Top 5 Most Expensive Ransomware Attacks of 2019

Ransomware a growing Global epidemic

2019 saw a dramatic increase in global ransomware attacks. Attackers have found their way into governments, schools, and businesses across the world. As their methods continue to become more sophisticated and ironclad, their ransom demands continue to increase.

Let’s take a look at the 5 most expensive ransomware attacks of 2019.

Number 5: New Orleans $3 million

2018 saw the city of Atlanta paying out over $2.6 million in recovery efforts after the SamSam malware was released into the city’s systems. It left city officials and spectators across the country shocked at the decimation that was leveled upon one of America’s largest cities.

Fast forward a year and a half later, and the city of New Orleans found themselves in the same boat. After an employee clicked on a phishing email and entered their credentials, it’s believed the Ryuk virus (popular with cyber criminals in Eastern Europe and Russia) was released into the city’s systems.

New Orleans, like many large scale government and businesses, had cyber security insurance. It’s estimated by city officials, however, that the $3 million insurance policy won’t be enough to cover the cost of restoring the city’s systems. City officials plan on upping their insurance to $10 million for the next year, although the cost of the recovery efforts is still climbing.

Number 4: Texas $12 million

In August, 22 towns in the state of Texas were hit when hackers were able to breach the security software of a third-party service provider. They released Sodinokibi (REvil) and demanded a $2.5 million ransom. None of the cities agreed to pay.

The state declined to release the names of the towns affected (Keene and Borger admitted they’d both been breached.) It’s estimated that the total recovery cost for all 22 towns has cost a minimum of $12 million with some undisclosed costs not yet accounted for.

Number 3: Baltimore $18.2 million

On May 7th, the city of Baltimore was hit with the RobbinHood ransomware strain which infiltrated employee email and voicemails and online payments for the city. In response, officials had to use a paper system to collect everything from taxes to water bills.

The ransom demanded was $76,000 with the threat to destroy the city’s systems if not paid promptly. Baltimore declined payment, opting instead to restore systems on their own. This resulted in a loss or delay of payment of $8.2 million in revenue and an additional $10 million and counting in restoration and recovery efforts.

Number 2: Norsk Hydro $60 – $71 million

Starting in its US based facility, aluminum provider Norsk Hydro out of Oslo, Norway was hit in March with a large scale ransomware attack. LockerGoga, a ransomware strain that has run rampant through industrial and manufacturing sectors, was determined to be the culprit.

While Norsk Hydro declined to pay the ransom, the estimated cost of the restoration, recovery, and mitigation is between $60 – $71 million. The majority of that came from lost production revenue.

Norsk Hydro switched to manual mode at several of its locations, but wasn’t able to contain the attack until the summer. They have been able to restore their systems from backups.

Number 1: Demant $80 – $95 million

Danish hearing aid manufacturer Demant hasn’t claimed ransomware as the cause of their “critical incident” even though Danish media is reporting it as such. If so, it will be one of the mostly costly on record.

In September, Demant was forced to close down its entire internal IT infrastructure. The impact was felt in production plants in Denmark, Poland, France, and Mexico and in service sites spanning the entire Asia-Pacific network.

Between system restoration, revenue loss, and mitigation the “incident” has cost Demant an estimated $80 – $95 million.

The aftermath

While some of the causes of infection are unknown, some were user error. In the case of city governments, employees have to be especially vigilant of phishing scams and open RDP ports that could leave city-wide systems vulnerable to attackers.

While it’s easy to blow off these massive claims as not relating to us, these have long range impact on real people’s jobs and livelihoods. Stopping ransomware is all of our responsibility, and we need to be vigilant. It’s only going to get rockier from here.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles