The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments.

What motivates the ransomware actors to become even more creative in their attacks and ask for tens of millions of dollars payments is the fact that there are companies that agree to pay the ransom and not disclose the attack. It usually happens because they are afraid of the severe social repercussions.

According to a study conducted by Cloudwards, in 2021, 37% of all businesses and organizations were hit by ransomware and out of all, 32% paid the ransom but recovered only 65% of their data.

A few months ago, we also published an article about a study showing that in the first five months of 2021 more than 290 companies have become victims of six ransomware groups, but let’s see what the current situation is.

Below You Can Find a List of Private and Public Companies Affected by Ransomware Attacks in 2021:

  1. Accenture – noticed the LockBit ransomware attack on its systems on July 30 but the incident was immediately contained;
  2. Acer – the organization became a victim of a REvil ransomware attack back in March. The threat actors demanded a $50,000,000 ransom;
  3. ADATA – the organization was hit by the Ragnar Locker ransomware gang last month, which led to the takedown of affected systems offline for the containment of the infection;
  4. Asteelflash – the company detected the REvil / Sodinokibi ransomware at the end of March. The attackers demanded Asteelflash to pay a whopping $24 million ransom after it was initially set to $12 million in Monero crypto;
  5. ATFS – the attack took place in February and it was organized by Cuba ransomware gang. The company experienced significant disruption to its business operations, the website has been unavailable for a while and payment processing was impacted;
  6. AXA –  the French company revealed that one of its Asian subsidiaries was hit by an Avaddon ransomware attack in May, after dropping support for ransom payments;
  7. Bakker Logistiek – in April, Bakker Logistiek was the victim of a ransomware attack that encrypted their devices, therefore, disrupting food transportation and fulfillment operations;
  8. Bose Corporation (Bose) – Bose has confirmed that it suffered a ransomware attack and a data breach on 7 March 2021. Its U.S. systems have been impacted;
  9. Brazilian National Treasury – it was hit with a ransomware attack on August 17th but no damage has been done to the structuring systems of the agency;
  10. Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sulwas impacted by a REvil ransomware attack in April that encrypted employee’s files and forced the courts to shut down their network;
  11. Brenntag – in May, the German chemical distribution company suffered a DarkSide Ransomware attack that led to the organization paying a $4.4 million ransom in Bitcoin;
  12. CD PROJEKT – on February 9th, the company disclosed it had suffered a ransomware attack stating that even if some devices in their network have been encrypted, their backups remain undamaged;
  13. Centrais Eletricas Brasileiras (Eletrobras) – suffered a ransomware attack in February. It affected some of the administrative network servers but had no impact on operations at nuclear power plants;
  14. Chicago-based subsidiary of Nokia – on June 16, the organization found that its system was breached by Conti ransomware operators only after deploying their payloads and encrypting SAC Wireless systems.
  15. CHwapi hospital – hit with BitLocker ransomware attack in January that forced the medical facility to send emergency patients to different emergency hospitals and postponed surgeries;
  16. City of Tulsa’s online services – the second-largest city in Oklahoma became the victim of a ransomware attack in May. Following the attack, it was forced to shut down all of its systems and disrupt all online services;
  17. CNA Financialwas affected by a Phoenix Locker ransomware attack on March 21st that interrupted the company’s employee and customer services for three days. The company had reportedly paid the $40 million ransom to restore access to its systems;
  18. Colonial Pipeline – company was forced to shut down after being hit by ransomware in May. The operator paid the hackers nearly $5 million in cryptocurrency in return for a decryption key to restore its systems;
  19. Companhia Paranaense de Energia (Copel) – impacted by the Darkside ransomware gang also in February. The hacker claims to have stolen roughly 1,000GB;
  20. Comparis – it had suffered a ransomware attack in July that blocked some of its information technology systems. The hackers asked for $400,000 (CHF370,000) in cryptocurrency;
  21. CompuCom –  it had been affected by a DarkSide ransomware attack in March leading to service outages and users disconnecting from the MSP’s network;
  22. Corporación Nacional de Telecomunicación (CNT) – the organization disclosed in July that it had its business operations, the payment portal, and customer support service disrupted following a RansomEXX ransomware attack;
  23. Dairy Farm Group – the company has been attacked in January by REvil ransomware group that asked for a $30 million ransom;
  24. Discount Car and Truck Rentals – the attack that occurred in February was conducted by the Darkside ransomware group that claims to have stolen 120GB of corporate, banking, and franchise data;
  25. Ecuador’s Ministry of Finance – Hotarus Corp ransomware group hit the financial institution in February, encrypted their website, and stole information;
  26. Edward Don – suffered a ransomware attack in June that has damaged its business operations, including phone systems, network, and email;
  27. ERG – reported “only a few minor disruptions” on its IT&C infrastructure after a ransomware attack targeted its systems in August;
  28. FatFace – it had been impacted by a Conti ransomware attack in January that exposed data of 200GB of customers and employees;
  29. Fujifilm – disclosed in June that their Tokyo headquarters have suffered a ransomware attack that disrupted its business operations;
  30. Gigabyte – RansomEXX ransomware gang attacked the company in August forcing it to halt its systems in Taiwan, causing inaccessibility of its website and support sites;
  31. Grupo Fleury – on June 24th, the company disclosed that its online systems were targeted in a REvil ransomware attack that led to the disruption of its operations;
  32. Guess – it had suffered a DarkSide ransomware cyberattack back in February with around 1,300 individuals having their data exposed or accessed during it;
  33. Harris Federation – fell victim to a ransomware attack in March that forced them to disable the devices given to the students, and temporarily suspended email and telephone systems;
  34. IObit – was hacked in January to carry out a widespread attack in order to spread DeroHE ransomware to its forum members;
  35. Ireland’s health service (HSE)  had to shut down all of its IT systems following a Conti ransomware attack that took place in May;
  36. Ireland’s Department of Health (DoH) – has also been a victim of the Conti Ransomware gang being forced to shut down its entire IT system in May;
  37. JBS Foods –  in June, the world’s largest meatpacking organization was forced to shut down production at several sites globally following a REvil ransomware attack that affected its production facilities;
  38. Kaseya – the biggest ransomware attack on record, took place in July and was coordinated by the REvil ransomware gang. Threat actors accessed its customers’ data and demanded ransom for the data’s recovery;
  39. Kia Motors – it suffered a ransomware attack in February conducted by the DoppelPaymer ransomware gang that affected internal and customer-facing systems;
  40. Memorial Health System – computers owned by Memorial Health System were affected by an attack performed by the Hive ransomware group in August. Following the attack, they suspended user access to information technology applications related to their operations;
  41. Metropolitan Police Department (MPD) – was the subject of a Babuk ransomware attack back in April with the hackers claiming they had stolen approximately 250 GB of data and threatening to expose it if they were not paid;
  42. Mutuelle Nationale des Hospitaliers (MNH) –  RansomExx Ransomware attack on the French insurance company has severely disrupted the company’s operations in February;
  43. National Basketball Association (NBA) in April, Babuk ransomware gang claimed on its dark web page to have stolen 500 gigabytes of data such as contracts, non-disclosure agreements, and financial information and threatened to disclose it if the team failed to pay the ransom;
  44. NSW Transport agency – in March, transport for NSW disclosed that their agency suffered a data breach following a Clop ransomware attack that exploited a vulnerability to steal files;
  45. Pierre Fabre – at the beginning of April, the pharmaceutical group was hit by a ransomware attack organized by the hacking group known as REvil/Sodinokibi. The hackers asked for a $25 million ransom and doubled it when the victim failed to respond;
  46. PrismHR – following a ransomware attack that allegedly took place at the end of February, the company disabled access to its platform for all users to contain the incident;
  47. Quanta – REvil ransomware gang stole data belonging to the company, like drawings and schematics meant to be used in relation to some Apple products. Because Quanta didn’t pay the $50 million ransom the hackers asked for, they started posting the stolen schematics for Apple Macbooks on their data leak site;
  48. Scripps Healthin May, a ransomware attack on Scripps Health’s computer network forced the healthcare provider to block patient access to its online portal, postpone consultations, and transfer critical care patients to other hospitals;
  49. Sierra Wirelessrevealed its internal IT systems were hit by a ransomware attack on March 20th, forcing it to suspend production at its manufacturing sites;
  50. Sol Oriens – in June, the company confirmed it had suffered a REvil/Sodinokibi ransomware attack that resulted in data theft;
  51. Stanford Medicinein the attack, the Clop ransomware group had stolen and leaked personal information such as names, addresses, email addresses, Social Security numbers, and financial information;
  52. Stratus Technologies – on March 17, 2021, the company had become the victim of a ransomware attack. Upon detecting suspicious activity, they took some systems offline to prevent the attack’s spread;
  53. Synologywhen it comes to Synology NAS devices, the eCh0raix ransomware hackers use brute-force techniques: this means they make attempts into guessing the most popular admin credentials to be able to attack these devices and distribute ransomware payloads;
  54. The Technological University of Dublin – the ransomware attack took place in April and affected both IT systems and campus back-ups;
  55. The Lazio region in Italy was impacted by a supposed ransomware incident that has disabled the region’s IT systems, including the COVID-19 vaccination registration portal. It is believed that the cyberattack was either conducted by the RansomEXX ransomware operation or LockBit 2.0;
  56. The National College of Ireland (NCI) – after a ransomware attack that occurred in April, NCI experienced significant disruption to IT services that have impacted a number of college systems, including Moodle, the Library service;
  57. The Resort Municipality of Whistler (RMOW) – suffered a ransomware attack on April 28, 2021, that forced them to shut down their network, website, email, and phone systems;
  58. The systems of SEPE – the attack was aimed at the systems of SEPE, which is the Spanish government agency for labor. The systems were taken down following a Ryuk ransomware attack that affected more than 700 agency offices across Spain;
  59. TietoEVRY – was impacted by a ransomware attack that forced them to disconnect clients’ services. However, the company declared no private information has been exfiltrated or accessed;
  60. UK rail network Merseyrail – in April, the rail network became the victim of a LockBit ransomware attack. The hacker used the Merserayl email system to email employees and journalists about the attack;
  61. UK Research and Innovation (UKRI) – in January, the organization revealed it had suffered a ransomware attack that encrypted its data and impacted two of its services;
  62. Underwriters Laboratories – was hit by a ransomware attack in February encrypting their devices and forcing the company to instantly halt its systems. UL has decided not to pay the ransom instead restore from backups;
  63. The University of Colorado (CU)in February, the University of Colorado (CU) issued a statement revealing that they were the victims of a cyberattack where Clop ransomware operators exfiltrated data through an Accellion FTA vulnerability;
  64. The University of Miami – even if the university never reported a cyberattack, the Clop ransomware group leaked screenshots of patient data including medical records, demographic reports, and a spreadsheet with email addresses and phone numbers;

Every day, over 200,000 new ransomware strains are detected, meaning that every minute brings us 140 new ransomware strains capable of evading detection and inflicting irreparable damage. Ransomware operators will never stop, not even after the victim pays the demanded ransom.

Be one step ahead and protect your organization with one of the best ransomware protection solutions out here! Ransomware Encryption Protection by Heimdal™ is a revolutionary 100% signature-free component, ensuring market-leading detection and remediation of any type of ransomware, whether fileless or file-based.

The module’s built-in white- and blacklisting capacities, allows Ransomware Encryption Protection to distinguish between autonomic and routine system-wide processes and malicious attempts, thus decreasing the false-positive rate.

Try it now and avoid being one more of the victims on the list!

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today Offer valid only for companies.

Ransomware Explained. What It Is and How It Works

Ransomware Payouts in Review. Highest Payments, Trends & Stats

A ‘Potential Ransomware Pandemic’ Must Be Prevented, Interpol Urges

A Closer Look at Ransomware Attacks: Why They Still Work

DomainKeys Identified Mail on August 30, 2021 at 9:53 am

This is very nice blog related to Companies Are Getting Hit with Ransomware.
its a very informative stuff thanks for share

Leave a Reply

Your email address will not be published. Required fields are marked *