Back to Blog
14 Dec 2020

The most prolific ransomware attacks of 2020

Ransomware has been growing at an alarming rate throughout 2020 – a total of 199.7 million ransomware attacks have been reported globally in the third quarter of 2020. No industry has escaped unscathed, with cyber criminals causing chaos at every turn.

This type of attack is particularly nasty, snowballing at an incredible rate as the attackers know they can hold businesses hostage for a fantastic payday. And there is very little an unprepared business can do.

We’ve taken a look at the most prolific ransomware attacks of 2020.


Target: Foxconn

Ransomware: DopplePaymer

Revenue/recovery impact: Pending

Foxconn electronics have fallen victim to a large ransomware attack by DopplePaymer ransomware group. The attackers acquired unencrypted files from the company, before encrypting its devices. In order to retrieve their files, the group demanded $34m in ransom.

It was also reported that the DopplePaymer group released files belonging to Foxconn on its data leak site. Although no financial data from the company or any employee personal details were exposed, data such as business documents and reports were published.

During an interview with Bleeping Computer, it was revealed by the group itself that only the North American facility was affected and not the entire company. They claimed to have encrypted a NA segment which consists of around 1200 servers. Foxconn had around 75TB’s of miscellaneous backups, of which 20-30TB was unfortunately destroyed.


Target: Cognizant

Ransomware: Maze

Revenue/margin impact: Estimated $50m to $70m

In April, IT services company Cognizant were attacked with Maze ransomware, resulting in an infected network and service disruptions for some of its clients. Cognizant reported that unencrypted data was likely accessed and stolen. They also stated that sensitive personal information such as SSN, Tax ID’s, financial information and drivers’ licenses may have been stolen. It is reported that the post effects of the attack could have resulted in a loss of around $50m to $70m.


Target: Sopra Steria

Ransomware: Ryuk

Revenue/recovery impact: Estimated €30m to €50m

French IT services company Sopra Steria were attacked by Ryuk Ransomware – a popular strain of malware, during October 2020. The attack took a few days to detect due to hackers using a new version of Ryuk which was previously unknown to agencies.

Following an investigation, Sopra Steria reported no company or customer data was made vulnerable, but systems did remain offline. As a result, the reboot of systems and operations took a matter of weeks to get back up and running. In terms of cost, the attack cost the group a large sum of around €50m.


Target: Travelex

Ransomware: REvil

Ransom paid: $2.3m

Travelex, a well-known travel exchange company, suffered a ransomware attack in early January resulting in a complete shutdown of their systems as hackers held them to ransom for over two weeks.

Unconfirmed reports suggested that an unpatched vulnerability in Pulse Secure VPNs allowed access. The group successfully encrypted the entire network, as well as deleting backup files and exfiltrated more than 5gb of personal data. The group threatened to release the data if the ransom of a large lump sum of $6m wasn’t paid.

Eventually, Travelex settled for 2.3m paid in bitcoin in order to get their systems back up and running.


Target: Canon

Ransomware: Maze

Revenue/margin impact: Unknown

Canon, a Japan based provider in digital equipment, suffered from a Maze attack resulting in 10 terabytes of stolen data, particularly employees’ personal information being ransomed for an undisclosed sum. The attack also infiltrated internal applications, email services, Microsoft Teams and their U.S website.

This highly sophisticated attack isn’t as quick as it looks. A security awareness advocate at KnowBe4 commented “Cybercriminals would have been inside the infrastructure and systems for some time, not hours, but most likely days, to access this many domains of the organisation”

The company confirmed and reported the attack on servers took place between July 20th and August 6th 2020 and caused a significant amount of employee data being exposed.

It’s not known whether the company paid the ransom.


Target: Grubman Shire Meiselas & Sacks (GSMS)

Ransomware: Revil

Ransom paid: $365k (allegedly)

GSMS, a reputable entertainment law firm with well-known clients were targeted by the notorious REvil group. Initially, the group demanded $21m, that was until the group discovered files in relation to Donald Trump, making the ransom demand increase to $42m.

The impact of the attack caused loss of sensitive data belonging to many reputable clients such as Lady Gaga, Elton John and Madonna. Although the company worked with the FBI and retrieved some data, the majority was lost and available on the black market.

In September, the criminals attempted to auction Bruce Springsteen’s legal documents, obtained from this attack, on the Dark Web. The opening bid was set at $600,000, but there were no bidders.

REvil claims they have received a $365,000 payment, but the law firm has denied making any payments.


Target: Software AG

Ransomware: Clop

Revenue/recovery impact: Pending

German company, Software AG have been hit with a double extortion attack which resulted in encrypted files and stolen data by Clop ransomware. In October, the software giant was forced to shut down its internal systems, which as a result also forced their helpdesk and internal communications to go offline.

The Clop operation demanded $23m, although the company refused to pay the ransom. This caused the group to leak confidential data on the dark web, including scanned employee identifications, passport details, internal emails and financial information. The company is in the process of restoring its systems and database.



By 2021, a ransomware attack is expected to take place every 11 seconds.  As the attacks become more complex and sophisticated, its crucial for businesses to invest in security such as protecting endpoints and keeping employees aware with security awareness training. If you’re looking for more information on how your business can stay protected, get in touch with our team today.

By OryxAlign