Ransomware attacks are those which use malware to encrypt the data and files of targets. They differ from extortion campaigns, which use distributed denial of service (DDoS) to overwhelm targets with traffic with the promise of stopping their onslaught in exchange for payment.
While some organizations choose to pay ransomware demands, it is generally not recommended as there is no guarantee that access to infected systems will be restored and by paying up, victims further incentivize these forms of cyberattack. Many companies don’t disclose ransomware attacks or, if they do, won’t reveal the attackers’ demands.
Here, we review some of the most recent ransomware attacks 2020, from January through to December.
Ransomware attacks in January 2020
1. Travelex ransomware attack
Hackers started the year with an attack on foreign exchange company Travelex, forcing the company to turn off all computer systems and rely on pen and paper. The company had to take down its websites in 30 countries as a result.
A ransomware gang called Sodinokibi (also known as REvil) was behind the attack, demanding $6 million from Travelex. The gang claimed to have accessed the company’s computer network six months previously, enabling it to download 5GB of sensitive customer data – including dates of birth and credit card numbers. The gang said that if Travelex paid the ransom, they would delete the data but if not, the ransom would double every two days. After seven days, they said they would sell the data to other cybercriminals.
Travelex reportedly paid the gang $2.3 million in Bitcoin and restored its online systems after two weeks offline. In August 2020, the company announced it was going into administration (the UK equivalent of going into Chapter 11), blaming a combination of the ransomware attack and the impact of the Covid-19 pandemic.
Other notable attacks this month included:
Students at the Pittsburgh Unified School District of Pennsylvania were left without internet access after a ransomware attack disabled the district’s network systems during the festive break.
Patients at a medical practice in Miramar, Florida received ransom demands from a cybercriminal threatening to release their private medical records unless a ransom was paid.
Other notable attacks this month included:
- Students at the Pittsburgh Unified School District of Pennsylvania were left without internet access after a ransomware attack disabled the district’s network systems during the festive break.
- Patients at a medical practice in Miramar, Florida received ransom demands from a cybercriminal threatening to release their private medical records unless a ransom was paid.
2. Communications & Power Industries ransomware attack
In March, it was revealed that California-based Communications & Power Industries (CPI), a major electronics manufacturer, had been hit by a ransomware attack.
The company makes components for military devices and equipment and counts the US Department of Defense amongst its clients. The ransomware attack took place when a domain admin at the company clicked on a malicious link that triggered file-encrypting malware. Because thousands of computers on the network were on the same, unsegmented domain, the ransomware quickly spread to every CPI office, including its on-site backups.
The company reportedly paid $500,000 in response to the attack. It is not known what kind of ransomware was involved.
Other notable attacks this month included:
- In the UK, London-based Hammersmith Medical Centre was attacked by the Maze ransomware group. The Medical Centre performs early clinical trials for drugs and vaccines. The attack came only days after the Maze group promised not to attack medical research organizations during the Covid-19 pandemic. After the Centre declined to pay the ransom, the group published the personal details of thousands of former patients. The Centre’s director, Malcolm Boyce, was quoted in the media saying he would rather go out of business than pay the ransom.
Ransomware attacks in April 2020
3. Energias de Portugal ransomware attack
In April, it was reported that Portuguese energy giant Energias de Portugal (EDP) had fallen victim to an attack. Cybercriminals using the Ragnar Locker ransomware encrypted the company’s systems and demanded a ransom of nearly $10 million.
The attackers claimed to have stolen over 10TB of sensitive company data, which they threatened to leak unless the ransom was paid. The hackers posted screengrabs of some sensitive data on a leak site that purported to show proof of possession. The data supposedly included confidential information about billing, contracts, transactions, clients, and partners.
EDP confirmed that an attack had taken place but said there was no evidence that sensitive customer data had been compromised. However, on the basis that theft of customer data could come to light in the future, the company offered customers a year of Experian identity protection at no cost.
Other notable attacks this month included:
- Cognizant, a Fortune 500 company that provides IT services to companies across various industries, disclosed that they were the target of a ransomware attack. The attack affected their internal systems and involved the deletion of their internal directory, disrupting services to their customers. In their Q2 2020 results reportat the end of July, Cognizant said that revenue across their business segments was down 3.4% to $4 billion. This was due, in part, to the April ransomware attack.
0 Comments