The 5 Most Devastating Ransomware Attacks of 2021...So Far
Compartilhar isso
The volume of ransomware attacks in 2021 has increased 150% over 2020 and, according to the FBI, 100 different types of ransomware were in circulation in mid-2021. Attack sizes run the gamut, from small and very focused, to massive and widespread. Senators Dick Durbin and Chuck Grassley informed the Senate in July of 2021 that 50-75% of all ransomware attacks are made against small businesses. Most go unreported, which is why we can learn more from larger attacks like the one against SolarWinds where hundreds of organizations were impacted.
O ransomware é um código de software concebido para bloquear (ou bloquear o acesso a) um sistema informático, rede, arquivos e/ou dados até que a vítima pague uma quantia específica de dinheiro — o resgate.
So far in 2021, there has been no shortage of large, devastating ransomware attacks. We captured the top 5 in terms of their significance – based on what they mean for societal security moving into 2022. On that note, just because an attack resulted in a massive ransom payment does not make that attack devastating or potentially devastating to society.
Os 5 ataques de ransomware mais devastadores em 2021 a partir de 1 de novembro
1. Ataque DarkSide à Colonial Pipeline Company
Colonial Pipeline Company learned in early May that it had fallen victim to a ransomware attack, quickly disrupting fuel supply to a large swath of the U.S. Southeast with potential spread as far north as New York. The Colonial Pipeline ransomware attack has been, by far, the highest-profile attack of 2021. It’s no wonder – we are a motor vehicle society, and Americans need their fuel. Colonial delivers 50% of the East Coast’s fuel.
O que tornou o ataque particularmente perigoso foi a reação dos consumidores. As pessoas entraram em pânico e compraram toda gasolina que podiam armazenar. Além disso, algumas pessoas armazenaram-na em recipientes inseguros, como caixotes de plástico e sacos, que podem explodir em chamas quando contém combustível.
Foi chocante ler as histórias sobre o método do ataque, que não exigia um elevado grau de sofisticação. A Colonial não tinha posto em prática medidas de segurança adequadas, como a autenticação de vários fatores (MFA). Os hackers conseguiram entrar na VPN da empresa com bastante facilidade. Os hackers simplesmente precisaram tentar senhas diferentes para entrar.
Os grupos de hackers são encorajados pela facilidade com que uma parte tão vital da infra-estrutura nacional foi pirateada. Agora acreditando que poderão ser capazes de derrubar infraestruturas críticas adicionais sem grande esforço em 2022.
Resgate pago: $4.4 milhões
2. Ataque REvil à JBS EUA
Mais tarde em maio, a JBS, a maior fornecedora de carne bovina do mundo, foi atingida por um ataque de ransomware do grupo de ransomware REvil. A divisão norte-americana, a JBS USA, teve de parar completamente as operações devido ao hack. Obviamente, a carne de boi desapareceu de muitas prateleiras de lojas nos Estados Unidos, uma vez que o hack impactou a cadeia de abastecimento que teve origem na JBS USA.
O incidente REvil-JBs sublinha até que ponto a cadeia alimentar dos EUA é vulnerável a um ataque muito mais vasto e agressivo. Podemos ver que um ataque simultâneo, coordenado, patrocinado pelo governo, de vários grandes fornecedores de alimentos pode desencadear uma enorme escassez de alimentos em todo o país.
While JBS stated that its “robust IT systems and encrypted backup servers” helped ensure a rapid recovery, that does not seem to be the entire cause of recovery. Later in June, it was revealed by JBS that they actually paid a significant ransom to avoid the compromise of company, customer and employee data.
Resgate pago: 11 milhões de dólares
3. Ataque de ransomware desconhecido em Escolas Públicas de Buffalo
On March 12th, a ransomware attack (by unknown criminals) hit the Buffalo Public School system in New York. The system currently serves 34,000 students. While the Buffalo Schools Superintendent downplayed the impact of the attack, an investigation determined that missing records included decades of teaching materials, student records and some 5,000 applications for admission to schools in September. Also, systems that are essential to the operation of the district, such as legal and accounting, had been crippled, according to published details and a video on the matter by WGRZ.
Este incidente aponta para um conjunto perturbador de circunstâncias que se aplicam a várias escolas em todo o país. As escolas estão simplesmente com pouco pessoal para segurança de TI, especialmente para cibersegurança. Elas foram alvo de mais de metade do volume de ciberataques a partir de agosto de 2021.
Resgate pago: Desconhecido
4. Ataque da Evil Corp à CNA Financial
On March 21st, CNA Financial, one of the U.S.’s largest insurance carriers, was hit by a ransomware attack that caused a major network disruption. After six weeks, the company’s network remained less than fully operational, even though company executives claimed in a statement that it took "immediate action by proactively disconnecting [its] systems" from the CNA network.
What’s most disturbing about this incident is that CNA had a security environment more sophisticated than most organizations'. Yet, they still got hacked. Ironically, the company offers cyber insurance. The incident also reveals a growing threat landscape – remote access operations. In this case, the hackers encrypted 15,000 devices, including the computers of many remote employees.
Não temos 100% de certeza de que a Evil Corp esteve por trás do ataque. No entanto, os hackers utilizaram um malware chamado Phoenix Locker, que é o ransomware da Evil Corp, chamado “Hades”. Com base na Rússia, a Evil Corp não está sujeita a sanções dos EUA, e a CNA afirmou que os hackers não estavam sujeitos a sanções dos EUA.
Resgate pago: 40 milhões de dólares
5. Wizard Spider no Serviço Executivo de Saúde da Irlanda (HSE)
On May 14th, Ireland’s government-run health system for public health services had to shut down all their IT systems to avoid the spread of malware. Unfortunately, it had already infiltrated parts of their network during the ransomware attack. It took HSE until June 30th to restore systems for online medical card registration.
The hackers accessed patient and staff information and leaked data on HSE’s 100,000 employees and millions of patients. Critically, it seems that medical records, notes and treatment histories are part of the compromised data. A statement issued by HSE said that the Russian-speaking hackers had let some of the compromised data appear on the ‘dark web’ and that people were being affected by it. In their July cybersecurity incident update, HSE stated that healthcare services were still being severely impacted by the attack.
Não é necessário dizer que o impacto social das violações do sistema de saúde é enorme. Tanto em termos de informação comprometida como do psicológico da nação. Quem gostaria de acreditar que um grupo estrangeiro hostil sabe tudo sobre o seu historial médico e que poderia publicá-lo abertamente para todos vejam?
Apesar da gravidade da quebra, a HSE afirmou que NÃO pagaria qualquer resgate.
Como a Splashtop pode ajudá-lo a evitar ataques de ransomware
Many businesses turn to VPN and RDP to enable remote work, which can expose their businesses to expanding cyber threats. In recent years, Gartner and many security experts have recommended that businesses move away from network-level VPN access. They suggest a move towards application-level, identity-based remote access solutions that embrace a zero-trust framework.
Splashtop provides a cloud-native secure remote access solution that keeps your network safe from hackers. How is that? Our solution never lets people on your network in the first place. It’s our secret sauce.
Splashtop continually monitors the latest cyber threats. We are committed to protecting our customers. To do so, we’ve formed a Security Advisory Council and launched a Feed de Segurança to help IT pros and MSPs stay on top of the latest vulnerabilities.
