To carry out the attack, REvil sent out a fake software update through Kaseya’s
Virtual System Administrator, which infiltrated both Kaseya’s direct clients as
well as their customers. According to REvil, one million systems were encrypted
and held for ransom. According to Kayesa, around 50 of their clients and around
1000 businesses in total were impacted. The hacker group demanded $70 million in
bitcoin. To illustrate the impact of the cyber attack, Coop, a Swedish
supermarket chain, was forced to close 800 stores for a full week. (ZDNet(opens
in a new tab))

Soon after the attack, the FBI gained access to REvil’s servers and obtained the
encryption keys to resolve the hack. Fortunately, no ransom was paid and Kaseya
was able to restore the IT infrastructure of its clients. Although it started
out as one of the biggest ransomware attacks of the year, the situation was
salvaged in the end. (ZDNet(opens in a new tab))


PROGRESS IN THE FIGHT AGAINST RANSOMWARE

Although not a state-sponsored organization, the group behind the Kaseya attack
is based in Russia. According to the Associated Press(opens in a new tab), the
widespread security event prompted a call between President Biden and President
Putin in July. During the call, Biden pressured Putin to take a stronger stance
on targeting malicious agents in his country. Although exactly what took place
after this phone call is unclear, the FBI gained access to REvil’s servers, and
REvil’s website and infrastructure went down soon after. While it’s uncertain
whether Biden’s call made a difference, the White House asserts that it will
keep up the pressure on Russia to cooperate.

Despite the continued onslaught of ransomware attacks, there have been some
hopeful developments. In November, news broke that five suspected associates of
the REvil group were arrested by the European law enforcement agency Europol.
According to Fortune.com(opens in a new tab), “the alleged hackers are suspected
of involvement in about 5,000 ransomware infections and received about half a
million Euros ($579,000) in ransom payments.”

Using wiretapping and other methods, police were able to access group
infrastructure and track down the alleged hackers. The two most recent arrests
were the result of collaboration between 17 countries, including major world
powers like the U.S., U.K. and France.

One of the men, Yaroslav Vasinskyi, 22, was allegedly responsible for the attack
against Kaseya. Both of the men arrested in November may face life in prison.
Although REvil is still an active player in the world of cybercrime, authorities
hope to find and prosecute more hackers and end their operations. (NPR)


A DIRE NEED FOR CYBERSECURITY EXPERTS

There are two key components necessary to address this issue. One is that
companies need to take cybersecurity seriously and invest in it with adequate
resources. Secondly, there needs to be more highly educated cybersecurity
experts ready to address the scourge of ransomware attacks we’re currently
facing. As Giordano notes, “So many companies and institutions still have weak
security, and strong security requires constant vigilance and updates, not a
one-time upgrade. When more organizations start to take cybersecurity seriously
and invest the time and resources to combat threats, we’ll start to see these
threats diminish.”

Unlike some other STEM fields, you don’t need a master’s to get started in
cybersecurity. Completing a graduate certificate program is often one of the
best ways to qualify for relevant job opportunities. The Touro College Illinois
graduate certificate program in cybersecurity for healthcare addresses the
critical needs of the sector. Our hands-on courses build expertise in network
security, HIPAA, cloud security, medical device security, and incident response
and recovery.




Request Information Careers Careers link(opens in a new tab) TouroOneTouroOne
link(opens in a new tab) Apply NowApply Now link(opens in a new tab)
 * LOCATION & CONTACT

 * Touro College Illinois
   
   5440 Fargo Ave
   Skokie, IL 60077

 * 847-773-0482 ext. 1142
 * Email Us

 * POLICIES
 * Academic Integrity Policy
 * Satisfactory Academic Progress Policy
 * Student Complaint Policy
 * Code of Conduct
 * Social Media Policy

   
 * Privacy(opens in a new tab)
 * Terms of Use(opens in a new tab)
 * Website Accessibility(opens in a new tab)
 * Title IX(opens in a new tab)
 * Sexual Misconduct
 * Consumer Information(opens in a new tab)

CONNECT
 * Vimeo
 * YouTube
 * LinkedIn
 * Facebook
 * Twitter
 * Instagram

Opens in a new window

© 2021 Touro College & University System



Touro College is a member of the National CyberWatch Center, a consortium of
higher education institutions, public and private schools, individual
cybersecurity practitioners, businesses, and government agencies focused on
collaborative efforts to advance cybersecurity education and strengthen the
national cybersecurity workforce.

Search Close Drawer
Search WebsiteSubmit Search
Popular Searches
 * Tuition
 * Cybersecurity Program
 * Data Analytics Program
 * Help Desk Touro Help Desk(opens in a new tab)