IT Support, Security & Managed IT Services Blog - iCorps

Top 6 Ransomware Attacks of 2021| 3 Ways to Protect Your Business

Written by iCorps Technologies | 2021/06/15

2021 has already been a banner year for ransomware. Companies of all sizes, across industries and tech stacks, have been devastated by the cost of downtime, lost data, and regulatory fines. But why the sudden uptick? And are all these ransomware attacks following the same playbook? Learn more about six massive breaches that have taken place since January and strategies for protecting your own company data. 

How Can You Help Protect Your Business from Ransomware Attacks in 2021?


6 Organizations That Can Teach Us About Ransomware Attacks:

1. National Basketball Association (NBA)

The NBA was targeted by the Babuk gang, which specializes in Ransomware-as-a-Service (RaaS). The gang extracted 500 GB of the Houston Rockets' data, including critical non-disclosure agreements, contracts, and financial information. These documents may include Personally Identifiable Information (PII), which should be a top priority when creating security controls and policies. One of the easiest ways to protect PII is to set document and data-level security conditions. For example, your organization can set rules prohibiting download or unauthorized access, implement thrice daily backups, and set remote wipes. The NBA is still investigating this attack, to determine if PII has been released, and those affected.

2. Colonial Pipeline

The largest fuel pipeline in the U.S. was attacked by the DarkSide gang, creating a national fuel shortage. The pipeline attack echoes a growing trend in ransomware attacks, where cybercriminals target complicated manufacturing and distribution supply chains. The downtime associated with these attacks is incredibly expensive, and many companies are willing to pay exorbitant ransoms to resume operations. The U.S. government was able to recover a large portion of the Colonial Pipeline's ransom payment, but this is far from standard practice. 

Remember, supply chains are made vulnerable through so many moving parts. Many manufacturers work with vendors and have multiple SaaS and PaaS integrations. If these systems are not properly managed, or there is a lack of vendor oversight, you may be creating vulnerabilities in your network. And this will attract opportunistic cybercriminals. Protect your information by conducting routine vendor, supply chain operations, and integration assessments.

3. Bose Corporation

Bose encountered a data breach following a ransomware attack earlier this year. The company recovered quickly without paying a ransom. An investigation showed a small number of parties had been affected, and that some employee data had been extracted but not leaked on the Dark Web. When actual employee data is extracted, it makes your company vulnerable to impersonation attacks, business email compromise campaigns, and brand spoofing. With this PII, cybercriminals can create fake accounts, interact with your customers, and ultimately cause a tremendous amount of damage to your business.

4. Kia Motors America

This attack began with an IT outage that affected car dealers, mobile apps, and payment systems across the U.S. The ransomware attack was perpetrated by the DopplePaymer gang, who wanted $20 million in exchange for not leaking the stolen data. The gang gave Kia 2-3 weeks before the data would be released. During the IT outage, Kia had to deal with immensely expensive downtime. They could not process payments, customers complained that they were unable to purchase vehicles, and they suffered massive reputational damage. Kia denied they were under attack, and DopplePaymer released the data belonging to their parent organization, Hyundai Motor Company. In addition to their expensive initial downtime, Kia will be looking at high regulatory fines down the line. 

5. PrismHR

This organization services over 80,000 businesses and has over 2 million employees that were all attacked by the DarkSide ransomware gang. PrismHR warned employees and clients of suspicious activity, informing everyone to shut down their services and network providers to contain the attack. As an HR business, PrismHR deals with a tremendous amount of PII - meaning they need to have robust security controls in place to protect their customers. They are still in the process of investigating the attack, but it is estimated that 200 clients have been impacted. 

6. JBS Foods

The world's largest meat processing firm was forced to shut down production at several sites due to a cyberattack impacting their North American and Australian IT systems. The nature of the attack is still unknown as the investigation continues; however, cybersecurity experts believe ransomware was involved. The JBS attack underscores the importance of incident response protocols across locations and business systems. A thorough IR plan designates leadership during a security event, client communication, recovery actions, etc. With the recent surge in ransomware, ensure your current business continuity and disaster recovery plans are up to date. 


3 Security Best Practices to Help Prevent Ransomware

  1. Vulnerability and Penetration Testing 

    • These tests search your network perimeter and assess how hackers could make their way into your systems. These tests identify network vulnerabilities, then provide more advanced software and hardware recommendations. Penetration testing can be a one-time event, but most IT companies perform them routinely for added security. 
  2. Perimeter Management 

    • Perimeter management is focused on shoring up perimeter resources such as firewalls, virtual private networks, and intrusion detection systems. Perimeter management is essential in maintaining the integrity of your network and software systems.
  3. Remote Monitoring 

    • This involves tracking unauthorized network behavior that may indicate hacking attempts or denial of service attacks. Remote monitoring systems such as SOC-as-a-Service aggregate large behavioral data sets to quickly determine which actions are real threats.


Every ransomware attack is different. They occur across industries in businesses of all sizes.  It's always better to be safe than sorry when it comes to ransomware protection. Learn more about cybersecurity or get your free IT consultation here