25 Biggest Ransomware Attacks of the last year

By October 27, 2021 Cyber Security

security-attack-industry-collage2021 has witnessed a dramatic increase in the number of ransomware attacks worldwide – bringing huge consequences for the affected organizations.

For the past few years, the number of ransomware attacks being mounted against private and public sector organizations has been rising steadily. With one forecast suggesting that global ransomware damage costs could reach $20 billion this year (source: Cybersecurity Ventures), it’s an escalating challenge that no IT department can afford to ignore.

In no particular order, the following roll-call of ransomware attacks occurring or reported over the past year underlines the alarming breadth of targets, which range from software producers and meat suppliers to schools and healthcare providers. It also shows the value of implementing a comprehensive data protection solution in your company – and the catastrophic potential consequences of failing to take preventative action.

Kia Motors America (KMA)

Car manufacturer KMA was reportedly hit by a ransomware attack in February that affected both internal and customer-facing systems, including mobile apps, payment services, phone services, and dealerships’ systems, as well as vehicle delivery-related IT infrastructure.


In what is believed to be the largest known ransom to date, the Taiwanese computer manufacturer was hit with a staggering demand of $50,000,000 via a REvil ransomware attack. It may have been connected to the gang’s prior targeting of a Microsoft Exchange server on Acer’s domain.

Colonial Pipeline

With responsibility for transporting nearly half of the U.S. East Coast’s fuel, the Colonial Pipeline ransomware attack made headlines news around the world. The attack vector was subsequently revealed to be a single compromised password to an unused but still active VPN account. With an almost immediate surge in panic buying and fuel prices, a requested ransom of $4.4m was paid within hours, although more than half of the amount has since been recovered.


Like Colonial Pipeline, German chemical distributor Brenntag was also targeted by the DarkSide group, with the attack on the company’s North America division resulting in 150GB of stolen data. Negotiation between Brenntag and DarkSide saw the former pay a ransom of $4.4 – down from an initial demand of about $7.5m.

Health Service Executive (Ireland)

Indicating that no target is off-limits even during a pandemic, a variant of Conti ransomware hit the Irish healthcare and social services provider in May, affecting the processing of blood tests and diagnostics. Although the HSE ultimately did not have to pay a ransom, it faced a huge backlog of work due to large-scale IT system impact.

Would your organization have to pay?
Learn how to never pay the hackers >>

Universal Health Services

Underlining the extent to which attacking healthcare providers is now a global phenomenon, U.S. healthcare provider Universal Health Services has recently reported $67 million in pre-tax losses in the wake of a September 2020 ransomware attack thought to have been caused by the Ryuk strain of code.

Springhill Medical Center

Located in Alabama, this facility was actually hit by ransomware in 2019 but has made the headlines again this fall with the Wall Street Journal reporting on a new lawsuit that alleges the attack’s impact on monitoring could have led to the death of a baby.


global technology consultancy Accenture has acknowledged the loss of “proprietary information” during an attack launched by LockBit 2.0 in August. The gang subsequently leaked Accenture information after the firm reportedly failed to pay the $50 million ransom.

Washington D.C. Police Department

This is thought to have been the worst ransomware attack to hit a U.S. police department so far. Having refused to pay the $4 million ransom demanded by the Babuk syndicate, the attacking group claimed it had leaked around 250GB of data, including disciplinary files and intelligence material.

South African Justice Department

Bloomberg Law reports two ransomware attacks on South Africa’s Justice Department in a matter of months. Multiple electronic services – including those relating to bail services and letters of authority – are said to have been affected.

JBS Foods

Once again it was the REvil gang behind a huge ransomware attack, in this case against leading meat producer JBS Foods, resulting in operations being halted at all 13 of its processing plants across the USA. To avoid further disruption, the company ultimately paid a ransom of $11m in Bitcoin.


Pointing to a trend of escalating ransomware demands, REvil initially stipulated a fee of $70 million when it launched an attack on the Florida software company involving the encryption of end-customer systems. Kaseya has subsequently claimed that it “did not pay a ransom to obtain the decryptor”.

Forward Air

Members of the Evil Corp cybercrime gang are thought to have been behind the recent attack on trucking firm ForwardAir. Directly affecting the capabilities of parts of the company’s IT infrastructure, the attack resulted in some systems being taken offline, meaning that administration tasks including freight-release paperwork had to be halted.

Hawaii Payroll Services

Taking place in February, this attack on the Honolulu payroll processing company exemplifies the extent to which ransomware can impact valuable private information. Thought to have been launched via a compromised client account, the attack uncovered data including dates of birth, client names and bank details, and Social Security numbers.

Crystal Valley Cooperative

One of the most recent attacks on this list, occurring in late September, led to the Minnesota-based agricultural firm having to take operating and payment systems offline. This reportedly meant the mixing of fertilizer and fulfillment of livestock feed orders had to be halted.

NEW Cooperative

Another recent victim in the agricultural sector, NEW Cooperative was hit by a demand for $5.9 million by the BlackMatter group in September. Although the attackers claimed they were not targeting critical infrastructure, the farming cooperative was reported as stating that there could be an impact on supply chains if systems were not restored quickly.


The Japan-headquartered optical and digital precision technology company announced it was investigating a “potential cybersecurity incident” earlier this fall. As part of this process, the firm confirmed it had “suspended data transfers in the affected systems.”


Colorado-based customer experience technology company TTEC was recently hit with a ransomware attack that may have originated with the Ragnar Locker group. Employees were reportedly warned against opening a link titled “!RA!G!N!A!R!”.

Stonington Public Schools

Although full details had yet to emerge at the time of writing, the attack reportedly resulted in the Connecticut-located public school system shutting down certain systems and advising IT staff not to open emails with attachments from the affected schools.

Lufkin ISD

Another target in the educational sector, Lufkin Independent School District includes schools located in the Texas town of Lufkin. Three weeks ago it posted on social media that “due to a ransomware attack…several of our systems are down. Our cybersecurity program appears to have worked but we have to make sure the data is not compromised.”

Howard University

The cancellation of some online and hybrid classes was one of the immediate effects of “unusual activity” being detected on the computer network of the Washington D.C.-based private, research university.

City of Tulsa, Oklahoma

According to a local news outlet, it has been a “slow process” for the city government to recover from an attack that had “significant impact” on some services and utilities, including new domestic water connection. Some information was released onto the internet by the attackers, including birth dates and driver license numbers. And for Tulsa itself, all this happened in the wake of a historic flood and multiple hurricanes!

City of Bridgeport, West Virginia

Residents were recently informed that city government IT systems had been hit by data encryption ransomware in May. Acknowledging that personal information could have been accessed, the administration said it would be offering complimentary credit monitoring and identity protection services.

CD Projekt Red

Earlier this year video game company CD Projekt Red – which is based in Warsaw, Poland – experienced a ransomware attack that allegedly revealed source code for some of its creations. More recently, in June, PCMag U.K. reported that some employee data may also have been compromised.

Old ColdFusion Bug

The Hacker News recently reported on an attack against an unnamed services company whose server was running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software. According to the report, the vulnerability allowed the attackers to install file-encrypting Cring ransomware on the target’s network.

This troubling list should have confirmed beyond any doubt the importance of secure data and backup systems, and having a comprehensive ransomware-preventing infrastructure in place. 

Secure Data Backups Help Companies Recover Quickly from Disaster

Learn more about Cyber Shield for your data backup in this report from Enterprise Strategy Group:


< Back to Blog