We recently asked renowned Ransomware Expert Allan Liska about what he thinks were the most impactful ransomware attacks of 2021? See his response in this video, and in case you’ve missed it, here’s the transcript:
Scott Bekker:
So we’re coming to the end of 2021, it’s been a huge year for ransomware, but we’re in the home stretch. As you look back across the year, what’s been the most impactful ransomware attack technically in 2021?
Allan Liska:
So I think for 2021, the most impactful technically has been the Kaseya ransomware attack. In that attack, the REvil ransomware group discovered a previously unknown vulnerability in the Kaseya management software. And they never attacked Kaseya directly. Instead, what they did was they attacked the managed service providers that use Kaseya software. So even if they were fully patched, the REvil ransomware group was able to get in. And then they used the access the managed service provider had to push and install the ransomware at all of those managed service providers’ customers.
So even though we referred to it as the Kaseya ransomware attack, it had nothing to do with Kaseya, the company, other than their software was being used. So there were a couple reasons why this was impactful technically. One, as many as 1,500 victims, which makes it probably the most impactful attack since either WannaCry or NotPetya back in 2017, the fact that ransomware actors were using a zero-day that they developed. We’d seen other ransomware groups using zero-day vulnerabilities or exploiting zero-day vulnerabilities before, but it’d always been proof of concept code released by somebody else. This was entirely developed by the ransomware group. That’s a huge step forward for a ransomware group. So certainly, and a concerning trend, unfortunately.
Scott Bekker:
Yeah. What about… So that’s the technical perspective. From an economic standpoint, what would’ve been the most significant attacks this year?
Allan Liska:
I think Colonial Pipeline. So the Colonial Pipeline attack disrupted fuel service up and down the East Coast. And interestingly, fuel lines are capable of surviving all kinds of shutdowns and all kinds of problems. So it wasn’t that there was ever that the Colonial Pipeline was not going to be able to get gas to gas stations. What really caused it is the panic buying. There were occasional shortages. There were certainly some places that were having trouble getting gas because they had to switch to trucks and other things. But everybody going buying gas all at once, it wasn’t available. And that had an impact up and down the entire East Coast, in terms of the gas shortages, meant that some people couldn’t get to work, that some deliveries were delayed, et cetera. So that really, from an economic impact, was really bad. The other one would be JBS, the attack on the meat packing plant that disrupted meat deliveries to grocery stores all around the Midwest. And so again, a huge impact financially for those grocery stores and for other shops that relied on the meats that are being processed by JBS.
Scott Bekker:
Right. And what about from a vertical perspective? Were there any sectors that were hit especially hard with ransomware?
Allan Liska:
Healthcare continues to be hit really hard. And unfortunately, that hasn’t changed. So we saw that in 2020 where ransomware actors, healthcare had always been a favorite target of ransomware groups because there’s a perception that a healthcare provider is more likely to pay. That’s not necessarily accurate, but the ransomware actors think it is. So they continue to go after them. But then when the pandemic hit, a lot of ransomware actors specifically started targeting healthcare providers. Because again, there’s a perception that they’ll be more likely to pay, because the healthcare providers are already stressed out, the staff is stressed out. And so people are more likely to click phishing emails and things like that. And that unfortunately has continued into 2021 as healthcare continues to be heavily targeted by ransomware groups.
Scott Bekker:
So low lights for 2021 would be Kaseya, Colonial Pipeline, JBS is an honorable mention, and the healthcare vertical.
Allan Liska:
Right now, there’s still a few months left, unfortunately.
Scott Bekker:
Sadly true. Well, thanks, Allan.
Allan Liska:
Thank you.
Interested in viewing more videos about Ransomware? Visit our Ransomware Video Gallery