10 Cases Of Large Companies Hit By Ransomware

Find out 10 cases of large companies hit by ransomware and what are the best solutions to protect your data from cyber hacker attacks.

10 companies hit by ransomware

In recent times, more and more companies have been affected by ransomware, facing serious losses and problems of various kinds.

The paralysis of IT systems; leakage of sensitive data; privacy of customers and partners; strategic information published on external sites.

Once inside the network infrastructure, ransomware encrypts files, taking them hostage.

The cybercriminals then demand a ransom to regain personal data and reaccess the system.

According to the research conducted by Thales, one in five companies has already paid or is willing to pay a ransom to face a ransomware attack.

The problem, unfortunately, is significantly underestimated.

Also, according to the French electronics giant, only 48% of large companies have a formal security plan to defend themselves from the threat of ransomware.

Furthermore, what distinguishes ransomware from other cybercrimes is that they usually target the most strategic industrial sectors of a country’s economy.

Companies affected by ransomware often belong to the healthcare or infrastructure sector.

These are more sensitive because they collect a lot of sensitive data.

On the other hand, they are forced to pay the ransom because they have to guarantee the continuity of services and cannot afford interruptions.

NBA under attack

In April 2021, the Houston Rockets, the American NBA basketball team, was the victim of a cyber breach.

The hacker group behind the incident is Babuk, responsible for other major ransomware attack, such as the one on the Washington DC Police Department.

The criminals were responsible for stealing 500 gigabytes of data from the Rockets.

These included team financial data, nondisclosure agreements, and contractual and employee information.

Babuk threatened to disclose the data if the ransom was not paid, but it seems that the team has not succumbed to the blackmail.

Houston Rockets customers, employees and business partners were promptly notified of the breach, and, later, law enforcement began an investigation. 

The case of the Lazio Region

Among the companies affected by ransomware, we also count the Lazio Region, which in August 2021 was victim of an attack.

The administration’s official Twitter account made the announcement.

The Error was dictated by the poor management of the infrastructures and the absence of a reaction plan to face accidents,

This attack mentioned above on the regional CED created major inconvenience to regional business.

The disappearance of practices, concessions and authorizations on issues such as construction and waste, in addition to the blocking of the vaccination campaign against covid.

These are the most relevant problems, as also stated in the parliamentary question presented on 11 August 2021:

“Since the outbreak of the COVID-19 pandemic, the number of cyber-attacks against individuals and public institutions has increased sharply. 

According to Europol, criminals have exploited the crisis to carry out ransomware attacks in several Member States. 

Recently, in Italy, the Lazio Region has been hit by a ransomware cyber-attack which forced it to slow down the issuance of important documents. 

The sensitive data of thousands of citizens might have ended up in the hands of the hackers. 

RansomExx was the protagonist, developed by a gang of cybercriminals who had already attacked other government authorities in the past.

Due to the entry into the information system, it represented a critical alarm for the state of national digital infrastructures.

The attack shows the need to increase the level of effectiveness of public cyber security to have an adequate system to protect against ransomware.

After installing ransomware on his PC, the criminals developed a system of phishing e-mails and removal of the online backup.

Accenture blackmailed by hackers

Lockbit ransomware, in August 2021, also attacked Accenture, an Irish giant in the field of strategic and management consulting.

Cryptolocker family had encrypted the company’s files and threatened to disclose them.

The message from the criminals invited users to contact the hackers to buy the company’s strategic data.

These were, in all likelihood, documents from significant multinationals, Accenture’s clients: financial statements, strategic records, and business analyzes, but also passwords.

As stated in the statement released to CNN by Accenture spokesperson Stacey Jones:

“We immediately contained the matter and isolated the affected servers. We have fully restored our systems affected by the backup. There has been no impact on Accenture’s operations or our clients’ systems.”

The request for $ 50 million not to publish the stolen 6 Terabytes of data was not confirmed.

The Geox case

Between May and June of 2020, Geox was the victim of two ransomware attacks.

In the first case, it was a scam through cybersquatting, the creation of a fake website.

As reported by the WIPO (World Intellectual Property Organization), over 50,000 cases of cybersquatting have been registered in 20 years.

Many companies have been hit by ransomware of this type: the peak was reached in 2020, when online purchases soared due to the pandemic.

In the graph drawn up by Statista, you can see the phenomenon’s evolution: in 2020, there were 4,204 cases.

The second attack against Geox, on the other hand, hit the logistics and storage activities.

The e-mail servers were hit, blocking internal communications and causing the interruption of all production and logistics activities.

It took several days for the company to recover the encrypted files and restore regular work.

The ransomware that caused the downtime of Geox’s supply chain should be Snake, also known as Ekans, once again spread through a phishing attachment.

Unlike other variants, this information-stealing ransomware does not need to connect to external sources to obtain configurations, access keys, or other data.

Companies need to have an ally that acts quickly and efficiently to avoid prolonged outages.

Contact HelpRansomware to get a quote within 1 day with information on specific costs and processing times.

Hacker vs. Fujifilm

In early June 2021, Fujifilm was also among the companies affected by ransomware.

Unfortunately, the Japanese giant was forced to close a large part of its global network.

The REvil group launched the attack, whose malware is also known as Sodinokibi ransomware.

Hackers entered Fujifilm’s computer systems through a Trojan infection and then exploited the secondary ransomware payload.

Whether or not Fujifilm paid the ransom to the REvil group was never known.

However, as stated in the note from the company’s European detachment, the attack only concerned Japan:

“FUJIFILM Europe GmbH has determined that there is no related risk to our network, servers and equipment in the EMEA region or that of our customers across EMEA.”

Enel attacked by ransomware

In 2020, Enel was also the victim of two ransomware attacks using the double extortion technique.

Using NetWalker ransomware, cyber attackers first stole 5 TB of data; they later threatened to make them public.

The ransom note amounted to $ 14 million.

The attackers published a long list of folders stolen from Enel’s servers on the dark web to certify what was done.

A few months earlier, the Snake / Ekans ransomware had already tried to encrypt Enel’s archives, resulting in a series of disruptions, mainly regarding customer assistance.

To avoid this type of problem, it is best to contact a specialized company.

HelpRansomware, among its services, offers guaranteed decryption and data recovery.

National Rifle Association (NRA) ransomware attack

Among the companies affected by ransomware in 2021 is the NRA (National Rifle Association), an organization that favors firearms owners in the United States.

Russian cybercriminals under the name of Grief claimed responsibility for the attack.

From what was disclosed, it turned out that the US National Rifle Association would have liked to increase its influence in the US courts.

And for this reason, he allegedly bribed some legal figures, paying them over $ 500,000. 

The Luxottica case

One of the companies hit by ransomware is Luxottica, leader of the made in Italy in the eyewear branch, victim of ransomware in September 2020.

The main consequence of this unfortunate inconvenience was the blocking of production.

As reported by Il Mattino di Padova, the interprovincial secretary of the Femca Cisl union, Nicola Brancher, declared that

“Luxottica has informed us that there has been an attempt to enter the Group’s systems from the outside. Luxottica claims that the hackers failed to breach the servers and that the company defended itself, but it was chosen to shut down everything for greater peace of mind. “

As a precaution, production activities in China were also blocked.

Unlike the numerous scenarios already seen, there was no stealing of confidential data.

The attempt made from the outside to enter the computer systems did not allow the criminal hackers to achieve their goals.

Acer under blackmail

Cybercriminals also targeted Taiwanese cyber giant Acer in March 2021.

Requested $ 50 million to allow the company to open the encrypted files.

The cybercriminals first shared the stolen files and then images to certify the violation to the detriment of Acer. 

The problem of data leakage proved to be quite serious since it involved bank communications, bank statements, and spreadsheets.

Acer’s network proved very vulnerable due to a Microsoft Exchange bug.

Previously, this led to the hacking of approximately 30,000 e-mail messages sent by US organizations, both commercial and governmental.

Campari hit by ransomware

The last of the companies hit by ransomware that we will analyze is Campari, which in November 2020 was the victim of various hacker attacks.

The culprit was the Ragnar Locker ransomware, which threw the IT infrastructure into a tailspin.

As stated in the press release issued by the same company, some sensitive information was stolen:

• Employee directories containing personal data and company IDs;
• Some supplier contracts, including in the USA;
• Business information and payment details;
• The data of approximately 6,000 employees.

Following the download of the employees, the ransomware in question would have hidden itself using a virtualbox that would allow the operating system to proceed with the sharing of drives and folders.

The stratagem conducted by the attackers led to the subtraction of about 2 Terabytes of unencrypted files and, at the same time, has allowed the encryption of a good part of Campari’s servers.

The corporate network was blocked in 24 countries.

Campari first reacted by temporarily suspending its IT services to remove the ransomware.

The emergency subsided after some time, and the Campari group sites were back online.

What is ransomware?

Ransomware is a class of malware that takes control of users’ PCs and encrypts the files there.

The hackers then ask for the ransom in exchange for the encryption key to restore the normal operation of the device.

When large companies are hit by ransomware, criminals usually demand millions of euros for ransom.

In the following graph drawn up with the AV-Test data, you can see the increase in the number of malware from 2013 to today.

The number, updated in March 2022, is constantly growing and has reached 1341.64 million viruses produced.

WannaCry, Kaseya, CryptoLocker, and Reveton are just some of the more popular types of ransomware.

What is a ransomware attack?

A ransomware attack is a criminal activity that jeopardizes the cybersecurity and privacy of victims, be they individuals or companies.

These are lightning-fast actions that, unlike APTs (Advanced Persistent Threats), do not have the purpose of infecting the victims’ devices, remaining anchored in the long term.

The time interval that passes there is particularly short between the attack and the ransom request.

In the first stage, the malicious code is placed on the target device; however, the data encoding is started in the second phase.

E–mail is confirmed as the favorite channel of cybercriminals.

Recently there has been an increase in attacks based on the technique of double extortion.

In the Hi-Tech Crime Trends 2021/2022 report published by Group-IB, we read that this type of attack has increased by 935%.

In addition to file encryption, this type of attack creates a backup copy of sensitive data.

The latter are transferred to cyber-criminals PC who threaten the victims by publishing these files on the dark web.

How to prevent a ransomware attack?

To prevent ransomware attack, you can follow these simple tips:

• Choose a good antivirus;
• Pay attention to the websites you visit and always make sure they are safe;
• Open only messages and e-mails that come from specific senders;
• Do not download attachments if you do not know the sender of the e-mail.

From a corporate point of view, proper employee training is crucial.

As the cases of companies hit by ransomware show, human error is at the root of most attacks.

Therefore, follow these rules:

• Periodically checks the security status of the company network;
• Create standard user accounts for employees so that they can use them in their daily work routine;
• Apply security patches;
• Adopt a zero-trust policy.

Likewise, make regular backups of your files. 

That way, even in an attack, you won’t need to pay the ransom to restore your files.

If it is too late and you have been a victim of ransomware, contact HelpRansomware.

The company is number 1 in the world for ransomware removal, cyber security, and encryption.

The most important ransomware attack statistics 2021

As evidenced by CISA, one of the official sites of the US government, there was strong growth in ransomware attacks between 2020 and 2022:

• In the document produced in collaboration with the National Security Agency, we read that 14 of the 16 infrastructure sectors in the US had suffered an attack;

• The American Association of Medical Colleges (AAMC) reported that more than 600 US health organizations and over 18 million medical records have been affected by ransomware.

In economic terms, the attacks cost nearly $ 21 billion;

• According to the text published by the HHS Security Program, the ransomware that had the most impact globally were Avaddon ransomware, Conti, and, REvil;
• The sectors most affected were the medical-hospital sector, and, being vital data, 34% of organizations paid the ransom to get the data back;
• In 72% of cases, however, there was a data leak.

As can be seen, the situation created by the pandemic has given hackers great opportunities to act.

Forecast for 2022

The ransomware threat for 2022 should certainly not be underestimated: there will be no improvements, and data breaches will increase.

Attacks are becoming more and more dangerous and complex, making it more challenging to build practical ransomware decryption tools.

Social engineering intrusion systems stay in the lead, so companies affected by ransomware are set to grow.

While a whole new trend is being developed related to quantum computing.

Therefore, new methods that refer to Post-Quantum Cryptography (PQC) are emerging.

As we read in the text produced by Accenture, NIST is creating a decryption system that should be ready by 2024.

Conclusions

The number of companies affected by ransomware has grown with the Covid-19 pandemic and the spread of smart-working.

These are the conclusions you can draw by reading the article:

• Only 48% of large enterprises have a formal security plan to defend against the threat of ransomware;
• In 2020 there were 4,204 cases of cybersquatting;
• Since 2013, the number of malware created has been growing steadily, peaking in 2022 at 1341.64 million viruses created;
• Double extortion ransomware attacks are the new frontier of ransomware and have increased by 935% in the last period;
• Phishing remains the most common intrusion method.

Hacker attacks today are much more dangerous than in the past because the techniques programmed by cyber-criminals appear to be more and more advanced.

This is why it is essential to contact specialists such as HelpRansomware: professionals with over 28 years of experience in the data recovery sector are at your disposal 24 hours a day, 7 days a week.