1. COLONIAL PIPELINE CYBER ATTACK.
Colonial Pipeline, an American oil pipeline system in Houston and Texas, transports gasoline and jet fuel to the Southeast United States. On May 7, 2021, the company was hit by a ransomware cyberattack, affecting computerized pipeline management equipment.
Colonial Pipeline Company responded by halting all pipeline operations to limit the attack. In addition, Colonial Pipeline paid the proposed ransom (75 bitcoins, or $4.4 million) within hours of the attack, with the help of the FBI. Colonial Pipeline was subsequently handed a software application by the hackers to restore their network, although it ran slowly.
A regional emergency for 17 states and Washington, D.C. was declared by the Federal Motor Carrier Safety Administration to keep petroleum supply lines open. It was the most significant cyberattack on an oil infrastructure target in U.S. history. Darkside was identified as the organization responsible for the incident by the FBI.
2. KIA MOTORS RANSOMWARE ATTACK
The DoppelPaymer gang has launched a ransomware attack on Kia Motors America, demanding $20 million in exchange for a decryptor and a promise not to expose stolen data.
Kia Motors America (KMA) is a Kia Motors Corporation subsidiary based in Irvine, California. KMA manufactures vehicles and SUVs in West Point, Georgia, and has almost 800 dealers in the United States.
A nationwide IT outage impacted Kia Motors America’s mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal dealership sites.
Users are greeted with a message indicating that Kia is “experiencing an IT service outage that has impacted some internal networks” when browsing their websites, as illustrated below.
3. CHANNEL 9 AUSTRALIA ATTACK
According to claims from IT News, the AFR, and Nine News, channel Nine has experienced the most significant cyberattack on a media firm in Australia’s history.
The cyberattack, which Channel Nine described as a ransomware variant, hit early Sunday morning, knocking television and digital production systems offline for more than 24 hours. In addition, Channel Nine’s ability to broadcast from its Sydney studios was hampered by the incident, requiring the media organization to relocate to its Melbourne studios.
Channel Nine responded quickly to the cyber-attack, informing affected parties that its IT professionals were working around the clock to restore its systems properly and characterized the attack as a sophisticated and deliberate attack that might take weeks to rectify.
4. ACER RANSOMWARE ATTACK
A REvil ransomware attack has hit Acer. The threat actors have sought extortion of $50,000,000.Acer is a Taiwanese electronics and computer manufacturer known for laptops, desktop computers, and monitors. Acer employs approximately 7,000 people and earned $7.8 billion in revenue in 2019. On their data leak site, the ransomware group declared that they had hacked Acer and published photos of supposedly stolen files as proof.
Financial spreadsheets, bank balances, and bank communications are among the documents whose images have been leaked.
5.NBA’S HOUSTON ROCKETS RANSOMWARE ATTACK
The hacking group known as Babuk claims on its dark web page to have stolen 500 gigabytes of data from the Rockets, including contracts, non-disclosure agreements, and financial information and threatened to publish it if the team does not pay.
Babuk is the most recent hacking group to use dark web pages to publicly extort victims into paying ransom demands. Babuk has already infiltrated at least “five significant organisations,” including one victim who paid as much as $85,000 following negotiations. The group advertises on both English- and Russian-language dark web forums, with a focus on Russian sites to recruit affiliates and distribute malware.
The Rockets’ spokesperson, Chris Hughes, said the team is aware of the hackers’ claims but would not comment on their credibility or the scale of the hack.
6. CNA PAYS 40M $ TO HACKERS
One of the largest insurers in the United States, CNA Financial, paid ransomware hijackers $40 million to unlock its data and restore its network systems.
The CNA Financial ransomware attack was revealed in March 2021.
The astronomical sum extracted from CNA Financial by the cyber roughnecks is the immense ransom demand met by victims to date. To put this in context, the CNA heist is roughly ten times the $4.4 million that hackers who attacked the Colonial Pipeline made from an early May 2021 payment.
According to Bloomberg, CNA, the world’s seventh-largest commercial insurance provider, paid the hefty sum two weeks after hackers stole data and locked up its systems in early March. On March 12, 2021, the energy company resumed operations.
7. JBS FOODS ATTACK
The world’s largest meat processing company paid a ransom of $11 million (£7.8 million) to end a significant cyber-attack.
JBS’s computer networks were hacked last week, causing some operations in Australia, Canada, and the United States to be temporarily shut down.
In this ransomware attack, hackers had gained access to a computer network. They threatened to disrupt or delete files unless a cryptocurrency ransom was paid. The payment was reportedly made in Bitcoin, after that plants were brought back online.
JBS claims that paying was necessary to protect customers.
The REvil gang demanded a $50 million ransom from computer manufacturer Quanta in April. Although Quanta is not a household name, it is one of Apple’s most important business partners.
After the company refused to negotiate with the hacker group, REvil turned its attention to Apple. They threatened to release more sensitive documents and data after leaking Apple product blueprints obtained from Quanta. REvil appeared to have called it quits by May.
9. BRENNTAG CYBER ATTACK
DarkSide, the notorious hacker group that targeted Colonial Pipeline, also targeted Brenntag, a chemical distribution company, around the same time in early May 2021. DarkSide demanded the equivalent of $7.5 million in bitcoin after stealing 150 GB of data.
Brenntag eventually gave in to the demands and paid $4.4 million. It remains one of the largest ransomware payments in history, despite being slightly less than half of the original demand.
The Avaddon gang attacked the European insurance company AXA in May. The attack occurred shortly after the company announced significant changes to its insurance policy.
AXA essentially announced that many of its clients would no longer be reimbursed for ransomware expenses. The hacker group acquired access to a colossal 3 TB of data in this one-of-a-kind (and somewhat ironic) cyber-insurance corporation attack that grabbed news.
Read more about cybersecurity