Top 10 Ransomware Attacks of 2021

2021 has seen a sharp increase in high-profile ransomware attacks. There have been numerous hefty ransom demands that have made headlines throughout the year. The Harvard Business Review reports that companies have paid up to 300% more to hackers than in previous years.

These ransomware attacks target schools, critical infrastructures, and healthcare networks. Today, we take a comprehensive look at the top ten ransomware attacks of 2021 to help you avoid similar security compromises. Read on to discover critical security lessons learned from these attacks and how to move forward in 2022.


One of the leading global meat suppliers, JBS USA, reported a halt in operations due to a ransomware attack on May 31, 2021. Apart from shutting down five US-based plants, the hack also disrupted operations in their UK and Australia branches. The potential losses were crippling – summing up to millions.

JBS USA had to pay the hackers $11 million in Bitcoin to stop the attack. Doing this meant preventing further disruption in their operations while limiting the impact on restaurants and groceries. Later, the FBI credited the attack to a group known as REvil – a criminal ring specializing in ransomware attacks.

The Colonial Pipeline

An attack on critical infrastructure can have devastating effects on the economy. In May 2021, the USA experienced a ransomware attack that gripped the nation – the Colonial Pipeline hack. It led to the shutting down of diesel, gasoline, and jet fuel transportation along the 5,500 stretch from Houston to New York.

The five-day shutdown left millions of motorists worried due to the demand surge. DarkSide, the group behind the attack, received $4 million in ransomware to avoid the online publication of data. Luckily, the FBI managed to recover a portion of the total payment.


Early May 2021 also saw a ransomware attack on Brenntag – a chemical distribution company. The attack was linked to DarkSide, who claimed to have stolen 150 GB of raw data. They demanded $7.5 million dollars in cryptocurrency to avoid leaking the data.

Brenntag paid $4.4 million, which is a little over half the asking price, to avoid compromising the company further. This ransomware payment stands as the highest in history (according to IT Governance). Although the FBI is working to trace the group behind the hack, finding them will prove harder.

Kia Motors America

In February 2021, the DopplPaymer gang launched a ransomware attack on Kia Motors. They demanded a price of $20 Million in Bitcoin. The public ransom demand also gave the company two-to-three weeks to meet the set demands.

Before the ransomware demand, Kia Motors experienced an outage in their IT infrastructure – affecting phone services, owner’s portal, and payment systems. However, Kia Motors claimed to have not suffered a ransomware attack. Therefore, there is no clear evidence of whether the ransomware demand was met.

CNA Financial

March 23, 2021, saw CNA Financial suffer a malicious ransomware attack. Being among the largest insurers in the U.S., a potential hack meant severe consequences. The company, therefore, had no choice but to pay the $40 million demand to retrieve their data.

The group behind this attack, Phoenix, carried out the attack using ransomware dubbed ‘Phoenix Locker’. Although not much was disclosed about the hack, all systems were fully restored. The negotiations and transaction details were equally kept secret.

HSE Ireland

HSE ensures Irish citizens from 54 acute hospitals and 4,000 locations gain access to public health services. It was, therefore, devastating when HSE experienced a malware attack in May 2021. The group behind the incident, the Conti gang, managed to compromise 80% of the company’s IT infrastructure.

Numerous hospitals had no choice but to postpone outpatient appointments – including treatments for severe illnesses like cancer. After an investigation into the attack, it was concluded that it started when an employee opened a phishing email with a Microsoft Excel file. A clear lesson learned from this incident is that hackers have no morals and can attack all industries.

National Basketball Association

It came as a shock when the world realized that not even the National Basketball Association (NBA) is safe from ransomware attacks. In mid-April, a group called Babuk initiated a malicious attack on the organization. According to their statement, they stole 500GB of sensitive Houston Rockets data.

The stolen data, containing contracts and financial info, would be released to the public if the hackers’ $50 million demand was not met. It is still not clear whether the NBA paid the ransom, but the team’s spokesman stated that they are launching an investigation. What is certain is that some suspicious activity was reported within the internal framework of Rocket’s organization.


REvil made the headlines again in July when they launched an attack on Kaseya. Although the company is not a household name, it manages IT infrastructure for numerous companies. Therefore, an attack on their system meant a potential disruption of the economy.

According to REvil, more than one million IT systems were encrypted before holding the company at ransom. A statement by Kaseya confirmed the attack by stating that about 100 businesses and 50 clients were impacted. The hacker group issued a statement demanding $70 million in cryptocurrency to decrypt the data. Luckily, the FBI obtained encryption keys and stopped the attack before the ransom was paid.

CD Projekt Red

Polish game developers that came up with popular games such as Cyberpunk 2077 and the Witcher 3 fell victim to a ransomware attack. In early 2021, hackers accessed their network and demanded payment. CD Projekt Red confirmed this attack on their social media pages and announced that their backups were intact.

The game maker published the demand note from the hackers on their official social media accounts as well. However, he announced that they won’t negotiate with the hacker group. No payment was made, and CD Projekt Red hasn’t reported anything more on the matter.


In April, REvil acquired Apple product blueprints from their supplier – Quanta Computer. They threatened to leak the data if Apple didn’t meet their demands. According to the note from the hackers, Apple had to pay $100 by May 1st or risk doubling the fees.

Quanta confirmed the attack and reported the attempt to export both them and Apple. However, their daily operations were not affected by the incident. Further details on the ransomware attack are not available yet.

Protect Yourself

Both large and small businesses fall victim to ransomware attacks. Therefore, you need to take proactive steps to safeguard your bottom line. Start by bolstering your system and security practices with consulting and managed security services.

 Luckily, Contego Inc is here to help. Ensure you contact us to learn more about the benefits of consulting experts to prevent cyberattacks, or what to do after one occurs. You can also arrange a free cyber threat assessment for you or your business.