Recent Ransomware Attacks & Examples
June 4, 2020
Ransomware is a growing threat across all industries. Understanding how ransomware has impacted companies around the world will help you understand your risk. In this post we’ll cover recent ransomware attacks and examples.
This article is part of our Definitive Guide to Ransomware series:
- The Definitive Guide to Ransomware
- What is Ransomware?
- How Does Ransomware Spread?
- How to Report Ransomware
- Recent Ransomware Attacks and Examples
- How to Prevent and Prepare for Ransomware Attacks
- Should You Pay the Ransomware Demand
- What You Need to Know About Ransomware Insurance
- Ransomware Removal
- Common Ransomware Attacks
The Rise of Ransomware
Ransomware has been a threat to businesses and individuals since the early 2000s. Since 2005, it’s maintained its rating as one of the largest threats in cybersecurity. The first known ransomware attack dates back to 1989 and targeted 20,000 healthcare researchers in 90 countries with floppy disks meant to hold a questionnaire. After the floppy disk was opened on the computer and the computer turned on 90 times, a ransom note was displayed demanding a payment of $189 - $378 claiming it was time to pay for a software lease. Healthcare remains a target for ransomware attacks today.
Two large-scale attacks in 2017 brought ransomware to the forefront: NotPetya and Wannacry:
NotPetya While many speculated that the attack was politically motivated against Ukraine, the malware spread rapidly and infected many companies, including a shipping terminal in New Jersey, a French construction company, and FedEx. It’s estimated that NotPetya caused over $10 billion in damages.
Wannacry In May of 2017, the WannaCry ransomware cryptoworm conducted a worldwide cyberattack, targeting Microsoft Windows operating systems, encrypting data, and demanding Bitcoin ransom payments. It spread by using an NSA exploit, EternalBlue, that was stolen. Estimates put the damages of Wannacry at billions of dollars while more than 200,000 computers in 150 countries were affected. Emergency security patches were released by Microsoft to stop the spread.
While both NotPetya and WannaCry’s largest attacks were in 2017, as many as 1.7 million endpoints are vulnerable to attack today. Most of the vulnerable devices are in the United States and likely haven’t updated their operating systems.
Recent Ransomware Attack Examples
Ransomware groups continue to look for any industry or business where they can find a weakness and exploit it. While they don’t limit themselves to a particular area, we’ve seen some recent focus areas:
Managed Service Providers Hubs like a Managed Service Provider are highly vulnerable because they are highly connected. Attacking a MSP would have maximum impact and inflict serious damage to any of the MSP’s clients. The attack would also likely result in a higher ransom demand.
In April of 2020, Cognizant, one of the largest IT managed services companies in the world, was attacked by Maze Ransomware. With nearly 300,000 employees and $15 billion in revenue, Cognizant was a serious target. Customers installed end-point clients or agents on their workstations to receive any patches or software updates from Cognizant. The malware was likely on the network for weeks before it deployed the ransomware. In cases like this, the actors will breach a network, the malware will spread throughout the system looking for files and credentials to steal. After administrator credentials are found on the network, the ransomware is deployed. Cognizant expects to pay upward of $70 million in remediation.
Healthcare Ransomware is often most effective where urgency to restore systems is high. Hospitals are a key example, and with COVID-19 adding stress to more hospitals specifically, the ransomware threat actors have responded. INTERPOL reported in April 2020 that “cybercriminals are increasingly attempting to lockout [sic] hospitals out of critical systems by attempting to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak.”
An example of this type of target is Parkview Medical Center in Pueblo, CO. A ransomware attack in April 2020 rendered the center inoperable. The hospital attempted to keep up with operations by processing business on paper forms, but it slowed service considerably. This is a common pattern across industries. As systems go down, processes must revert to paper-based methods of continuing business. Inevitably, losses mount during this time. The medical center responded to the attack by engaging forensic experts to investigate and start to mitigate the attack. This type of response is key to limiting the damage of ransomware.
The damage hasn’t fully been counted in the case of Parkview Medical Center, but it’s important that other healthcare facilities take note. While many know they need complete visibility across their entire network of computers, many forget that non-traditional devices are also on the network, such as CT scanners and infusion pumps.
Financial Services We know that all businesses face attempted cyberattacks every year, some reports detail that number up to 4 million--most of those attacks are filtered by firewalls and anti-virus software. But the financial services industry faces one billion attempted attacks per year. And 90% of the financial institutions within the industry have been hit with some type of ransomware attack.
Travelex is a great example of how vulnerable the financial services industry is to ransomware attacks specifically. Travelex, a foreign exchange company headquartered in London, is an example of the increasing trend that includes the selling of sensitive information if the ransom is not paid. Once an attack takes place, companies face not only restoring their data and networks, but worrying about legal and regulatory consequences of the data that has been stolen. Notifying customers or paying regulatory fines are common next steps. In the case of Travelex, they paid a $2.3 million ransom payment to get their systems online after a ransomware attack in early 2020. The attack caused Travelex to shut down 1,500 stores globally while the attackers disclosed the full damage--they had deleted backup files, copied personal data, and encrypted the entire network. The actors told Travelex they would release the stolen data publicly and keep their systems locked if they refused to pay the $3 million ransom. After the business was up and running on January 17th, 2020, rumors circulated that a ransom had been paid and the $2.3 million price was confirmed through several sources.
Protect your business with the right risk management strategy for ransomware. Learn more about how Measured Insurance can help by understanding your current risk. Take our three-question quiz to find out.