We got you covered.

The Biggest Ransomware Attacks in 2020

Must Read

Most cyber security experts recognize ransomware attacks as the most prevalent form of cyberattack directly threatening companies, NGOs, and even governments around the world. In the past, these activities generally targeted individuals, however, in recent years their potential for large scale destruction greatly grew.

We should keep in mind that most ransomware attacks today are, in fact, two pronged extortion attempts. Hackers not only prevent the owner from accessing their data through encryption, they also exfiltrate copies of that data in advance. This allows them to extort greater pressure on the owner by threatening to publically release that data if they refuse to pay up.

It is this characteristic that makes ransomware such a great problem for companies. The damage to a company’s reputation often ends up being far greater than infrastructural damages incurred in ransomware attacks. What makes matters worse is that there is no guarantee that the cybercriminals will not publically release the data, despite getting the ransom.

No honor among some thieves, apparently.

In terms of statistics and trends, 2020 brought us the following:

Ransomware during COVID-19

Cybercriminals did not hesitate to make the most of the uncertainty and instability brought on by last year’s pandemic. In fact, the work-from-home policy practiced by most businesses provided a number of weaknesses in companies that were not prepared to deal with the remote set-up.

Generally, the circumstances of last year provided an ideal environment for hackers looking for ever-increasing compensations for their activities. In fact, criminals hid ransomware in COVID-19 materials, trying to get people visit fake websites and download malicious content.

According to researchers, the pandemic caused a 72 percent increase in ransomware attacks. For instance, in one of the worst hit countries by the virus – Italy, we saw the rise of a ransomware software called [F]Unicorn which spread through a contact tracing app. The fake app led users to believe that it offers real-time updates pertaining to new infections.

However, after installing it, people started noticing that their data was now encrypted and finding ransom notes demanding they pay EUR 300 within 3 days. Luckily, [F]Unicorn was created by a relatively inexperienced hacker, using code from already known ransomware.

Ransomware attacks

Grubman Shire Meiselas & Sacks

Ransomware: REvil

Damages: greater than USD 1 million

In May last year, a well-known entertainment and media law firm Grubman Shire Meiselas & Sacks got hit by an attack using REvil ransomware. The company proudly lists some of the most prominent celebrities and companies as their clients.

In a typical double extortion attack, the cybercriminals stole 756GB of sensitive data before encrypting it. Allegedly this data contained sensitive info of celebrities like Madonna, Elton John, Lady Gaga, Mariah Carey, Barbara Streisand etc. The attackers even claimed to have something on Donald Trump – though, he was never a client of the firm.

Initially, the cybercriminals asked for USD 21 million after publishing Lady Gaga’s data to prove their seriousness. However, the firm staunchly refused to pay – which led to the ransom going up to USD 42 million. And the lawyers still would not pay.

In the end, the stolen data went to auction, with Madonna’s info reaching USD 1 Million. The company suffered even more with its reputation in ruins.

University of California San Francisco

Ransomware: Netwalker

Damages: USD 1.14 million

The University of California, San Francisco (UCSF), one of the world’s best medical research university in the world, got an infection itself. They got hit with NetWalker ransomware in June 2020. The attack first began at the servers of the School of Medicine.

Luckily, the university managed to stop it from spreading by separating the rest of the network. But the criminals still got their hands on a number of databases. With an even greater stroke of luck, the attack did not cause any damage to university hospitals and their COVID-19 research facilities.

However, as the compromised databases contained some priceless academic research work, the university eventually paid USD 1.14 million in ransom.


Ransomware: Sodinokibi

Damages: USD 2.3 million

In the very beginning of 2020, a Sodinokibi (REvil) ransomware variant found its way to Travelex’s servers. This forced their website offline and hit its bricks-and-mortar stores and banking services for more than two weeks. This, along with the effects of COVID-19 on air travel, eventually led the company into bankruptcy.

The Sodinokibi criminals claimed to have accessed and then copied and encrypted 5 GB of data from Travelex’s network. Initially, they requested USD 6 million to decrypt the information. Travelex agreed to pay a USD 2.3 million ransom after several weeks of negotiation.

CWT Global

Ransomware: Ragnar Locker

Damages: USD 4.5 million

The U.S. travel management firm CWT paid USD 4.5 million in Bitcoin, to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline. The cybercriminals used a strain of ransomware called Ragnar Locker – this encrypts computer files and renders them unusable until the victim pays for access to be restored.

The hackers and company officials chatted online in a public chat room. CWT reported the incident immediately to US law enforcement and EU data privacy agencies.

Allegedly, the criminals stole over two terabytes of data, including financial records, security documentation, and personal details of employees such as email addresses and salary information. Originally the criminals set the price at USD 10 million to recover the stolen files. However, the company could afford 4.5 million, due to the pandemic.


Ransomware: WastedLocker

Damages: USD 10 million

Fitness brand Garmin paid millions of dollars in ransom after an attack took many of its products and services offline. Reportedly, Garmin paid through a ransomware negotiation company called Arete IR, in order for Garmin to recover data stolen in the attack.

Garmin employees let it slip that the attackers want a staggering USD 10 million in ransom. The company declined to comment on whether or not they paid the ransom, but most experts are of the opinion that Garmin must have paid since its services were restored within days.

WastedLocker is a ransomware strain famous for having no vulnerabilities in its encryption algorithm. Its reputation furthers the narrative that Garmin had to pay up in order to get the decryptor.

The Take-Away

Ransomware attacks leave no organization behind it seems. Regardless of whether it’s an industry leading corporation with offices around the globe or a small NGO minding its business, it is apparent that no one is off limits or immune to these attacks.

As a rule, prevention is much better and easier than the cure. Fortunately, there are steps that you can take to prevent ransomware attacks.  Some of the things you can try are:

  • keeping backups,
  • performing regular patching,
  • using multi-factor authentication and strong passwords,
  • introducing programs for your employees’ education, and,
  • utilizing the appropriate cybersecurity tools.

Also, check out our article Easing the Headache of Cybersecurity Attacks for more information on the topic.

Sign Up for Our Newsletter

Get the latest news and articles from EP Wired.


Comments are closed.

Latest News

The Key Role of Private Security Officers

Over the course of their assignments, private security officers are not averse to coming across multiple types of employees,...

More Articles Like This

Download Advance Work: Route Survey

    Download Advance Work: Restaurant

      Download Helicopter Extration: Landing Zone

        EP Career

        Your registry of the best opportunities in executive protection.

        EP Directory
        The right place to explore EP companies.