Scribd
Upload
37 views

Attack Task

The document outlines 10 high-profile ransomware attacks in history, including attacks on Colonial Pipeline, Costa Rica's government systems, Portuguese media company Impresa, meat processor JBS USA, and workforce management software company Kronos. Several of the attacks resulted in ransom payments in the millions of dollars and major disruptions.

Uploaded by

tharininagarajan27
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
37 views

Attack Task

The document outlines 10 high-profile ransomware attacks in history, including attacks on Colonial Pipeline, Costa Rica's government systems, Portuguese media company Impresa, meat processor JBS USA, and workforce management software company Kronos. Several of the attacks resulted in ransom payments in the millions of dollars and major disruptions.

Uploaded by

tharininagarajan27
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Security

High-level 10 attacks in history

1. Colonial Pipeline
Type of ransomware: DarkSide RaaS
Attacker: DarkSide
Date: May 7, 2021
Losses: $4.4 million (approximately $2.3 million was recovered)

The attack on Colonial Pipeline became one of the most famous


ransomware attacks due largely to its impact on everyday
Americans, with those living in Southeast states suddenly facing
gas supply shortages.

Colonial Pipeline, owner of a pipeline system carrying fuel from


Texas to the Southeast, suffered a ransomware attack on the
computer systems that managed the pipeline. DarkSide attackers
accessed the systems through a compromised credential for a
legacy VPN. Working with the FBI, the company paid a $4.4
million ransom within hours of the attack. The impact lasted for
days, however, as the company struggled to fully restore
operations.

Federal and state officials, including U.S. President Joe Biden,


issued emergency declarations in the days after the attack to
ensure fuel could reach the affected region and limit damages.
The attack also led to Biden issuing on May 12, 2021,
an executive order to improve the country's cybersecurity.
Nearly a month later, the U.S. Department of Justice announced it
had seized $2.3 million of the $4.4 million in bitcoin used to pay
the ransom.

2. Costa Rica
Type of ransomware: Conti
Attacker: Conti gang
Date: April 17, 2022
Losses: $30 million a day

The Conti ransomware gang launched a monthslong attack


against Costa Rican government institutions. The initial attack on
the Ministry of Finance used compromised credentials to install
malware on its systems. The Costa Rican Ministry of Science,
Innovation, Technology and Telecommunications and the Ministry
of Labor and Social Security were also later attacked. The
government was forced to shut down multiple systems, resulting
in delayed government payments, slowed and halted trade, and
limited services.

Within the first week of the attack, former President Carlos


Alvarado refused to pay the purported $10 million fine. The Conti
ransomware gang then leaked almost all the 672 GB of data it
stole during the attacks. It took months before systems were
restored but not before the country's newly elected president,
Rodrigo Chaves Robles, declared a state of emergency.
3. Impresa
Type of ransomware: Lapsus$
Attacker: Lapsus$
Date: Jan. 1, 2022
Losses: Not reported

Ransomware group Lapsus$ launched one of the world's most


conspicuous ransomware attacks when it struck Impresa,
Portugal's largest media conglomerate. The attack took down all
its websites, its weekly newspaper and its TV channels. Attackers
also gained control of the company's Twitter account and claimed
it had access to the company's AWS account. According to news
reports, Impresa confirmed the attack but said no ransom demand
was made.

Lapsus$, which had previously attacked Brazil's Ministry of Health


in late 2021, posted a ransom message that threatened to release
company data. Portuguese authorities labeled the Impresa attack
the largest cyber attack in the country's history.

4. JBS USA
Type of ransomware: REvil RaaS
Attacker: REvil
Date: May 30, 2021
Losses: $11 million ransom payment

Beef manufacturer JBS USA Holdings Inc. paid an $11 million


ransom in bitcoin to malicious actors after an attack forced it to
shut down operations. IT staffers initially noticed problems with
some of the company's servers, and shortly thereafter, the
company received a message demanding a ransom. Pilgrim's
Pride Corp., a unit of JBS, was also affected by the attack.
Operations were restored within days but not before JBS made
the hefty payment.

5. Kronos
Type of ransomware: Not reported
Attacker: Not reported
Date: Dec. 11, 2021
Losses: In addition to a reported ransom payment, in 2023,
Kronos paid $6 million to settle a class-action lawsuit filed by
Kronos clients who alleged the company didn't do enough to
protect its systems.

Ultimate Kronos Group, a workforce management software maker


doing business in more than 100 countries, was hit by a
ransomware attack on its private cloud in late 2021. The incident
affected customers around the globe, spawned yearslong ripple
effects and exposed an earlier breach that magnified the impact.

Kronos discovered the ransomware on Dec. 11, 2021, but later


determined attackers had earlier breached the company's cloud
and stolen corporate data. That attack exposed employee data for
many of the company's enterprise clients. As a result, these
clients faced interruptions, delays and errors in issuing paychecks
to their workers.

The Kronos attack raised questions about vendor accountability


and highlighted the importance of third-party risk management, as
organizations recognized that attacks on their business partners
could affect them as well.

6. Maersk
Type of ransomware: NotPetya
Attacker: Russian-backed hackers suspected in the attack
Date: June 27, 2017
Losses: Approximately $300 million

Danish shipping giant A.P. Moller-Maersk suffered approximately


$300 million in losses after it was hit as part of the global
NotPetya attacks. The malware, which exploited the EternalBlue
Windows vulnerability and spread via a backdoor in the legitimate
financial software MeDoc, locked the company out of the systems
it used to operate shipping terminals all over the world. As
wiperware, NotPetya was designed to inflict maximum damage by
not only encrypting all files on infected computers, but also
completely wiping or rewriting them so they could not be
recovered -- even through decryption. It took Maersk two weeks
to recover its computer operations.

7. Swissport
Type of ransomware: BlackCat RaaS
Attacker: BlackCat
Date: Feb. 3, 2022
Losses: Air service disruptions; no financial data reported
Swissport, a Swiss company providing airport ground and cargo
handling services, announced in February 2022 that its systems
had been hit by a ransomware attack. The incident had relatively
minimal impact, delaying only a small number of flights before
Swissport restored its systems. The company said it had
contained the incident within 24 hours. Ransomware group
BlackCat, however, soon indicated it had not only encrypted the
company's files, but also had stolen 1.6 TB of Swissport data it
was looking to sell in a classic example of a double extortion
attack.

8. Travelex
Type of ransomware: REvil RaaS
Attacker: REvil
Date: Dec. 31, 2019
Losses: $2.3 million ransom paid; company forced into
administration in 2020 in part due to the attack

At the time it was hit by the REvil ransomware gang, Travelex


was the world's largest foreign exchange bureau.
Attackers targeted a known vulnerability in Pulse Secure VPN
servers to infiltrate the company's systems and encrypt 5 GB of
data. They demanded a $6 million ransom, which was negotiated
down to $2.3 million.

The attack took down the company's internal systems for nearly
two weeks. The financial fallout was so severe that it
ultimately forced the company into administration in 2020.
9. UK National Health Service
Type of ransomware: WannaCry
Attacker: Linked to North Korea
Date: May 2017
Losses: £92 million (approximately $100 million)

Companies around the world felt the impact of the WannaCry


ransomware attack, which began in spring 2017. WannaCry was
the first ransomware to exploit the EternalBlue flaw in Windows
systems.

The U.K.'s National Health Service (NHS) was one of the most
prominent WannaCry victims, with multiple hospitals, general
practitioners and pharmacies affected in England and Scotland.
NHS facilities were forced to delay and divert medical services.
No deaths were directly related to the attack, according to reports.

10. Ukraine
Type of ransomware: NotPetya
Attacker: Russia's GRU military spy agency named as attacker,
according to the CIA
Date: June 27, 2017
Losses: Estimated at $10 billion globally

While more than 60 countries were affected, the initial global


NotPetya attacks in June 2017 mainly targeted victims in France,
Germany and Ukraine, the latter of which sustained about 80% of
the attacks, according to researchers from cybersecurity software
company ESET. The country's computer systems were affected,
as well as networks operated by private companies and electric
utilities. The aforementioned Maersk ransomware attack was also
part of this series of attacks.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy