2021 was a year of digital transformation for all businesses. The widespread adoption of remote and hybrid work has resulted in employees being more reliant than ever on technology. A consequence of this reliance on technology there also has been a massive rise in the frequency and severity of cyber-attacks, across all industries and business sizes. Many of these attacks were ransomware attacks carried out by a growing number of ransomware gangs, however there were also some major data breaches, DDOS attacks and supply chain compromises. In this article we discuss 6 of the worst cyberattacks of 2021.
SolarWinds Supply Chain Trojan Attack (Worldwide)
This highly sophisticated trojan attack started in September 2019 and lasted until 2021. Russian nation state hackers are suspected of being behind it with thousands of organisations being affected. Some victims include the US government, Microsoft, Intel, and Cisco. In September 2019, threat actors gained unauthorised access to the SolarWinds’ network. The hackers lay dormant until February 2020 when they injected malicious code into SolarWinds’ infrastructure monitoring and management platform, Orion. In March 2020, SolarWinds unknowingly sent out software updates with the malicious code which gave the cybercriminals access to customer information and IT systems, enabling them to install more malware on other companies. It wasn’t until December 2020 that the malware was finally found, and mediation and investigations ran until May 2021. The SolarWinds attack is one of the largest and most sophisticated cyberattacks the world has seen.
Colonial Pipeline Ransomware Attack (USA)
On May 7th, the Colonial Pipeline, an oil pipeline system in Houston, Texas, fell victim to a ransomware attack that impacted the computer equipment managing the pipeline. As a result, the pipeline ceased operation to contain the attack. The gang that perpetrated the attack, DarkSide, demanded a $4.4 million ransom to decrypt all data. The Colonial Pipeline, with assistance from the FBI, paid the ransom shortly after the attack. Although this restored the network, the pipeline operated very slowly and as it delivers 45% of the East Coast’s fuel, a state of emergency was imposed to ensure fuel lines remained open.
Brenntag Ransomware Attack (USA)
In early May, Brenntag, a German chemical distribution company, was the victim of a widespread ransomware attack. Although the company was founded in Germany, the ransomware gang, DarkSide, attacked its North American division. The cybercriminals extracted 150GB of data during the attack and threatened to leak it unless the company paid a $7.5 million ransom. This was negotiated down to $4.4 million, which Brenntag paid. The attack was only successful as the cybercriminals bought stolen employee login credentials to spread the ransomware.
Health Service Executive Ransomware Attack (Ireland)
On May 14th, the Health Service Executive (HSE) of Ireland was targeted by ransomware gang, Wizard Spider. The ransomware Conti was used in the attack, and it caused all HSE’s IT systems to be encrypted and shut down. The gang demanded a ransom of €16.5 million to decrypt the data and to not publish any ‘private data’. The Irish government did not pay this ransom, and as a result Wizard Spider released the confidential medical information for 520 patients, as well as corporate documents. Eventually, the cybercriminals gave the HSE the software tool to decrypt the data, free of charge. However, it took over 4 months for all servers and devices to be completely restored. This attack had devastating consequences for employees and patients alike.
Kaseya VSA Supply Chain Ransomware Attack (Worldwide)
On July 2nd, 30 managed service providers (MSPs) and their customers fell victim to a ransomware attack, carried out by the gang, REvil. This was due to a vulnerability in Kaseya, an IT solutions developer, VSA software. Although only 0.01% of Kaseya’s customers were affected by the breach, as these were all MSPs with multiple customers, over 1000 companies were ultimately impacted. The cybercriminals demanded a $70 million ransom; however Kaseya did not pay as it obtained the decryption software through a third-party. This is a key example of how a supply chain attack can have consequences for businesses throughout the world.
Weir Group Ransomware Attack (UK)
In the second half of September, one of Scotland’s largest engineering firms was hit by a sophisticated ransomware attack which was noticed early, and where swift action limited the damage. The Weir Group shut multiple systems down, including engineering applications and its ERP, to avoid further spread of the malware. Although the firm reacted well to the incident, it has experienced revenue deferrals of around £50 million in September and the direct costs of the attack are expected to be up to £5 million. Responsibility for the attack remains unknown.
Looking Forward to 2022
2021 saw thousands of businesses around the world fall victim to a variety of cyberattacks. There is no doubt that this trend will continue in 2022 with new attack vectors and companies of all sizes and industries being targeted. Many of these attacks can be avoided through a comprehensive cybersecurity solution. If you want to find out more, get in contact with us today.