Ransomware attacks have been on the rise in recent years, inflicting significant damage on businesses, governments, hospitals, and other organizations. These attacks involve malicious software that encrypts an organization’s files, rendering them inaccessible until a ransom payment is made. Given the crippling effects of not having access to critical data and systems, many victims feel compelled to pay up. But what has been the largest ransom amount paid so far?
The Colonial Pipeline Attack
One of the largest known ransomware payments to date is the $4.4 million paid by Colonial Pipeline in May 2021. Colonial Pipeline operates the largest fuel pipeline in the United States, transporting gasoline and jet fuel across much of the southern and eastern U.S. The company was hit by a ransomware attack attributed to the cybercrime syndicate DarkSide, which encrypted Colonial’s computer systems and forced the company to shut down pipeline operations. With fuel delivery disrupted, gas shortages and price hikes ensued across the eastern U.S. Faced with enormous pressure, Colonial Pipeline paid 75 Bitcoin, then valued at nearly $5 million, to restore their systems. The payment drew major scrutiny from law enforcement and the White House, raising concerns over encouraging additional attacks.
Other Major Ransomware Payments
Some other major ransomware payments include:
- CNA Financial – $40 million. This insurance company paid a $40 million ransom in May 2021 after falling victim to the Phoenix CryptoLocker ransomware.
- JBS – $11 million. JBS, the world’s largest meat processing company, paid an $11 million ransom in June 2021 after a ransomware attack forced shutdowns of plants in the U.S., Canada, and Australia.
- Brenntag – $4.4 million. Chemical distribution giant Brenntag paid a $4.4 million ransom in May 2021 to the DarkSide ransomware group following an attack.
- Choice Hotels – $3.8 million. Hotel chain Choice Hotels paid a $3.8 million Bitcoin ransom in March 2022 after being hit by the Cuba ransomware gang.
Highest Reported Ransom Demands
While the amounts above focus on ransoms confirmed to have been paid, cybercriminals have made ransom demands far exceeding those totals. Some of the highest reported ransom demands include:
- $50 million. The REvil ransomware gang demanded $50 million from computer hardware supplier Asetek in May 2021. The highest amount previously confirmed from REvil was $11 million.
- $30 million. Hackers demanded $30 million from Japanese tech giant Fujifilm to decrypt data after a June 2021 attack. Fujifilm refused to pay.
- $25 million. In November 2020, the Egregor ransomware operators demanded $25 million from video game developer Ubisoft to prevent a data leak.
Factors Driving Large Ransoms
What factors lead to cybercriminals demanding and receiving such massive ransom payments? A few key drivers include:
- Lucrative Targets. Hackers carefully choose targets like pipelines, meat suppliers, and hospitals where operations are critically time-sensitive. Disruptions cost enormous sums, so victims feel greater pressure to pay quickly.
- Negotiations. Ransom amounts are often starting points for negotiations between attackers and victims. Criminals begin with massive numbers then negotiate down.
- Data Leak Threats. Many ransomware groups now exfiltrate sensitive data before encrypting networks and threaten to publish data online, further turning up the pressure on victims to meet demands.
Preventing Attacks
For organizations hoping to avoid ending up in the position of paying millions in ransom, experts recommend:
- Backing up critical data regularly and keeping backups offline and secure.
- Installing software updates and patches promptly to eliminate vulnerabilities.
- Using strong password policies and multifactor authentication.
- Providing cybersecurity awareness training to employees.
- Installing and updating antivirus software, firewalls, and anti-malware tools.
Law Enforcement Response
Law enforcement agencies advise against paying ransoms, as doing so fuels criminal business models and funds additional cybercrime activity. Government agencies like the FBI help victims regain access to encrypted data when possible. They also pursue investigations and legal actions against ransomware groups. For example, in June 2021 the U.S. Department of Justice was able to recover $2.3 million of Colonial Pipeline’s payment by gaining access to DarkSide’s Bitcoin wallet. However, many ransomware transactions remain difficult for authorities to trace due to the use of cryptocurrency. Global law enforcement coordination and regulations of cryptocurrency markets are needed to enable further crackdowns.
Outlook On Ransomware
Ransomware appears unlikely to fade away given its proven profitability. As long as organizations remain willing to meet ransom demands, hackers will continue operations. Projections indicate global ransomware damage costs could hit $265 billion by 2031 as attacks grow more frequent and sophisticated. To change the dynamic, businesses, insurers, and governments will need to alter the cost-benefit calculations that drive victims to pay ransoms. Measures like banning ransom payments or requiring tighter security standards could discourage the lucrative ransomware model. But until then, record-breaking ransoms may continue making headlines.
Table of Largest Known Ransomware Payments
| Victim | Ransomware Group | Year | Ransom Amount |
|---|---|---|---|
| Colonial Pipeline | DarkSide | 2021 | $4.4 million |
| CNA Financial | Phoenix CryptoLocker | 2021 | $40 million |
| JBS | REvil | 2021 | $11 million |
| Brenntag | DarkSide | 2021 | $4.4 million |
| Choice Hotels | Cuba Ransomware | 2022 | $3.8 million |
Conclusion
Ransomware will remain a serious cyber threat as long as payments continue fueling criminal enterprises. While it’s impossible to completely prevent attacks, organizations can take steps like backups, patches, and security training to reduce risk. But ultimately curtailing the ransomware epidemic will require coordinated efforts across governments, law enforcement, cyber insurers, and the private sector to alter the current cost-benefit calculations that drive ransom payments. Until then, businesses and consumers alike will need to remain vigilant against ransomware attacks that could cripple operations and finances.