Ransomware attacks have been on the rise in recent years, with cybercriminals targeting businesses, hospitals, schools and government agencies and encrypting their data to extort massive payments. Some of the largest ransoms paid have amounted to millions of dollars. Here we look at the 5 biggest known ransomware payouts to date.
What is ransomware?
Ransomware is a form of malicious software or malware that encrypts an organization’s files and essentially holds the data hostage until a ransom is paid. The attackers demand payment, usually in cryptocurrency like Bitcoin to provide the victim with the decryption key. If the ransom is not paid, the data remains locked forever. Ransomware attacks can cripple businesses and organizations, as they are unable to access their own data and systems.
Why do organizations pay the ransom?
For many victims, paying the ransom demand is the most cost-effective way to resume operations. The alternative would be restoring data from backups, which takes time and resources. Paying the ransom also avoids reputational damage from a prolonged shutdown of systems and loss of data. However, paying the ransom encourages more attacks and there is no guarantee that the hackers will unlock the data. The FBI recommends not paying ransoms.
1. Colonial Pipeline – $4.4 million
In May 2021, the largest fuel pipeline in the US was hit by a major ransomware attack that caused a shutdown lasting several days. The operators of Colonial Pipeline paid a staggering $4.4 million in Bitcoin to the DarkSide ransomware gang to regain control of their systems.
The attack caused fuel shortages and panic buying across the East Coast of the US. As a critical infrastructure provider supplying 45% of fuel to the eastern states, the outage had major implications and demonstrated how ransomware could disrupt vital services.
The FBI was able to recover $2.3 million of the ransom by tracking the Bitcoin payments. Colonial Pipeline also claimed that paying the ransom was the right thing to do for the country to restart the fuel supply.
2. CNA Financial – $40 million
Insurance company CNA Financial announced in May 2021 that they paid $40 million to regain access to systems encrypted by the Phoenix ransomware gang. This appears to be the largest known ransom paid by a US company.
CNA stated that their systems were compromised in March 2021 and they had hired cybersecurity experts to respond to the attack. After determining the extent of encryption across their systems, they took the decision to pay the ransom.
The payment was made in Bitcoin and CNA said the key to unlock their systems was provided after payment. The company had cyber insurance in place to cover ransomware attacks.
3. Brenntag – $4.4 million
German chemical distribution giant Brenntag was hit by a targeted ransomware attack by the darkside cybercrime syndicate in May 2021. According to reports, the company paid a ransom of $4.4 million in Bitcoin.
The criminals had targeted Brenntag for its deep pockets and ability to pay a large ransom. The attack caused some disruption to operations and supply chains. Like Colonial Pipeline, Brenntag opted to pay the ransom to resume business activities quickly.
4. Taiwan Semiconductor Manufacturing Company (TSMC) – $6 million
One of the world’s biggest chip makers TSMC was impacted by the WANNACRY ransomware attack in August 2018. The ransomware infected numerous systems and compromised data at TSMC’s facilities.
After attempts to contain the outbreak failed, TSMC took the decision to pay the demanded ransom of 1,000 Bitcoin, worth around $6 million at the time. The payment was made to prevent threats of leaked trade secrets and destruction of files.
TSMC stated that most of the compromised data was recovered through backups, limiting the overall impact.
5. CWT Travel – $4.5 million
Ransomware gang RagnarLocker extorted $4.5 million in Bitcoin from corporate travel giant CWT Travel in July 2020. The attackers claimed to have accessed over 2 terabytes of data including financial reports, security documents and personal data.
With threats to leak sensitive customer information, CWT Travel opted to meet the ransom demand. The $4.5 million payment was one of the largest known ransomware attack payouts at the time.
In a statement, the company said payment was “the most efficient action to protect our customers” and allow business operations to continue.
Biggest Known Ransomware Payments
|Colonial Pipeline||$4.4 million||2021|
|CNA Financial||$40 million||2021|
|CWT Travel||$4.5 million||2020|
How can organizations defend against ransomware?
To guard against costly ransomware attacks, organizations should take preventative measures including:
- Backing up critical data regularly and keeping backups offline/air-gapped
- Using effective endpoint security software and firewalls
- Be vigilant against phishing emails and suspicious links which deliver malware
- Applying software patches and system updates promptly
- Ongoing staff cybersecurity training
- Having an incident response plan ready in the event of an attack
Organizations can also take out specialized cyber insurance policies to help cover ransomware attack damages and response costs.
Should ransomware payments be banned?
There is an ongoing debate around whether ransomware payments should be banned. Critics argue that allowing payments encourages more ransomware attacks as it makes the business model profitable for hackers.
However, defenders claim that banning payments leaves victims with no way to recover encrypted data essential for business continuity. Until better technology and policies reduce the effectiveness of ransomware, payments may continue despite risks.
Ransomware attackers are targeting increasingly larger organizations and infrastructure providers and demanding millions of dollars in cryptocurrency payments. While law enforcement discourages ransom payments, some major companies have paid enormous sums when faced with crippling outages. The largest known ransomware payouts to date have reached up to $40 million.
Paying ransoms usually allows operations to resume but fuels further cybercrime. Organizations must implement comprehensive security measures to stop ransomware taking hold in the first place. But with attacks on the rise, ransomware resilience planning is also essential to stay in business when hackers come knocking.