The 10 Biggest Ransomware Attacks of 2021

Recent Cyber Attacks Hit Infrastructure and Critical Facilities Across the US

June 10, 2021
A silver-colored pipe transporting liquid over a field.
Recent ransomware attacks have targeted a wide range of high-profile organizations and companies, including Colonial Pipeline, an oil pipeline system.

Ransomware attacks on Colonial Pipeline, JBS Foods, and other major organizations made headlines in 2021, and show no sign of slowing down. Across the world, hackers are exploiting security weaknesses and holding the data of companies, governments and healthcare organizations hostage, sometimes demanding tens of millions of dollars in payment.

How is Ransomware Defined?

According to the U.S. Government’s Cybersecurity and Infrastructure Assurance Agency (CISA): “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

So what does that mean? Hackers take advantage of security weak spots to steal sensitive data or lock files. These criminals will only give you the key to access your system, or return the files, once you’ve paid their ransom.

Recent Ransomware Attacks in the News

Over the past few months (and years), we have seen an increase in ransomware attacks, many of them high-profile attacks. Recent cyber attacks that have used ransomware as their attack vector include attacks perpetrated against the Colonial Pipeline, Steamship Authority of Massachusetts, JBS (the world’s largest meatpacker), and the Washington DC Metropolitan Police Department. These attacks against U.S. companies and organizations result in shutdown of critical infrastructure, which can create shortages, increased cost of goods/services, financial loss due to shutdown of operations, and loss of money due to having to pay the ransom to the hackers, and worse.

2020 also saw an increase in the frequency of cyber attacks and higher ransom payments. According to Harvard Business Review, the amount companies paid to hackers grew by 300%. The sudden increase in remote work and more lax security protections at home gave hacker groups the perfect opportunity to breach sensitive data.

Healthcare Ransomware

During times of crisis, many hackers take advantage of upheaval and disorder and look for potential monetary gain. With the onset of the COVID-19 crisis in 2020, there was increased attention on cyber attacks in the healthcare space. A study by Comparitech has shown that ransomware attacks had a huge financial impact on the healthcare sector, with over $20 billion lost in impacted revenue, lawsuits, and ransom paid in 2020 alone. Over the course of the year, over 600 hospitals, clinics, and other healthcare organizations were impacted by 92 ransomware attacks.

CEO of cybersecurity firm FireEye, Kevin Mandia, shed some light on why these healthcare organizations are targeted. "Pharmaceuticals, hospitals, healthcare, public companies, organizations that don’t have the talent and skills to defend themselves—they’re getting sucker-punched," Mr. Mandia said. Marene Allison, J&J's chief information security officer, said that Johnson & Johnson experiences 15.5 billion cybersecurity incidents on a daily basis. (Becker's Hospital Review)

High-Profile Ransomware Attacks in 2021

By June, we’ve already seen many high-profile attacks on corporations and firms across the country and the world. Just six ransomware groups are responsible for breaching the cybersecurity defenses of 292 organizations. These criminal organizations have so far taken more than $45 million in ransom money from their attacks. (ZDNet)

Here are 10 of the biggest ransomware attacks that made headlines in just the first half of 2021.

Colonial Pipeline

Of all of the cyber and ransomware attacks in 2021 so far, the breach of Colonial Pipeline in late April had the most news coverage. As Touro College Illinois Cybersecurity Program Director Joe Giordano notes, “The Colonial Pipeline attack made such an impact because the pipeline is an important part of the national critical infrastructure system. Taking the system down disrupted gas supplies all along the East Coast of the United States, causing chaos and panic.”

As most Americans are directly impacted by gasoline shortages, this attack hit close to home for many consumers. The DarkSide gang was behind the attack and targeted the firm’s billing system and internal business network, leading to widespread shortages in multiple states. To avoid further disruption, Colonial Pipeline eventually gave in to the demands and paid the group $4.4 million dollars in bitcoin.

This attack was particularly dangerous because consumers started to panic and ignored safety precautions. Some East Coast residents tried to hoard gasoline in flammable plastic bags and bins, and one car even caught on fire. After the chaos receded, government officials confirmed that Colonial Pipeline’s cybersecurity measures were not up to par and may have been prevented if stronger protection was in place.

Thankfully, US law enforcement was able to recover much of the $4.4 million ransom payment. The FBI was able to trace the money by monitoring cryptocurrency movement and digital wallets. But finding the actual hackers behind the attack will prove a lot harder. (The New York Times)

Although much of the money was recovered, Giordano doesn’t see hacker groups backing down in the near future. “I think bad actors will be increasing their efforts in terms of ransomware attacks. Because of the type of attack that it is and the anonymity of the Internet and dark web, it makes ransomware attacks a low-risk endeavor for attackers looking to make some quick money. So many companies and institutions still have weak security, and strong security requires constant vigilance and updates, not a one-time upgrade. When more organizations start to take cybersecurity seriously and invest the time and resources to combat threats, we’ll start to see these threats diminish.”


At around the same time in early May 2021, the same notorious hacker group that targeted Colonial Pipeline, DarkSide, also targeted Brenntag, a chemical distribution company. After stealing 150 GB worth of data, DarkSide demanded the equivalent of $7.5 million dollars in bitcoin.

Brenntag soon caved to the demands and ended up paying $4.4 million. Although it was a little more than half of the original demand, it still stands as one of the highest ransomware payments in history. As of yet, the money has not been recovered. (IT Governance)


Also in May this year, the computer manufacturer Acer was attacked by the REvil hacker group, the same group responsible for an attack on London foreign exchange firm Travelex. The $50 million ransom stood out as the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to Acer’s files and leaked images of sensitive financial documents and spreadsheets. 

JBS Foods

Although Spring 2021 held hopeful news for the end of the pandemic, the increased trend of cyber attacks that began in 2020 showed no signs of slowing down. Another high-profile ransomware attack took place this May on JBS Foods, one of the biggest meat processing companies in the world. The same Russia-based hacking group that attacked Acer, REvil, is thought to be behind the attack. (CNN)

Although there weren't any major food shortages as a result of the attack, government officials told consumers not to panic buy meat in response. On June 10th, it was confirmed that JSB paid the $11 million ransom demand after consulting with cybersecurity experts. This massive payment in bitcoin is one of the largest ransomware payments of all time. (CBS News)


As with the Acer attack, the REvil gang also demanded a $50 million ransom from computer manufacturer Quanta in April. Although Quanta may not be a household name, the company is one of Apple’s major business partners. After the firm refused negotiations with the hacker group, REvil targeted Apple instead. After leaking Apple product blueprints obtained from Quanta, they threatened to release more sensitive documents and data. As of May, however, REvil seems to have called off the attack, and Apple has not mentioned the cyber attack. 

National Basketball Association (NBA)

Businesses and organizations from all different kinds of industries are targeted by ransomware attacks. One of the more surprising on the list this year was the National Basketball Association (NBA). In mid-April of this year, the hacker group Babuk claimed to have stolen 500 GB of confidential data concerning the Houston Rockets. Babuk warns that these confidential documents, including financial info and contracts, will be made public if their demands are not met. As of this posting, no ransom payments have been made.


This May, the European insurance company AXA was attacked by the Avaddon gang. The attack happened soon after the company announced important changes to their insurance policy. Essentially, AXA stated they would stop reimbursing many of their clients for ransomware payments. This unique (and somewhat ironic) attack on a cyber-insurance firm made headlines and the hacker group gained access to a massive 3 TB of data. (BlackFog)


Earlier this year in March, another large insurance firm fell victim to a ransomware attack. CNA’s network was attacked on March 21 and the hacker group encrypted 15,000 devices, including many computers of employees working remotely. The attack is supposedly linked to the hacker group Evil Corp and uses a new type of malware called Phoenix CryptoLocker.

CD Projekt

CDProjekt Red is a popular videogame development firm based in Poland. In February of this year, the firm was hacked by the HelloKitty gang. The hacker group accessed source code to game projects in development and encrypted devices. However, CDProjekt has no plans to pay the ransom money, and has backups in place to restore the lost data. (ExtremeTech)

Kia Motors

This February, Kia Motors, a subsidiary of Hyundai, was reportedly hacked with ransomware. Although Kia reported a widespread IT and systems outage, they did not confirm the hack. Still, many experts believe the claims by the DoppelPaymer gang demanding a $20 million ransom. The gang has released some stolen data, but updates on the hack have not surfaced in the news for the past few months.

A Dire Need for Cybersecurity Experts

There are two key components necessary to address this issue. One is that companies need to take cybersecurity seriously and invest in it with adequate resources. Secondly, there needs to be more highly educated cybersecurity experts ready to address the scourge of ransomware attacks we’re currently facing.

Unlike some other STEM fields, a cybersecurity bootcamp and certification is sometimes all that’s needed to get started in the field. But of course, completing a graduate certificate program is one of the best ways to qualify for relevant job opportunities. The Touro College Illinois graduate certificate program in cybersecurity for healthcare addresses the critical needs of the sector. Our hands-on courses build expertise in network security, HIPAA, cloud security, medical device security, and incident response and recovery.