What are the worst ransomware attacks of 2021?

Both good and terrible news came our way this year. The good news is that the general public is becoming more aware of ransomware and its dangers. The bad news is that the massive number of ransomware assaults that 2021 brought us has fueled this awareness. In 2021, ransomware attacks on Colonial Pipeline, JBS Foods, and other large corporations gained news, and they show no signs of abating. Hackers are exploiting security flaws all across the world, holding the data of businesses, governments, and healthcare institutions hostage and demanding tens of millions of dollars in ransom.

What is a Ransomware?

Ransomware is a virus that encrypts data on a device, making them useless for the files and the systems that rely on them. Then, in exchange for decryption, malicious actors want a ransom. If the ransom is not paid, ransomware perpetrators frequently threaten to sell or disclose exfiltrated data or authentication information. The goal of ransomware is to extort money from you, but if you have backups of your files, the hackers will have less power.

Why is ransomware becoming more prevalent in 2021?

Ransomware-as-a-service, an underground industry in which ransomware authors outsource their operations to affiliates who then carry out the assault, is partly to blame for the recent surge. Ransomware affiliates don't require as much technical knowledge, which lowers the entrance hurdles dramatically.

While ransomware criminals face fewer entry hurdles, ransomware victims face a greater financial burden. In 2020, 32% of ransomware victims would have to pay the attackers to unlock their data, a 23 percent raise over the previous year (Sophos). In addition, the average ransomware payment in 2021 is larger – by 82 percent year over year (PurpleSec).

All of this suggests that ransomware is becoming a more successful business. Not only that, but it's becoming a more professional and sophisticated industry. DarkSide, the ransomware gang that amassed at least $60 million in revenue before announcing its closure, had a robust customer care department with real-time chat help. Success fosters success, and ransomware gangs may use their profits to invest in things like research and development, which will help the ransomware industry grow even more.

Most high-profile ransomware outbreaks of 2021

Colonial Pipeline

The breach of the Colonial Pipeline in late April received the greatest media attention of all the cyber and ransomware assaults in 2021. Because the pipeline is a key element of the nation's critical infrastructure system, the attack on the Colonial Pipeline had such an enormous impact. Gas supplies were disrupted all over the East Coast of the United States as a result of the system's failure, generating confusion and terror.

Most Americans are directly affected by fuel shortages. This strike touched close to home for many people. The attack was orchestrated by the DarkSide gang, who targeted the company's invoicing system and internal business network, causing major shortages throughout numerous states. Colonial Pipeline finally caved in to the demands and paid the organization $4.4 million in bitcoin to avert additional disruption.

Colonial Pipeline finally caved into the demands and paid the organization $4.4 million in bitcoin to avert additional disruption.


In April, the REvil gang requested a $50 million ransom from computer maker Quanta, similar to the Acer hack. Despite the fact that Quanta is not a household name, it is one of Apple's most important commercial partners. REvil went after Apple when the company declined to negotiate with the hacker organization. They threatened to reveal more sensitive papers and data after disclosing Apple product designs obtained from Quanta. REvil seems to have halted the offensive by May.

CD Projekt Red

In February, a ransomware attack targeted CD Projekt Red, a Polish video game studio, causing major delays in the development of Cyberpunk 2077, their highly anticipated next release. Threat actors allegedly stole source codes for a number of the company's video games, including Cyberpunk 2077, Gwent, The Witcher 3, and an unreleased version of The Witcher 3.


DarkSide, the same known hacking gang that hacked Colonial Pipeline, also targeted Brenntag, a chemical distribution firm, around the same time in early May 2021. DarkSide sought the equivalent of $7.5 million in bitcoin after obtaining 150 GB of data.

Brenntag eventually gave in and paid $4.4 million.

National Basketball Association (NBA)

Ransomware attacks target businesses and organizations across a wide range of industries. The National Basketball Association was one of the more surprising entries on the list this year (NBA). The hacking organization Babuk claimed to have obtained 500 GB of secret data about the Houston Rockets in mid-April of this year. If their demands were not granted, Babuk stated that these sensitive records, including financial information and contracts, would be made public. No ransom payments have been made as of this writing.


The Taiwanese IT behemoth was hit by ransomware in March 2021. The hacker gang REvil was behind the attack, which was famous for the quantity of the ransom demanded: a whopping $50 million.

Companies are naturally hesitant to broadcast their responses to such requests, so it's difficult to know if any ransom was ever paid. According to some reports, Acer promised the hackers at least $10 million.


JBS USA, a food processing firm, was another company that agreed to pay ransomware demands. They were attacked by the same REvil organization that hit Acer in May 2021. JBS USA temporarily halted substantial areas of its activities as a result of the ransomware. They did, however, restore to full operation later, praising their "secured backup servers" for their quick recovery.

DC Police Department

The Metropolitan Police Department in Washington, D.C., was hit by ransomware from the Babuk gang. The police department declined to pay the group's $4 million demand in exchange for the agency's data not being leaked.

The attack resulted in a 250GB data breach, which included internal material such as police officer disciplinary files and intelligence reports. According to experts, it was the largest ransomware assault against a police department in the United States.

Kia Motors

In February, a ransomware attack targeted both internal and customer-facing systems of Kia Motors America (KMA), including mobile applications, payment services, phone services, and dealership systems.

The breach also disrupted customers' IT systems, which were necessary to take ownership of new cars.

The ransomware family that affected Kia was presumed to be DoppelPaymer, and the threat actors claimed to have also targeted Kia's parent company, Hyundai Motors America. Hyundai also had similar system breakdowns.


In recent years, an array of companies has sprung up to assist others in the fight against ransomware. ExaGrid, a firm that provides backup storage to assist limit the effect of assaults, is one of them.

ExaGrid was said to be grappling with its own ransomware outbreak in 2021. They apparently lost access to internal files and ended up paying the crooks behind the operation more than $2 million.


In August, the ransomware gang LockBit attacked Accenture, a major software company, resulting in the theft of over 2,000 data. Accenture did not pay the $50 million ransom, according to the delayed leak.

Accenture was aware of the intrusion on July 30 but did not confirm it until August 11, according to CyberScoop.

How can you defend yourself against ransomware?

Individuals may still protect themselves from ransomware attacks in a number of ways. Here are three basic measures you can take now to strengthen your cybersecurity, whether you're attempting to protect yourself or the firm you work for.

Avoid becoming infected with malware. Ransomware is a type of virus that may infect your devices in a variety of ways. It might come as a phishing email, in which a malicious actor tries to persuade you to click on a malicious link or URL. It might also get to you through a malicious advertisement, which downloads itself when you click on a pop-up or banner ad. Stick to the golden rule −

  • Don't click on email links, advertisements, or anything else on the internet that you can't check.

  • Use different devices for work and play. In many firms, using personal devices for work is a standard procedure (this is called Bring Your Own Device or BYOD). The trouble is that when we're accessing the internet on our personal phone or laptop, we're far more likely to let our guard down, and if that device has access to your employer's network, you might be exposing them to ransomware.

  • Make a backup of your files. It's not game over just because it's too late and the ransomware has already infected your device. You can minimize the harm caused by an attack by periodically backing up your files.