15 Biggest Cybersecurity Attacks in 2021

Shanika W.

By Shanika W. . 7 November 2022

Cybersecurity Analyst

Miklos Zoltan

Fact-Checked this


Today, cybersecurity attacks have become more vulnerable and uncontrollable than before. Among them, major ransomware attacks like JBS Foods, and Colonial Pipeline have become headlines in 2021.

Ransomware means malicious software designed to encrypt files on a computer, so they can prevent someone from using their computers.

If the user needs to access their system again, they have to pay a ransom in exchange for decryption to hackers or cyber-criminals. These cyber-criminals also threaten to leak or sell authentication information or data if the user cannot pay the ransom.

These cyber-criminals misuse security weaknesses of systems and hold the data of healthcare organizations, governments, and companies across the world, sometimes demanding millions of dollars in payment.

According to the 2021 Cyber Threat Report by SonicWall, there has been a 62% increase in Ransomware since 2019. This amount is still set to rise further as cybersecurity attacks are becoming more complex and difficult to detect.

On top of all, cybersecurity attacks are even becoming more dangerous than ever before.

Update November 2022: Much has changed in 2022. Check out our report on the biggest cybersecurity attacks in 2022 for an updated list.

Biggest Cyberattacks in 2021

Let’s explore ten major cybersecurity attacks in 2021:

Colonial Pipeline

In May, the Colonial Pipeline, the largest fuel pipeline in the US, suffered a cyberattack that disrupted fuel supplies all along the East Coast of the United States (in 12 US states) for several days.

The cyberattack had attacked the system that managed the pipeline originating from Houston, Texas. It caused panic and chaos as millions queued for fuel.

Colonial Pipeline Company shut down its entire operations to prevent further damage. The company paid $4.4 million in bitcoin to hackers with the FBI’s help.

A month after payment, the FBI recovered much of the ransom payment using a private key by monitoring digital wallets and cryptocurrency movement. However, finding the cyber-criminals behind this attack would prove a lot harder.


Also, in May this year, Taiwanese computer hardware giant Acer suffered a Ransomware attack by the REvil hacker group, the same hackers who attacked London foreign exchange firm Travelex in 2020. The hackers demanded a ransom of USD 50 million from Acer.

The media revealed that REvil hackers had accessed Acer’s network using a vulnerability in a Microsoft Exchange server that had earlier hacked 30,000 US commercial and governmental emails.

They also leaked the images of some of the stolen files, including images of bank balances, bank communications, and financial spreadsheets. Acer never confirmed whether they made the ransom payment demanded by hackers.

JBS Foods

Another major attack that took place this May was on JBS Foods, one of the largest companies for meat processing in the world. REvil, the same Russia-based hacking group, is thought to be behind this ransom attack.

This attack resulted in the temporary closure of operations in Canada, Australia, and the US. However, this attack didn’t lead to any major food shortages, and the government informed consumers not to panic about purchasing meat.

JBS paid $11 million as ransom demanded by hackers to prevent further disruptions after consulting with experts in the cybersecurity industry on the 10th of June. This is considered one of the biggest ransomware payments of all time.

KIA Motors

In February this year, Kia Motors, a subsidiary of Hyundai, was also attacked with ransomware. However, Kia motors did not confirm this attack, although they reported an overall system and an IT outage.

Kia Motors claimed that this ‘IT outage’ impacted the internal sites, phone services, owner’s portal, payment systems, and mobile UVO Link apps used by Kia Motors America.

According to the media, the hackers DopplePaymer gang demanded $20 million as a ransom for a decrypter and to prevent the leaking of stolen data. Although the attackers released some stolen data, this hack was not in the news for the past few months.

CNA Insurance

In March this year, CNA, one of the largest Insurance firms in the US, faced a critical cyberattack that led to the termination of trading for a short period. The attackers hacked CNA’s network and encrypted 15,000 devices, including the devices used by remote employees.

This ransom attack caused the compromise of data of around 75,000 employees. This data included Social Security numbers, health benefits information, and names of the contract workers, the company’s former and present employees, and their dependents. The attack disrupted network operation and impacted specific systems like email.

The hacker group Russian cybercrime syndicate Evil Corp was thought to be behind this attack. Third-party forensic experts revealed that they had created and used a new form of ransomware called Phoenix CryptoLocker for this attack.

Media reports stated that CNA Insurance agreed to pay $40 million as ransom to get back access to its network.


In early May 2021, around the same time as the cyberattack on Colonial Pipeline, DarkSide, the same hacker group behind the Colonial Pipeline attack, targeted a chemical distribution company Brenntag which has headquarters in Germany.

DarkSide had stolen 150 GB of data and leaked a data page consisting of screenshots of a couple of files and a description of the data stolen. DarkSide demanded 7.5 million dollars as ransom in bitcoin. However, Brenntag was able to negotiate the ransom and ended up paying $4.4 million.

Although that payment was a little more than half of the original ransom demanded, it is still considered one of the biggest ransomware payouts of all time.


In April this year, the REvil ransomware operators also attacked Quanta. Quanta is one of the major business partners of Apple and Apple laptop manufacturers.

Quanta reported that they were attacked by hackers who intended to extort both Apple and Quanta. They also mentioned that their daily operations were not affected.

Because Quanta refused to negotiate with the REvil gang, the attackers targeted Apple instead. They leaked blueprints of Apple products obtained from Quanta.

REvil group also threatened that they were going to release more sensitive data and documents. However, the REvil group had called off the cybersecurity attack. Apple also didn’t mention anything about the cyber attack further.


This May, cyber insurer AXA, a European insurance company, was attacked by the Avaddon ransomware group. This attack occurred after the company published vital changes to its cyber insurance policy to stop coverage for ransom payments.

They mentioned that they would not allow reimbursing ransomware payments of many of their clients. On May 18, AXA claimed that they had become victims of a targeted ransomware attack, and it had impacted their operations in the Philippines, Hong Kong, Malaysia, and Thailand.

The Avaddon hackers got access to a massive 3 TB of data from the company’s Asian operations and this ironic attack made headlines those days.

AXA announced that a dedicated team with external forensic experts investigated the attack, and business partners and regulators were informed. However, AXA did not release the other impact and the type of cyberattack.

CD Projekt

In February of this year, the HelloKitty gang hacked CDProjekt Red, a well-known video game development firm based in Poland. The hackers gained access to the source code of game projects under development and encrypted devices.

However, CDProjekt has not paid the ransom payment because they had backups, which they used to restore the lost data.

National Basketball Association (NBA)

This year, ransomware attacks targeted organizations and businesses from different industries. Surprisingly, the National Basketball Association (NBA) was also among them.

In mid-April of this year, Babuk, the hacker group, announced that they had stolen 500 GB of their confidential data. Babuk gang threatened that these confidential data, including contracts and financial information, would be made public if the NBA failed to make the ransom payment they had demanded.

However, as of this article, the NBA has not made this ransom payment.

Ireland’s Health Service Executive (HSE)

In May of this year, the government organization that runs all public health services in Ireland experienced a ransomware attack that caused the shutdown of their IT systems as a precaution.

As a precautionary measure, many of the HSE systems were offline. Although many health services were disrupted, they operated National Ambulance Services as normal. Because systems were disrupted, they canceled all outpatient appointments, and other patients experienced delays.

Because healthcare centers could not access computer records, they informed patients to bring paper documents.

The Conti gang was behind this attack, demanding $20 million as ransom in exchange for decrypting the data. The hackers also leaked some of the data.

Although there were disruptions, Ireland’s public health network stated that either they or the government would not pay the ransom.


On May 4, ExaGrid, a backup storage company that helps businesses recover after a ransomware attack, also suffered from a ransomware attack.

The Conti cybercriminal was behind the attack. The cyberattack stole internal documents and impacted the ExaGrid corporate network. The hackers exfiltrated source code, confidential contracts, and customer and employee data.

According to LeMagIT, a ransom of $2.6 million was paid to the hackers by ExaGrid in exchange for the decryption key to reclaim access to encrypted data.

However, the original demand by the Conti cybercriminal gang was over $7 million. Still, ExaGrid has not denied or confirmed this cyberattack, and they have not released further details.

Buffalo Public Schools

Cyberattacks in the education sector are constantly rising. As a result, many schools suffered from ransomware attacks in 2021. The cyberattack on Buffalo public schools in New York was one of them. The Buffalo Public School has an IT system with highly sensitive information for 34,000 students.

On March 12, the school system was hit by a ransomware attack that shut down the entire school system. Because this cyberattack shut down the operations across the district, classroom learning for thousands of students was abandoned. It also led to the cancellation of in-person and remote instruction for one week.

On March 15, Kriner Cash from Buffalo Schools stated that the school was actively working with federal, state, and local law enforcement, and cybersecurity experts to investigate the cyberattack. However, it was not clear whether personal data was stolen or not. On March 22, Buffalo schools resumed their operations.

University of the Highlands and Islands

On March 7th of this year, the University of the Highlands and Islands suffered from a cyberattack. As a result, the university had to close all of its research labs and colleges.

The attack was important as Cobalt Strike, a penetration testing toolkit, was utilized for the attack, and normally this toolkit was used for legitimate purposes. However, the university has not revealed further details about this attack.

Microsoft Exchange Server

A mass cyberattack took place in March, and it impacted millions of Microsoft clients. The hackers exploited vulnerabilities in Microsoft’s Exchange Server for this attack.

Because of this attack, operations of nine government agencies and 60,000 private companies in the US were disrupted. However, they have not revealed further details of this cyberattack.

Final Words

Who can be involved in a cyberattack?

The cyber risk ecosystem involves many aspects and players. Sometimes, it can be pretty complex. Organizations of all sizes can be or have been victims of cyberattacks. So, all businesses connected to the internet can be involved in cyberattacks. Any system where businesses interact online, like paying suppliers, searching the internet, and emailing customers, can be attacked by hackers.

What are the most common types of cyberattacks?

According to the latest Cyber Security Breaches Survey, conducted by the UK Department for Digital, Culture, Media & Sport, 46% of businesses have experienced cyberattacks in the last 12 months.

The most common types are:

  • Malware including ransomware cyberattacks, spyware, or viruses (16%)
  • Phishing cyber attacks (86%)

Is it possible to identify cyberattacks before they happen?

Still, many businesses cannot understand their vulnerabilities and are unprepared to manage cyberattacks. Fortunately, today, companies can use tools in the market to rapidly identify cyber risk vulnerabilities. Most of these tools are affordable.

In this digital disruption era, businesses should inspect their systems for cyber threats on an ongoing basis. CRIF Decision Solutions has identified this need and developed CRIF Cyber Check, powered by KYND, which companies can use as a proactive response to cyber management.

Our investigation into dark web prices releaved that most stolen data ends up being sold.


  • Anonymous

    March 4, 2022 6:29 pm

    Thanks for the information. I write cybercrime novels and am in search of an interesting exploit for my next book.

  • Scott Agustin

    December 23, 2021 6:17 pm

    Good man good

Leave a Comment