5 Ransomware Attacks that Shocked the World
The coronavirus has really done a number on information security infrastructure. As if a public health crisis weren’t enough, threat actors have been taking advantage of sharp changes in IT behaviour and business imperatives to sneak into unsuspecting networks. Ransomware criminals have been around for decades, but the drastic rise in cyber-attacks over the last couple of years is concerning.
Here are 5 recent high-profile ransomware attacks that made the headlines:
1. Colonial Pipeline, 2021
In May 2021, Colonial Pipeline, the operator of the largest fuel pipeline in the United States, was attacked by ransomware and had to shut down for 5 days. Colonial moves 2.5 million barrels of liquid fuels to the eastern and southern United States every day. The situation disrupted gasoline and jet fuel supplies to major cities on the East Coast and causedmassive fluctuations in fuel prices.
Investigations revealed that Colonial Pipeline was the victim of the “DarkSideransomware-as-a-service (RaaS) variant”. The Congressional Research Service of the United States defines RaaS asa cybercrime model in which one criminal group develops the ransomware and hosts the infrastructure upon which it operates, then leases that capability to another criminal group to conduct an attack. DarkSide’s hackers found a trace to the password of an old unused VPN account and leveraged it to break into Colonial Pipeline’s systems. Incidentally, Bloomberg reported that the password was procured from a batch of leaked passwords on the dark web.
The company ended up paying DarkSide US$ 5 million for a decryption key that restored their computer networks which had been disabled all week. The incident prompted President Biden to declare a state of emergency, and subsequently issue an Executive Order on “Improving the Nation’s Cybersecurity”.
2. JBS Foods, 2021
Closely following the Colonial Pipeline attack, Brazil-based JBS Foods – the world’s largest meat processing company – was hacked in June, shutting down operations in the United States, Canada and Australia. The attack impacted plants that process a fifth of the meat supply in the US, further disrupting an already strained food supply chain that has been struggling to bounce back post-lockdown.
JBS’ customers include farmers, small-town processing plants, big city restaurants and nation-wide chains such as McDonald’s and Walmart, with whom they engage through a burger patty supply network. The attack caused chaos with wholesale meat prices and undue crowding of animals in barns. JBS paid US$ 11 million in bitcoin as ransom to restore supply and stabilise the industry.
In September, the Cyber Division of the Federal Bureau of Investigation (FBI) issued a private industry notification to warn the food and agriculture sector about cyber criminal actors targeting them with ransomware attacks. They stress upon the fact that threat actors are exploiting network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems.
The notification emphasizes that ransomware can impact businesses across the food and agriculture sector, from small farms to large producers, processors and manufacturers, and markets and restaurants. Damage could result from financial loss from ransom payments or from related consequences such as loss of productivity or remediation costs. They also highlight the potentially exponential costs associated with loss of proprietary information, personally identifiable information (PII) and reputational damage.
3. SolarWinds, 2020
Another contributing factor that led to President Biden’s Executive Order was the SolarWinds attack just a few months earlier – now known as one of the largest, most sophisticated and most damaging cyber-attacks in recent history.
SolarWinds is a software company that provides systems management tools for IT departments at government agencies and large corporations all over the world. SolarWinds’ customers include almost all of the Fortune 500 companies, including tech leaders Cisco, Microsoft and VMWare, in addition to the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide.
Attackers used the Orion software, SolarWinds’ popular network management system, to embed a virus into a routine update. Roughly 18,000 customers unknowingly downloaded the update and exposed their networks to the malware.
This type of attack – a digital supply chain attack through trusted 3rd party IT infrastructure, trusted by the world’s most ubiquitous companies – is particularly challenging to guard against, and to measure as well. Experts have estimated economic costs of US$100 billion, and efforts to measure the total impact are still ongoing.
4. Maersk, 2017
Moller-Maersk, the world’s largest container shipping firm, was hit by a ransomware attack back in 2017 – though this incident was a little different. The NotPetya ransomware was originally designed to target businesses in Ukraine, but it got out of hand and Maersk was one of its many unintended victims.
Maersk handles 25 percent of all containers shipped on the key Asia-Europe route. The attack caused outages across all of Maersk’s business units, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers. Almost 50,000 endpoints and thousands of applications across 600 sites in 130 countries were infected. The attack also affected Maersk’s port operator APM Terminals – 17 of their shipping container terminals were hacked, including two in Rotterdam. Maersk estimated almost US$ 300 million in lost revenue.
The NotPetya attack is considered a classic example of the potential large-scale consequences of small gaps left overlooked. Security experts say that it only takes one point of entry to infect an entire network.
5. Acer, 2021
Closer to home, Taiwanese electronics giant Acer was attacked last year by the REvil ransomware group. The attack is deemed to have made the highest ransomware demand in history: US$ 50 million.
The REvil group, who had previously demanded US$ 30 million from pan-Asian retail giant Dairy Farm, reportedly posted sensitive information such as financial documents, bank forms, account numbers and credit limits to prove their hold over the data. The attackers even went so far as to engage in hostage negotiation tactics such as offering to reduce the ransom amount if Acer paid up by a deadline, while threatening to hike it up to US$ 100 million if they didn’t comply. Experts suspect that the bad actors used a known vulnerability in Microsoft Exchange mail servers to target Acer.
The last public status update about this incident indicated that Acer had reported the matter to relevant law enforcement and data protection authorities and could not reveal any details of ongoing investigations.
Of course, shocking cybercrime stories don’t end there.Ransomware attackers are evolving past the consumer bases of banks and retailers to target essential services such as hospitals, food suppliers and transportation. In 2020, a 78-year-old woman who needed urgent medical care died on her way to a hospital in Dusseldorf because the hospital was under attack, and she had to be re-routed. The incident is considered the first-ever reported human death indirectly caused by a ransomware attack.
Ransomware attackers are continuing to find new ways to infiltrate businesses, societies and economies, and it is our collective responsibility to strengthen our defenses and be prepared. Cybercrime has both malicious intended consequences as well as disastrous unintended ones. MyRepublic is committed to helping organisations and businesses in the ASEAN region protect their networks and digital assets.