Advanced Cyber Security

You are here: SecPoint Cyber Security News

Top 10 Most Expensive Ransomware Attacks

The COVID 19 pandemic had a huge influence on internet usage. With so many people stuck inside, the internet became just as important as any other appliance that one might use to get around with their daily lives. The gap between "internet" and "real life" is quickly disappearing, and the internet is becoming an extension of our everyday lives. 

Because of this, people are going to need to start viewing cybersecurity as just as important as other types of security. Cybersecurity attacks can cost people just as much as break-ins and robberies. For examples of this, you just have to look at some of the most expensive ransomware attacks. 

The best way to learn how to avoid falling victim to a ransomware attack is to become familiar with some of the most expensive cyber attacks out there. This article will walk you through a few of these attacks and help let you know what you can do to avoid them. 

10. The Riviera Beach City Council

While this ransomware attack is not merely as bad as some of the others on this list, it's here because it didn't affect a company, but an entire city. 

News broke just two years ago that hackers took over an important computer system and threatened to expose certain files. Though not as many files as some later on this list, the government was alarmed and paid out a 600,000 dollar ransom. 

9. The University of California at San Francisco 

The University of California at San Francisco was hit with a cybersecurity attack in 2020, despite having data protection. However, they were not using their data protection program on the files that got hacked. It's likely that the cybercriminals cased out the system and found the vulnerable files before they attacked. 

The University of California was able to limit the attack by cutting off the servers that were compromised. By disconnecting them from the main network, they functionally cut their losses and saved further damage. 

This case is a great example of both good and bad practices in cybersecurity.

On the one hand, just because you have a security program doesn't mean you are safe. You have to make sure you're using it on all of your files. 

On the other hand, The University of California did a good thing by cutting its losses and isolating the compromised servers. The criminals demanded 3 million dollars, but the college was able to get the cost down to 1.14 million. This is a great example of how quick action can minimize losses. 

8. FatFace Ltd

You might not have heard of FatFace Ltd here in the States, but over in great Britain, they've made waves as an innovative fashion company. They emphasize urban and boho style but came quickly crashing to a halt when they were hit by one of the worst ransomware attacks of all time. 

FatFace was hit, most likely, as a result of shutting most of their in-person stores down as a result of the COVID-19 pandemic and operating mainly online. The story of FatFace is a cautionary tale for anyone conducting business in the 2020s. Like it or not, we need to view cybersecurity as just as important as keeping locks on our doors. 

This case is known for the highly public nature of the conversation that the cybercrime gang had with the company they were attacking. The cybercriminal was easily able to control the conversation since they knew tons about FatFace while FatFace knew nothing about them.

You'll also note that FatFace was hacked by the cybersecurity gang as a result of a simple phishing attack. The basics are extremely important. Overall, FatFace wound up paying 2 million dollars, giving it an uncertain future. 

7. Travelex

Travelex, a company mainly known for foreign exchange kiosks, was a perfect target for cybercriminals. Their service relies on the operation of computers and people's personal data. Any cybercrime that could call these things into threat had a good chance of causing serious damage. 

In 2020, ransomware gang Sodinokobi took this opportunity and copied and encrypted tons of the data personal to Travelex. This resulted in the travel aid company paying 2.3 million dollars to the criminals. 

6. ExaGrid

In perhaps the most embarrassing cybersecurity cases of all time, ExaGrid suffered a terrible ransomware attack in 2021. 

This is so embarrassing because ExaGrid is something of an anti-ransomware company. They sell backup disk storage equipment to help people keep their data in the event of a breach. 

However, the ransomware gang Conti must have some very smart hackers because they outsmarted these anti-ransomware experts and hit them with theft of over 800 GB of confidential data that they threatened to release. 

What's extra scary is that Conti kept their infiltration secret for over a month. They had immense smarts and patience to not capitalize right away, using this month to memorize and copy down certain security information, encrypt certain data files, and download clients' personal information. Even if ExaGrid made use of their technologies to kick Contri out of their system and recover their data, Contri could still publish private information.

ExaGrid realized they had been beaten at their own game and paid 2.6 million dollars using bitcoin. 

This is an important cautionary tale on just how smart cybercriminals are these days. This level of patience and technique is never-before-seen in the world of cybercrime and suggests a certain level of criminal mastermind.

Hackers aren't going to get any less smart. Become as familiar with your cybersecurity team as you can, and make sure they're able to catch breaches ASAP. 

5. Brenntag 

Chemical distribution company Brenntag was hit with a theft of 150 gigabytes of data causing a large halt in their production. 

The attack was caused by a prominent ransomware gang known as DarkSide. DarkSide has already used its advanced encryption tactics to target several high-profile companies.

DarkSide made use of a data leak page that several of its members contributed to over time. There were screenshots of certain files and highly organized descriptions of the types of files that were taken. 

DarkSide did this attack in league with third-party guns-for-hire who each received a cut of the profits. DarkSide received 20 percent to split for themselves, and the third parties received the rest. This once again demonstrates the highly structured construction of so many of these cybersecurity attacks. 

It's important to remember that these cybercriminals were up against are highly intelligent people that know what they're doing; underestimating the enemy can only leave you weak. 

You might think that you can handle your cybersecurity yourself, but it's very difficult. You have many aspects of your business to focus on, whereas cybercriminals are able to devote themselves to this full time. Hire an IT company that can make it their job to protect you. 

This demonstrates just how important it is to make sure yu know when you've been penetrated by an attack.

Overall, Brenntag wound up paying over 4 million dollars. 

4. The Colonial Pipeline Company 

One of the best examples of how devastating ransomware can be is the 2021 attack on the Colonial Pipeline Company. The attack was once again caused by DarkSide. 

Hackers gained access to the company through a private network account that was retired at the time of the attack. It was an account that allowed users to access the companies data remotely. 

Something that everyone can learn from this attack is to get rid of their old accounts as soon as they can. While it's important to back up your data, it's also important to make sure that there are no holes that hackers can sneak through. 

On May 7th, a ransom note was found demanding excessive amounts of money in cryptocurrency in exchange for the safe return of over 100 gigabytes of data. The pipeline company shut down its operations to try to reduce damage, not knowing where the attack was coming from. This left many of their clients without oil, increasing the impact of the attack. 

The company was horrified that these hackers might gain access to the systems that allowed the control of gasoline. Because of this, they also paid out the hackers over 4 million dollars, making this one of the biggest ransomware payouts of all time

Since then, this company has hired a cybersecurity company that specializes in industrial cybersecurity. We recommend looking for a security company that knows how to handle your specific industry

3. CWT Global

The silver medal for the confirmed most expensive ransomware attack has to go to CWT Global, which shelled out 4.5 million dollars to the Ragnar Locker ransomware group. 

These ransomware attacks were a complete fiasco. They stole over two terabytes of files, which contained tons of personal information on employees. 

The ransomware which originally demanded 10 million dollars outlined one of the main and most scary things about cybersecurity attacks. The criminals informed CWT that paying the ransom was probably less expensive than all of the money in lawsuits they'd have to pay if the information was leaked. 

This is why it's always best to take preventative measures against cybersecurity. Sometimes there's simply nothing that can be done to stop one of these attacks once they've happened, and it's best to fork over the money. 

2. JBS 

The attack on JBS meatpackers holds the record for the highest confirmed ransomware payout. The meat plants owned by JBS are extremely important, and the cybersecurity breach threatened to stop the supply chain for meat production in a large portion of the U.S. 

Believe it or not, it's still not known who conducted this cybersecurity attack. It's believed to have been conducted by popular hackers REvil or Sodinokibi. 

The attack was so bad that JBS had to close all of its meat plants. This posed a great risk to America's ability to get the meat products that they rely on. 

This attack has noted similarities to the Colonial Pipeline Company attack in that the ingenuity of the hackers does not come from figuring out a particularly complicated attack, but targeting one of the lesser-publicized companies that run the world. 

JBS understands just how important they are to the American people, and knew that they couldn't keep their plants shut down for long. This is why they decided to pay the 11 million dollars ransom to hackers, more than twice as much as the second most expensive attack. 

1. CNA Financial 

We know what you're probably thinking — we've already scratched the world record, how can we go any higher than that? But while JBS suffered the confirmed most expensive ransomware attack of all time, there are other cases where companies are reported to have paid even more, but never confirmed it themselves. 

We can understand why this might be the case. Not everyone wants the whole world to understand their financial situation. But if the CNA Financial ransomware attack was as bad as the site Bloomberg news reported to be, it blows JBS out of the water. 

Surprisingly enough considering the numbers (which we'll get to in a minute), the details of this cybersecurity attack are not that much different from most other cybersecurity attacks. The criminals, a Russian syndicate is known as EvilCorps, infiltrated the system and suddenly revealed themselves. 

However, a tip from an anonymous insider suggested the situation might have gotten as bad as it did because the company initially chose to ignore the threat. Who knows if they thought it wasn't a big deal, or were deliberating over what to do. 

Either way, they must have done something wrong, because the criminals demanded 60 million dollars, and reports say that CNA financial wound up paying around 40 million dollars. If this is true, this is by far the most expansive ransomware payout of all time. 

Ransomware Attacks Hurt 

As you can see from these extremely expensive ransomware attacks, they can cost companies dearly. If you don't want to wind up in a situation where you have to pay tons of money, we highly suggest getting acquainted with a great cybersecurity company so you don't have to pay out one of these criminals.

For more information, contact us today.


Pricing Click Here ->

Buy from a VAR or VAD Click Here ->

Get a Free Vulnerability Scan Click Here ->


Ingenco2 Trustmark SecPoint Trustpilot Emaerket