Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

The worst ransomware attacks of 2021

This year brought us both good and bad news. The good news is that the public are increasingly aware of ransomware and the threat it poses. The bad news is that this awareness has been driven by the huge number of ransomware attacks 2021 brought us. From gas companies to hospitals, ransomware has been making some terrible headlines. Here are five of the worst ransomware attacks in 2021.

The worst ransomware attacks of 2021

What is ransomware?

Before we go further, let’s answer the important question. What is ransomware? Ransomware is a type of malicious software, which can be used to extort money from its victims. These programs are designed to encrypt a target’s files, making it impossible for them to access their data.

The criminals will then offer to unencrypt the files, in return for a large financial payment. The ransom is usually transferred in the form of cryptocurrency, making it much harder to track and recover.

2021’s worst ransomware attacks

Colonial Pipeline

Perhaps the most dramatic ransomware attack of the year, the Colonial Pipeline incident thrust the practice into the public eye like never before.

The Colonial Pipeline supplies oil to large areas of America, so when the pipe system’s computer networks were attacked with ransomware, panic began to spread. Many Americans started buying extra fuel for their cars, causing shortages and generating eye-catching headlines.

Eventually the Colonial Pipeline company paid a ransom of more than $4 million, which was later mostly recovered by the FBI. However, the attack highlighted the threat that cyberattacks pose to essential infrastructure.


Acer, a Taiwanese tech giant, suffered a ransomware attack in March 2021. The attack involved a hacking group referred to as REvil, and was notable for the size of the ransom demanded: a staggering $50 million.

It’s difficult to find out if any ransom was eventually paid, because companies are understandably reluctant to publicize their response to such demands. However, some sources claim that Acer offered the hackers at least $10 million.

The REvil ransomware operators were apparently able to exploit a weakness in a Microsoft Exchange server. This security flaw has no doubt been patched since the attack, although Acer suffered further breaches later in the year.


The food processing company JBS USA was another corporation that ended up agreeing to meet ransomware demands. In May 2021, they were targeted by the same REvil group that attacked Acer.

As a result of the ransomware, JBS USA briefly suspended large parts of their operations. However, they later returned to full functionality, hailing their “encrypted backup servers” for their speedy recovery.

They’re also reported to have paid $11 million in ransom money, but incredibly that may still have been the cheaper option. Businesses on this scale — especially those involved in supply chain production — lose vast amounts of money every day that their normal operations are disrupted.


Brenntag, a company that distributes chemical products, was hacked by the same group that attacked the Colonial Pipeline systems. They eventually paid out more than $4 million to resolve the situation.

The problem with these payouts, however, is that they raise the likelihood of the company being targeted again. When ransom demands are met, it can signal that an organization could be a lucrative target for other criminals too.

That’s probably why a huge percentage of businesses that pay up during a ransomware attack are targeted by similar software within a year.


Many businesses have popped up in recent years to help protect others against ransomware. One of these is ExaGrid, a company that provides backup storage to help mitigate the impact of attacks.

Reports surfaced in 2021 that ExaGrid was dealing with its own ransomware attack. Apparently they’d lost access to internal files, and ended up paying more than $2 million to the criminals behind the operation.

While it’s not the worst of recent ransomware attacks, this incident is a striking reminder that no one is now safe from this threat.

Ransomware vs. malware

What’s the difference between ransomware and malware? There isn’t one; it’s not a case of ransomware vs. malware. The word malware just means “malicious software”, which is a catch-all term for software created and used to cause harm or exploitation.

Malware comes in different forms, including ransomware, spyware, and the ominously-named killware, among many others.

Will ransomware attacks get worse?

Judging by the latest ransomware attacks, 2021 has just been the tip of the iceberg. This form of malware is becoming extremely popular with financially-incentivised cybercriminals, and even the largest corporations are struggling to defend themselves.

Ransomware statistics in 2021 paint a troubling picture. With average ransomware costs reaching more than $100 million a month, the firm Cybersecurity Ventures projects that annual damages could soar as high as $265 billion in the next five years.

What’s particularly worrying, however, is that more than money could be on the line here.

Ransomware: a matter of life and death?

The Colonial Pipeline hack is just one of many attempts by criminals to target essential infrastructure. Even before that incident, we’d already seen attacks against water supplies, factories, electric grids, and hospitals.

National infrastructure is almost all integrated with computer networks and online connectivity, making it a prime target for ransomware groups. And that’s before we factor in deliberate interference by foriegn governments.

Even healthcare organizations are being targeted now, making it harder for medical professionals to provide the essential services the public needs. Recent ransomware attacks have shown that this problem isn’t going away, and that means lives could be at risk.

How to protect against ransomware

There are still ways that individuals can counteract the threats of ransomware attacks. Whether you’re trying to protect yourself or the company you work for, here are three simple steps you can take today to improve your cybersecurity.

  • Avoid malware infection. Ransomware is a form of malware, and there are many ways it can spread onto your devices. It may come through a phishing email, in which a bad actor tries to convince you to click on an infected link or URL. Alternatively, it could reach you in a malicious advert, downloading itself when you click on a popup or banner ad. Follow the golden rule: don’t click email links, adverts, or anything else online that you can’t verify the authenticity of. NordVPN’s new Threat Protection feature can also help you. It helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.
  • Don’t use the same device for work and leisure. It’s common practice in many companies to use personal devices for work (this is called Bring Your Own Device, or BYOD). The problem is that we’re much more likely to let our guard down while browsing the internet on our personal phone or laptop, and if that device has access to your employer’s network, you could be exposing them to ransomware.
  • Backup your files. If it’s too late and the ransomware has already infected your device, that doesn’t mean it’s game over. By backing up your files regularly, you can limit the damage of an attack before it happens. The purpose of ransomware is to extort money from you, but if you have your files saved elsewhere, the hackers have less leverage.

We value your privacy

This website uses cookies to provide you with a safer and more personalized experience. By accepting, you agree to the use of cookies for ads and analytics, in line with our Cookie Policy.