Standard Office Systems Blog

A Timeline of 2019 Ransomware Attacks and Future Trends

Written by Erica Kastner | 12/27/19 5:00 PM

CYBERCRIME | 9.5 MIN READ

Every year, humanity is further ushered into the golden age of the technological revolution. New technological advancements are publicized, which brings exciting promises of what's to come. However, as humanity, specifically businesses, become more dependent on technology, especially the Internet, they put themselves in danger of becoming the victim of an increasingly common form of robbery known as a ransomware attack. Read more to learn about some of the most notable ransomware attacks of 2019.

January- Altran

Altran, one of the largest IT consulting firms in Europe, fell victim to a ransomware attack right at the start of 2019. According to the company, the hackers did not appear to be seeking personal data but rather access to files from many European countries, including France, where the company is headquartered. 

Although Altran didn't detect any cases of stolen data, it had to shut down its network as a precautionary measure to keep the attack from spreading.  Altran has not identified any stolen data or clients who have been negatively impacted by the hack. 

February- Apex Human Capital Management

This Roswell, GA-based payroll management services company suffered a ransomware attack that halted services to hundreds of the company’s customers for nearly three days.

Ian Oxman, the company's CMO, said that the ransomware spread to their disaster recovery site, which made switching over to use of that site as a backup impossible. 

Worried about restoring their ability to service clients, Apex ended up paying the ransom. Though Apex paid the ransom, the de-cryption key for their files that they were given in return rendered many executable files in-operable, which caused even more delays.

March

Norsk Hydro 

The LockerGoga ransomware made headlines when it attacked Norwegian aluminum manufacturing company Norsk Hydro.

LockerGoga seems to aim for large targets, specifically the industrial and manufacturing industries. Once inside a system, LockerGoga changes a victim’s passwords and tries to log off anybody currently logged into the system.

The attack cost the company over $52 million in Q1 and was so pervasive that the company had to temporarily halt production while the issue was sorted out.

Tallahassee, Florida

The City of Tallahassee, Florida was also at the center of a major ransomware attack in March of this year. An un-named ransomware was used to force the city to pay $498,000.

The out-of-state, third-party vendor that hosts Tallahassee's payroll services was hacked and as a result, direct deposit paychecks were re-directed. Officials estimate that the attack originated from outside the US.

April- Jackson County, Georgia 

A ransomware attack shut down the county's computer systems, causing the government to pay over $400,000 to hackers. According to County Manager Kevin Poe, the FBI, who helped Jackson County sort out the attack, said that this was one of the most sophisticated attacks they have ever seen in the US.

Poe went on to state that the hackers must have been hiding in the county's network for weeks plotting their next move, because of how methodical the attack was. 

May- Baltimore

RobbinHood gained media attention when it was used to attack the city of Baltimore, taking down multiple city departments. The city's network was crippled, leading to negative effects such as city employee emails not working, payments to city departments not going through, and real estate transactions not being processed.

Robbinhood limits server access to only those who have a digital key, making accessibility almost impossible without paying the ransom. Hackers demanded around $100,000 for restoration of the city's network. The city ended up voting to pay $6 million to recover their systems after the attack. 

June

Riviera Beach, Florida

Starting with a malicious link that a single city employee clicked on, a ransomware attack that hit the small town of Riviera Beach, Florida quickly snowballed into a massively widespread attack that crippled the city's networks, shutting down utility billing departments, among other offices.

The city paid close to $600,000 to regain control over their network. This large ransom for such a relatively small city suggests that some hackers are becoming brazen, demanding larger and larger sums of money because of a confidence that they will never be caught.  

In June alone, two other Florida cities, Key Biscayne and Lake City, were hit with ransomware attacks as well. Lake City ended up paying a 42-Bitcoin ransom, which is worth almost $500,000, to attackers.

Georgia’s Administrative Office of the Courts and Judicial Council of Georgia

The Georgia Court System fell prey to a pinpointed ransomware attack this year. In attempts to stop the spread of the outbreak, officials quarantined servers and shut off the network to the outside.

The courts agency failed to give in to the hacker's ransom demands, instead opting to review code line by line to find the source of the attack. Employees were forced to work by paper process while the situation was figured out.

July- Louisiana School Districts

The governor of Louisiana was forced to declare a state of emergency after the Morehouse, Sabine, Monroe City, and Ouachita school districts fell victim to a ransomware attack over the course of the month.

This incident showcases the drastic measures that must sometimes be taken to deal with a ransomware attack. Additionally, the school districts expressed issues with their computer and phone systems as a result of the attack. 

August- Texas Municipal Government

The computer systems of at least 22 municipal governments across Texas were hit by a massive ransomware attack in August. Online utility payments temporarily couldn't be accepted and birth/death certificates were not available online, among other negative outcomes.

According to the mayor of one of the affected cities, the hackers were demanding a collective ransom of $2.5 million to restore the cities' access to the network. This attack is an example of how coordinated and widespread some ransomware attacks can be. 

September- Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS)

A Minnesota healthcare facility responsible for 80,000 patients fell victim to a ransomware attack in September. SEMOMS' IT staff quickly responded by restoring the breached data.

Though the facility states that it does not believe that any patients' personal data was exposed or stolen, SEMOMS notified any patients whose information had any potential of being breached. 

Letters describing the nature of the incident were sent to patients whose data was potentially compromised, as well as a 1-800 number that they could call to learn more about the security incident. 

October

National Veterinary Associates

National Veterinary Associates, a chain of over 700 animal care facilities worldwide, was hit in October by a ransomware attack affecting over half of those properties. 

The company was hit with a strain of the Ryuk ransomware, a ransomware that tends to attack large corporations in an effort to demand high ransoms. Unfortunately, this large-scale attack could have been due in part to a separate Ryuk-based attack earlier in the year that might not have been fully re-mediated. 

DCH Health Systems

A Ryuk ransomware was used to attack DCH Health Systems, forcing them to divert ambulances from all three of their hospitals. Doctors at DCH's hospitals were forced to use paper copies in place of digital ones, seeing as online systems were down.

The company ended up paying the ransom to attain the de-cryption key that allowed them to access their systems again.

RELATED: Healthcare Industry Cyber Security: Do's and Dont's

November

Virtual Care Provider Inc. (VCPI)

When this Milwaukee-based IT company, which provides cyber security to around 110 nursing homes and acute-care facilities, was struck by a ransomware attack, the nurses at the facilities they service couldn't access patient records, keeping them from adequately performing job duties. 

This situation was particularly perilous because, without access to so many crucial online systems and with such elderly and feeble patients to care for, some affected facilities could not order medicine or pay bills.

This prompted fears that some would have to close their doors if their systems could not be functional soon. Yet again, Ryuk was to blame for this attack. The hackers behind the attack demanded a whopping $14 million to provide a de-cryption key.

Allied Universal

Maze ransomware was behind the attack on Allied Universal, a large security staffing company that employs over 200,000 people. The hackers behind the attack demanded around $2.3 million for the safe return of the company's data.

However, after missing a deadline by which to pay the ransom, Allied had to face some tough consequences. Close to 700 MB worth of their stolen data and files were published online, and according to the hackers, this was only 10% of the total files stolen.

In an interesting twist of events, the hackers remained in correspondence with BleepingComputer, a computer help site, to spread the message about their attack.

December

Complete Technology Solutions (CTS)

The Colorado-based IT company that provides cyber security services to dentist's offices was hit by a ransomware attack that affected over 100 of their clients' facilities. Sodinokibi ransomware, a type of ransomware supposedly made by the creators of the Gandcrab ransomware, is purported to be the culprit in this attack.

CTS declined to pay the $700,000 ransom that was demanded. However, some of their clients, who desperately need their data to conduct business, ended up paying the hackers smaller ransoms to get their own data back. 

City of New Orleans

Ryuk may again be to blame for this major ransomware attack on the city of New Orleans on Friday, December 13. 

New Orleans' mayor LaToya Cantrell was forced to declare a state of emergency. Additionally, to stop the spread of the attack, the mayor told all city employees to power down their computers, unplug their devices, and disconnect from Wi-Fi.

According to CBSNews, this attack was one of four large ransomware attacks on US cities just this month alone. Other notable cities hit this month include Pensacola, Florida; Galt, California; and St. Lucie, Florida.

The Future of Ransomware

Ransomware attacks have ramped up significantly in recent years and show no signs of slowing down. Think of ransomware as a game of whack-a-mole – as one is shut down or rendered useless, another one will pop up to take its place.

This year has proven to be the year of the Ryuk ransomware- four of the attacks mentioned on our list involve it, and there are thousands of types and strains of ransomware out there. 

This list also highlights another growing trend in ransomware attacks. Hackers are targeting government agencies more and more because they contain sensitive information in need of protecting and don't always have the budgeted resources for adequate cyber security.  

Hackers are growing more sophisticated by the day, which means that businesses cannot afford to stay un-protected from ransomware. If you are a business owner, consider looking into managed IT services as a way of holistically protecting your business from the threats of the Internet.

Here at Standard Office Systems, we use Sophos Intercept X to protect your network and monitor for threats. In the event that you are hacked, we use tools such as Datto to recover the environment.  

Keep in mind that with how prevalent cyber-attacks are becoming, it’s increasingly becoming a matter of if, not when, your business is attacked.

RELATED: How to Prevent Ransomware Attacks [8 Quick Tips]