History and Evolution of Ransomware

The Taiwanese computer giant, Acer was the victim of a ransomware attack in March of 2021 wherein a US$50 million ransom was demanded - the largest ransom ask made of any victim at that time. The REvil ransomware gang took credit for the breach and published images of financial statements and other documents allegedly stolen from the company as a means of claiming responsibility for the attack.

The German chemical distributor Brenntag SE reportedly paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang on May 11 to obtain a decryptor for files encrypted by the hackers during a recent ransomware attack on the company. Threat actors encrypted devices on the network and claimed to have stolen 150GB of data during their attack – which they proved by creating a private data leak page with a description of data taken and screenshots of files.

At the beginning of May, the Colonial Pipeline Company announced that they had fallen victim to a ransomware attack. The company suspended its affected IT assets, as well as its main pipeline – which is responsible for transporting 100 million gallons of fuel every day between Texas and New York. Over the course of assisting the Colonial Pipeline Company with its recovery efforts, the FBI confirmed that the DarkSide ransomware gang had been responsible for the attack.

The global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems. As reported by Bleeping Computer, the ransomware gang claimed to have stolen six terabytes of data from Accenture's network and demanded a US$50 million ransom. In September, the company denied claims made by the LockBit gang that they also stole credentials belonging to Accenture customers that would enable them to compromise their networks.

One of the largest human resources companies disclosed a crippling ransomware attack in December 2021 that impacted the payroll systems for multiple workers across industries. According to NBC News, the company said that its programs that rely on cloud services—including those used by Whole Foods, Honda, and local governments to pay their employees—would be unavailable for several weeks. In a statement, the city of Cleveland alerted that sensitive information may have been compromised in the attack – such as employee names, addresses, and the last four digits of social security numbers.

Nvidia, the world’s largest semiconductor chip company, was compromised by a cyber-attack in February of 2022. The California-based company confirmed that the threat actor had started leaking employee credentials and proprietary information online. Lapsus$ - a hacking gang, took responsibility for the attack and claimed they had access to 1TB of crucial company data then demanded a $1 million ransom and a percentage of an unspecified fee from Nvidia. In January, Lapsus$ also claimed the credit for the ransomware attack on Impresa - Portugal’s largest media conglomerate.

The Costa Rican president declared a state of emergency after the Conti ransomware attack threw the country into chaos in April of this year. The attack affected healthcare systems amid covid-19 testing and will likely have lasting effects on the country.

Lastly, the media giant Nikkei Group’s Singapore-based headquarters was also the victim of a ransomware attack in May of 2022. Unauthorized access to their internal servers was noticed and the company discovered a breach - stating that it was likely that customer data has been affected. This comes after the 2019 incident in which an employee was given fraudulent instructions to transfer a sum of money to a third party through a BEC swindle - costing the organization approximately $29 million.

Most of these attacks were carried out by hacking groups that tend to use Ransomware-as-a-service models. These are similar to software-as-a-service frameworks, except they facilitate the installation and running of malware into a network. Users of this service pay to launch ransomware developed by operators.