Ransomware Attacks 2021 | Biggest Cases + Tips to Avoid

Submitted by Erica Kastner on Tue, 02/ 09/ 21 - 12: 00 PM

Ransomware Attacks 2020- Skulls on a Keyboard


Ransomware attacks are on the rise as more cyber criminals see the lucrative advantages of targeting businesses' networks. As a Managed Service Provider, we aim to use our ransomware expertise to educate the public on emerging trends and how to avoid becoming a victim. Keep reading to learn some of the worst ransomware attacks of 2021 so you can see developing attack patterns and learn how to avoid becoming a victim.

What is Ransomware?

Ransomware is exactly what it sounds like –a form of malware (also known as malicious software) that encrypts personal or company data and holds it for ransom. Once a victim's data is encrypted, hackers threaten to publish, destroy or sell the information on the dark web if their monetary demands are not met.

Ransomware is typically spread through phishing schemes or direct hacking of a company's network. Phishing schemes allow a hacker to trick a victim into providing personal information such as account logins, which can then be used to hack their network. 

RELATED: How Does Ransomware Work?

Biggest Ransomware Attacks of 2021


WestRock Co.

Paper and packaging giant WestRock Co. was hit with ransomware at the tail end of January that impacted certain aspects of its operational and IT systems.

Certain locations with subsequent technology issues stemming from the attack temporarily had to use alternative methods to process and ship orders.

Victor Central Schools, New York

In late January, the Victor Central School System servers were compromised by a ransomware attack that encrypted a variety of files and systems, including aspects of their Windows Active Directory.

Thankfully, district representatives stated that student and staff data as well as financial data weren't compromised. 

RELATED: How Ransomware has Evolved


Notable Case: City of Oldsmar, Florida Water Treatment Plant

Though this case was more of a cyber breach than a ransomware attack, it made enough news headlines that it was necessary to include it in this article.

In early February, a water treatment plant in Oldsmar, Florida was hacked by an unknown party who then attempted to poison the water supply by raising the levels of sodium hydroxide. Thankfully, workers at the plant remedied the problem before the water level adjustments could take effect. 

The hacker likely breached the system by taking advantage of outdated network infrastructure. This attack signals an increased need for cyber security in government computer systems.

Automatic Funds Transfer Services (AFTS)

Automatic Funds Transfer Services (AFTS) is a payment processing and address verification system utilized by many US cities and agencies. The ransomware attack that was carried out on their network negatively impacted website and payment processing functionality.

This ransomware attack has significance for the potential impact on consumer data, seeing as AFTS' network houses large amounts of sensitive data such as billing information.

CD Projekt Red

Video game developer CD Projekt Red, most famously known for its video game Cyberpunk 2077, was the victim of a ransomware attack in early February. 

The attackers say they stole business information like investor relations, human resources, and accounting data. The hackers threatened to publish the game's source code unless the company paid the ransom, a threat which the company fought back against by refusing to pay.

The attack came at an interesting time for the company, seeing that just months earlier, the release of Cyberpunk 2077 was widely criticized for its bugs and other performance issues. This attack forced the company to release patches to update the game and restore consumer confidence.

Kia Motors America

Kia suffered from a devastating ransomware attack from the DoppelPaymer variant in which the hackers demanded a ransom over $20 million. At first, Kia denied the attack, but bloggers later revealed a notice from a well-known cyber gang demanding the payout.

The attack caused widespread network outages that affected everything from their mobile UVO Link apps, payment systems, and internal sites used by dealerships. 

The hackers state that they attacked Hyundai Motor America, Kia's parent company. However, Hyundai does not appear to be affected by this attack.

Underwriters Laboratories LLV

UL LLC, better known as Underwriters Laboratories, the largest safety certification company in the United States, was hit with a ransomware attack that encrypted its servers and caused the company to shut down certain systems while they recovered.

The company declined to pay the ransom, instead opting to recover their systems internally. 



The electronic hardware and software manufacture was targeted for a $50 million ransom by Russian-based cyber gang, REvil. REvil leaked screen grabbed images of internal spreadsheets of company finances, and, according to some reports, included bank statements and correspondences. 

CNA Financial

An attack on one of the largest insurance companies in the U.S. netted its attackers a $40 million payout, using a variant of the "Hades" ransomware called "Phoenix Locker." That malware affected more than 15,000 machines through CNA's network and even breached the company's private network, affecting employees working from home. 



On April 20th, this Apple hardware producer was struck by a REvil ransomware attack, but Quanta refused to pay, so REvil went to Apple, instead. By all accounts, REvil appears to have abandoned the attack, where they threatened to leak highly sensitive information about upcoming Apple product plans, because not much has been revealed since May of last year, and neither Apple nor Quanta have released any statements since.



This German-based chemical distribution company experienced a DarkSide attack, affected North American operations. The ransom ask was for 133 Bitcoin (roughly $7.5 million), and after negotiations, a $4.4 million ransom was paid.

Colonial Pipeline

Likely the most notable of all 2021 hacks, the Colonial Pipeline attack sent shockwaves through the American economy, with consumers racing to stock up on fuel with the pipeline - used for transporting about half of the petroleum used along the eastern coast of the country - shut down. Colonial paid a $4.4 million ransom; with help from the FBI, about half the ransom was recovered a month later. 

The alarming takeaway from this attack was how easy the DarkSide group was able to deploy tits ransomware to gain access of Colonial's computer system overseeing control of its pipeline. Colonial CEO Tim Felt eventually revealed the company's security protocols didn't include. multi-factor authorization, making it relatively easy for DarkSide to gain access and lock the company's support personnel out for hours before the ransom was eventually paid.


This company, offering (ironically) backup storage capabilities to assist companies seeking to avoid ransomware attack data loss, was itself the victim of an attack. The Conti ransomware  group, breached ExaGrid's network and stole about 800 GB of documents and data - including client data, documents and source codes - before being paid a $2.6 million ransom. 


JBS, the largest beef supplier in the world, was caught off-guard with a ransomware attack that sent shockwaves throughout the grocery supply chain. REvil got 'em, and forced the company to halt operations, causing food supply chain issues. Eventually JBS paid an $11 million ransom to end the stoppage and keep their files and data from being publicly leaked. 

This incident is a likely example why ransomware attackers are eyeing larger targets with more sophisticated malware. With much more at stake for higher profile targets, the likelihood of payout seems to increase.

Washington D.C. Police Department

The Russian-speaking, Babuk Group, unleashed the (for now) worst-known cyber attack on a U.S.-based police department. When the department refused to pay a ransom, the cyber gang released a trove of data, including internal review documents, disciplinary files, intelligence reports and correspondence with other agencies and departments, most notably the FBI and CIA. Eventually, the department counter-offered to pay $100,000, which is only known because the hackers made that public. Baby sought $4 million. Months later, it's unknown how much - if any - of the ransom the department paid. 


Carnival Cruise Lines

The vacation cruise giant claimed customers were still feeling the effects of its data being hacked back in March. 

City of Texarkana

The northeast Texas city was reportedly still reeling from a ransomware attack six months prior to this KSLA-TV 12 report



Over the July 4th holiday, this IT services firm was hit with a REvil attack that may have only affected 0.1% of the firm's clientele, but it did necessitate a temporary shutdown of 800 Swedish supermarket locations when cashiers had no access to their registers. A whopping $70 million ransom was sought. 



The global consulting firm was - allegedly anyway - ripe for the picking in late August, as Lockbit snared an eye-popping 6 TB of data, seeking a $50 million ransom for its return. It's safe to assume Accenture didn't pay the ransom, as Lockbit slowly released data in chunks. In an internal memo, Accenture claimed none of the data captured or eventually released were of a sensitive nature.

Initially, Lockbit claimed to have compromised an airport using Accenture software; a claim that has yet to be proven, however. Security experts warn that Lockbit has a history of claiming attacks and sharing proof on its own leak site, but then hastily removing such posts. 


Howard University

A ransomware attack prompted Howard University to cancel classes on Friday, September 3, 2021, then again the following Tuesday and Thursday, teaching both Howard and other colleges and universities a valuable lesson: be prepared to reset and rebuild entire computer systems from nothing within hours. 

US Justice Department

That's right, our own Department of Justice was the victim of a ransomware attack, and a month after, reported it was still "recovering" 


Toronto Transit Authority

Internal computer systems and commute-useful apps, sites and station computer displays were affected by a ransomware attack in the Ontario metropolis in late October. 



IKEA's email system was the target of a phishing attack using stolen reply-chain email. Those are particularly tricky to maneuver past because the malware-loaded email papers to come from legitimate sources. 

An internal email tried describing the attack to employees this way: "There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA. This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversations. It is therefore difficult to detect, for which we ask you to be extra cautious."

This attack sought to distribute one or two "trojans" to further compromise IKEA's network to unleash a larger ransomware attack. 


Planned Parenthood

The women' reproductive rights organization said it's Los Angeles-area clinics were the targets of a ransomware attack that affected computer systems and breached data of nearly 400,000 patients. Planned Parenthood didn't detail the severity of the impact on their systems or if a ransom was paid, however. 

How to Prevent Ransomware Attacks

Biggest Ransomware Attacks of 2020

Stay Current with Security Patches and Software Updates

Many people forget or push off updating their anti-virus software or upgrading their firewall.

While we know this process can be a nuisance, every day that you wait to update your cyber security infrastructure after new versions emerge leaves you more vulnerable to ransomware attacks.

If you are able to, enable auto-updates on all security software and schedule any updates for late at night when you're not using your computer. 

Educate Employees About Cyber Security

While our computers and security software are built to be perfect, humans aren't. Employee cyber security errors are one of the most common methods that hackers use to gain access to your network and deploy ransomware.

Employees should be trained on cyber security best practices, such as how to create a secure password and how to recognize and avoid phishing emails.

A main focus of any password policy should be to limit how much you write down your passwords. Writing a password down anywhere leaves it susceptible to being found by hackers. If you have too many passwords to remember, consider a secure password-storing program such as MyGlue.

Create passwords that don't use easy-to-find information such as birthdays or your children's names. When creating a password, make sure it's long and complex. Additionally, install two-factor authentication on your devices if possible, seeing as it's a widely used secure method of protecting accounts.

Phishing emails are another common vector by which hackers deploy ransomware on a victim's network. By training employees on phishing email red flags, such as urgent language and oddly formatted email addresses, one can reduce the chances of an employee falling for a phishing scheme.

RELATED: How Can I Create and Secure a Strong Password?

Secure Your Copiers and Printers

Printers and copiers are an overlooked security risk. Whether you are a business who owns corporate machines or an individual with a home copier, there are risks associated with both types.

For instance, personal copiers can have a "print from anywhere" feature that lets you print documents to the copier even when you're away from the office. However, this "print from anywhere" feature has little security because it has to create a hole in your firewall to allow you to communicate with the machine from anywhere in the world. Turn this feature off if you have it.

If possible, consider upgrading to a newer copier or printer. Some newer models created within the last 5-6 years have data security kits that you can enable. These kits can have data encryption functions, which scramble the data stored on your copiers and printers, rendering the information useless to a hacker.

Additionally, on some newer models of brands like Canon and Sharp, data security kits might also have features that, when a document is scanned, copied, or printed, erase those documents from the hard drive sometimes as many as 28 times. 

RELATED: How Can Your Printers Have Security Risks? [Tips to Protect]

Consider Managed IT Services

Ransomware Attack 2021

If you are a business, especially if you do not have any in-house staff to manage your cyber security, the thought of instituting the changes described above can sound daunting. 

Managed IT services can help put all of the above cyber security suggestions and more into action. Managed IT services layers your cyber security infrastructure and then employs a team of IT experts to address any threats or issues that pop up.

To take the burden of updating software off of you, a managed services provider can update all cyber security software for you and install necessary security patches.

Managed IT services can help you create a password policy and role-based security that works for your business too. In the event that a ransomware attack happens or your network goes down, they can reduce downtime by quickly recovering data due to their use of frequent and secure backups.

RELATED: How to Deal with a Ransomware Attack


As a Managed Service Provider, we use industry-leading tactics to secure clients' networks and prevent ransomware attacks. We hope our expertise taught you how to help prevent a ransomware attack on your business!

For more ransomware and cyber security content, follow our blog!

Get Your Questions Answered Now

Posted by Erica Kastner


what is ransomware, ransomware and phishing