University of California at San Francisco (2020) As such, the company paid the hackers about $4.5 million on July 28, a few days before Reuters reported the incident. Using ransomware called Ragnar Locker, the assailants claimed to have stolen sensitive corporate files and knocked 30,000 company computers offline.Īs a service provider to one-third of S&P 500 companies, the data release could have been disastrous for CWT's business. On July 31, 2020, US business travel management firm CWT disclosed it had been impacted by a ransomware attack that infected its systems - and that it had paid the ransom. While CNA has been tight-lipped on the details of the negotiation and transaction, but says all of its systems have since been fully restored. CNA Financial eventually paid $40 million in May to get the data back. On March 23, 2021, CNA Financial, the seventh largest commercial insurer in the US, disclosed it had "sustained a sophisticated cybersecurity attack." The attack was carried out by a group called Phoenix, which used ransomware known as Phoenix Locker. After negotiating with the criminals, Brenntag ended up negotiating the original ransom of $7.5 million down to $4.4 million, which it paid on May 11. On April 28, 2021, German chemical distributor Brenntag learned it was the target of a cyberattack by Darkside, which stole 150GB of data that it threatened to leak if ransom demands weren't met.
US law enforcement officials were able to track the payment and take back $2.3 million using a private key for a cryptocurrency wallet. On June 7, 2021, the DOJ announced it had recovered part of the ransom.
The pipeline operator said it paid the hackers $4.4 million in cryptocurrency.
Crypto locker names drivers#
The impact of the attack was significant: In the days that followed, the average price of a gallon of gas in the US increased to more than $3 for the first time in seven years as drivers rushed to the pumps. Colonial Pipeline covers over 5,500 miles and transports more than 100 million gallons of fuel daily.
Crypto locker names Offline#
On May 7, 2021, America's largest "refined products" pipeline went offline after a hacking group called Darkside infiltrated it with ransomware. The FBI attributed the hack to REvil, a sophisticated criminal ring well-known in ransomware attacks. JBS paid the hackers an $11 million ransom in Bitcoin to prevent further disruption and limit the impact on grocery stores and restaurants. The ransomware attack also disrupted the company's Australia and UK operations. On May 31, 2021, JBS USA, one of the largest meat suppliers in the US, disclosed a hack that caused it to temporarily halt operations at its five largest US-based plants. On July 21, 2021, Kaseya obtained a universal decryptor key and distributed it to organizations impacted by the attack. Kaseya declined to pay, opting to cooperate with the FBI and the US Cybersecurity and Infrastructure Agency. It's unclear how many individual businesses paid up, but REvil demanded $70 million in bitcoin from Kaseya. REvil, a cybercriminal outfit, claimed responsibility for the attack and demanded ransoms ranging from a few thousand dollars to multiple millions, according to a Reuters report. Kaseya provides IT solutions for other companies - an ideal target which, in a domino effect, ended up impacting approximately 1,500 organizations in multiple countries. On July 2, 2021, Kaseya announced its systems had been infiltrated.