The State of Ransomware in 2021

The State of Ransomware in 2021

Following on from our State of Ransomware 2020 blog, we’ll be tracking the 2021 publicized ransomware attacks each month to share with you via this blog.  With damages from cybercrime expected to hit $6 trillion this year (up from $3 trillion in 2015), we expect the number of ransomware attacks to increase and newer forms to become more sophisticated and disruptive. To keep informed of what’s happening every month, follow this blog and register for our free monthly ransomware report.

September

September had a slow start with the bulk of what we uncovered being reported in the latter half of the month. For the first time this year the total reported number was lower than that of 2020, however, given the trends this year it’s likely that many of the incidents have yet to be disclosed publicly. We tracked 24 incidents including the Department of Justice in South Africa, two major U.S. farming cooperatives, and multinational electronics giant JVCKenwood. Here’s a summary of what we uncovered.

1. Almost 9 months after the Accellion data breach, Beaumont Health in Michigan joined the list of healthcare organizations impacted by the cyberattack. The health system recently notified around 1500 patients that their data may have been compromised in the attack.
2. Jipmer, the Jawaharlal Institute of Postgraduate Medical Education & Research in India was forced to suspend patient tele-consultations following a ransomware attack. All computer systems at the facility were taken offline as a result.
3. Howard University in Washington DC was the first school to report an attack this month. The incident was discovered just weeks after students returned to campus and as a result classes were cancelled. Ransom details remain unknown but the university has said that there was no evidence so far to suggest that any personal data of its 9500 undergraduate and graduate students had been accessed or exfiltrated.
4. Japan -based camera and binocular manufacturer Olympus released an official statement to confirm that they had been attacked by the BlackMatter ransomware gang and that their computer systems in Europe, Middle East and Africa had been impacted. The internal forensics team were able to contain the malware spread by shutting down the infected computers.
5. The Justice Department in South Africa made global news when it was disclosed they had become a victim of ransomware. The incident left all of the department’s information systems encrypted and unavailable according to a statement shared by WhatsApp. “All electronic services provided by the department are affected,” it said.
6. Desert Well Family Medicine in Arizona reported that 35,000 patients were impacted by a breach involving a hack of the network. The organization did not disclose any information relating to a ransom demand or negotiations but the incident was reported as a ransomware attack.
7. The Hive ransomware gang shared patient data from Missouri Delta Medical Center who opted to stay silent about the loss of patient data following a ransomware attack. Screenshots of the data dump have been published, but the organization has not confirmed or denied the attack. The criminal gangs website was updated with the following statement ‘MDMC Decided not to protect privacy of their patients or employees. By their greed for money, patients will suffer. There is still time – 4 days until all patient info is dumped.’
8. US technology giant TTEC disclosed they had been impacted by a ‘cybersecurity incident’, confirming to employees that it was indeed ransomware. The company who has almost 61,000 employees and billions in annual revenue alerted staff not to click on a link titled “!RA!G!N!A!R!. In a statement to news outlet ZDNet, a spokesperson would not confirm that it was ransomware but did confirm that some of the company’s data had been encrypted and business systems had been impacted.
9. NEW Cooperative, a farmers feed and grain cooperative in the US suffered a BlackMatter ransomware attack resulting in a $5.9 million ransom demand which would increase to $11.8 million if the ransom wasn’t paid in five days. The cybercriminals claimed to have exfiltrated 1,000 GB of data which included source code, R&D results, sensitive employee information, financial documents, etc.
10. Marketron, a business software solutions company that provides cloud-based revenue and traffic management tools for broadcast and media organizations, became the victim of the BlackMatter gang. Marketron customers learned of the incident in an email from the company CEO, who said that “the Russian criminal organization BlackMatter” was responsible for the attack. He also said the company was communicating with the hackers and the FBI was also involved.
11. Web hosting service company Exabytes was next to disclose they had been impacted by a ransomware attack. The Malaysian based company claimed to have most of its systems restored shortly after the attack. Tech portal Amanz reported that the company had tweeted that the attackers were demanding US$900,000 (RM3.77mil) as ransom in cryptocurrency but the tweet was later deleted.
12. India’s Tamil Nadu government’s public department discovered their files had been locked following a ransomware attack. When officials tried to access them a message appeared requesting money in exchange for each file. The organization disclosed that no security data had been compromised.
13. The next agricultural cooperative to become a victim was Crystal Valley Cooperative in Minnesota. In a Facebook post the company confirmed they had been hit by ransomware. All computer and phone systems were shut down as a result of the attack which was thought to be carried out by BlackMatter.
14. Another suspected BlackMatter attack, this time it was publicly traded real estate investment firm Marcus & Millichap. The firm revealed in an 8-K filing with the SEC that it “had been subject to a cybersecurity attack on its information technology systems.” They said there had been no evidence of a data breach and did not identify the attack as ransomware. However, a ransom note was discovered by media outlet LeMagIT suggesting a connection between the data sample and Marcus & Millichap. The BlackMatter ransomware note claimed that 500 GB of data had been stolen.
15. Payroll company Giant Group was next to be hacked in suspected ransomware attack. The company admitted that its computer systems which pay thousands of umbrella company contractors each week had been hacked and all systems were offline due to “suspicious activity”. The incident is under investigation and the company noted they were following protocols which meant they could not communicate with customers as openly as they would like.
16. A ransomware attack on Coos County Family Health Services in New Hampshire caused an IT outage and forced some of its clinics to shut down. The CEO said the attacks affected all of its systems, such as phone, computer and email. The organization has reopened all of its clinics but its IT systems are still experiencing outages.
17. California-based United Health Centers was hit by a ransomware attack which reportedly disrupted all of its locations and resulted in the theft of patient data. Media outlet BleepingComputer was told by a source that the organization was reeling from an attack at the hands of cybercriminal gang Vice Society. BleepingComputer reached out to UHC multiple times but did not receive a response to any requests to confirm the attack. The criminal gang later leaked files allegedly stolen from the health center.
18. Debt-IN Consultants, a debt recovery firm in South Africa confirmed they had been a victim of a serious cyberattack resulting in a data breach affecting more than 1.4 million people. The attack which occurred in April of this year only came to light late this month with the discovery that confidential consumer data and voice recordings of calls between Debt-IN debt recovery agents and financial services customers had been posted on “hidden internet sites” that are only accessible by a “specialized” web browser.
19. Stonington School District in Connecticut are working with the FBI following a ransomware attack which took the entire districts systems offline. Officials have said that the nature and origin of the attack and whether information was compromised are still being investigated and families would be updated when more information is available.
20. Hawaii Payroll Services disclosed that they suffered an attack affecting 4500 customers. Earlier this year the company discovered that its servers and databases had been breached by an unauthorized users. The company believes the attack was carried out by a criminal gang who somehow compromised a client’s account.
21. Lufkin ISD in Texas was the next school to make ransomware headlines. The school communicated via social media that the systems were down following an attack that was detected by their cybersecurity systems but they still needed to ensure no data had been compromised.
22. An attack on French company TiteLive who provide software for book stores affected 130 Dutch bookstores who had their systems shut down. It’s not yet known who was behind the attack or what the ransom demand was.
23. Philadelphia based mental health provider Horizon House just disclosed that almost 28,000 people may have been impacted by a ransomware attack that occurred earlier in the year. In a security notice the organization revealed that data had been exfiltrated during the attack. The unknown criminal gang accessed personal data including names, addresses, Social Security numbers, driver’s license numbers, dates of birth, financial account information, medical claim information, etc.
24. The last reported incident of the month goes to multinational electronics company JVCKenwood. The Conti ransomware gang claim to have stolen 1.7 TB of data and are demanding a $7 million ransom! The company disclosed that servers belonging to its sales companies in Europe were breached and threat actors may have accessed data during the attack