Biggest Ransomware Attacks, Demands & Payments 2022 & 2021

Written by Aditi Uberoi | 10 January 2023

Did you know that in 2022 more than 10 TB of data was stolen every month in ransomware attacks as per some reports? As per some other estimates, almost $111,737,688.23 have been paid in ransomware demands and payouts across the world - and these are just the tracked numbers. According to some analysis, the average ransom payment in Q3 of 2022 was a whopping $258,143 - this is considering the global recommendation that ransom demands should never be paid.

A new trend in ransomware has emerged where data of victims and organisations is leaked on online leak sites without often mentioning the company name. While this is a direct threat to the safety of personal information, it also compromises business secrets, confidential information, marketing strategies and modus operandi of the victims. This is something that cannot easily be quantified in monetary terms.

The biggest Ransomware fact of 2022 and 2021 is that the number one cybersecurity threat is clearly not going anywhere. In fact, it’s only becoming more prevalent and complex in nature every day in 2023.

The low entry-barriers in the ransomware industry, coupled with the anonymity that cryptocurrency offers, means that even low-skilled criminals can make a quick buck by launching ransomware attacks. What the advanced criminal can achieve already makes news headlines every day.

In our ongoing quest to highlight how big a scourge ransomware is today, we’ve compiled two eye-opening lists. One lists the ransomware attacks in 2021 and 2022 where the ransom demand figures and/or payment statuses are known. The second list on this page details the other major ransomware attacks where the ransom demands/payment statuses are not yet known.

This is a live page and we’re updating it every month. We also welcome crowdsourced knowledge so if you know of an attack or a ransom demand that is not in this list, you can write to us and we’ll add it in. Please also provide a verified source of information for each attack.

As always, this list is purely educational in nature and purpose.

The intention is never to highlight or deride the victim. The goal is only to turn the spotlight on the massive number of ransomware attacks in the last two years and the huge ransom demands that have been made (in known cases).

As always, the goal is only to focus attention on ransomware preparedness in 2023.

This list is only meant as an eye-opener for our readership so you’re able to better understand the impact that a ransomware attack can have on your organisation. It has been created only to allow readers to shift their focus on better ransomware readiness and enhance their ransomware mitigation strategies today.

This page contains the following lists:

1. Ransomware Attacks with Known Ransomware Demands/Payouts in 2021 & 2022
2. Ransomware Attacks with Undisclosed Ransomware Demands/Payouts in 2021 & 2022
3. Ransomware Groups that received Ransomware Payouts in 2022

Remember that if you need help without blowing your budget, our flexible and cost-effective Virtual Cyber Assistant and Virtual Cyber Consultant services can help you get more resilient.

Attacks with Known Ransomware Demands and/or Ransomware Payments - 2021 and 2022

Summary	Ransom Demanded	Ransom Paid	Ransomware Family	Source Link
Trafford bin collection firm Amey PLC suffers a ransomware attack	$2billion	Not disclosed	Mount Locker	Amey PLC ransomware attack
Delaware County Officials Paid $25,000 in Ransom To Hackers Who Infiltrated the County’s Computer System	Undisclosed	The county paid a $25,000 deductible to their insurers, and the insurers paid a ransom of an unknown amount. Media reports have pegged the amount at $500,000, but the county is not confirming that figure	DoppelPaymer Ransomware	Delaware County, Pennsylvania paid a $500,000 ransom Delaware Country paid ransom
Computer giant Acer hit by a ransomware attack	$50 Million	Acer offered to pay the group $10 million, but REvil gang rejected that offer	REvil Ransomware	Acer suffers ransomware attack
Ransomware gang leaks data from Metropolitan Police Department	$4 Million	MPD counter-offered with $100,000	Babuk Ransomware	Metropolitan Police Department hit by a ransomware attack
Chemical distribution company Brenntag paid a $4.4 Million to the DarkSide ransomware group	$7.5 Million	$4.4 Million	DarkSide Ransomware	Brenntag pays ransom to DarkSide group
Ireland's Health Services suffer ransomware attack	$20 Million	Refused to pay	Conti Ransomware	Conti targets Ireland's Health Services
Apex America hit by Sodinokibi ransomware	$7 Million	Not disclosed	REvil (Sodinokibi)	Sodinokibi targets Apex America
Colonial Pipeline paid $5 Million ransom one day after cyberattack, CEO tells Senate	$5 Million	Nearly $5 Million	DarkSide Ransomware	Colonial Pipeline paid ransom to DarkSide ransomware gang
JBS paid $11 Million to REvil ransomware, $22.5M first demanded	$22.5 Million	$11 Million	REvil Ransomware	JBS paid ransom amount of $11 Million
Insurance giant CNA fully restores systems after ransomware attack	$60 Million	$40 Million	Phoenix CryptoLocker operators utilised by Evil Corp	CNA restores its systems after paying ransom
REvil gang targets Kaseya	$70 Million	Refused to pay	REvil Ransomware	Kaseya suffers ransomware attack
Maryland’s Leonardtown town becomes a victim of a global ransomware attack that targets Kaseya product user Just Tech	$45000 per computer	Not disclosed	Apparently REvil Ransomware	Maryland’s Leonardtown suffers a ransomware attack that hits JustTech, a product user of Kaseya
Ransomware demand $80,000 from York Animal Hospital	$80,000	Refused to pay	An unknown Russian ransomware group	York Animal Hospital suffer ransomware attack
Babuk’s new ransomware forum RAMP suffers ransomware attack	$5000 in BTC	Refused to pay	An unknown ransomware group	Babuk’s newly launched ransomware forum RAMP hit by a ransomware attack
The Judson Independent School District pays ransom	Not disclosed	More than $547,000	Unknown	Judson Independent School District ransomware attack
Joplin city computers shutdown was ransomware attack	Not disclosed	Joplin city government’s insurer paid $320,000	Unknown	Joplin city suffers ransomware attack
US farmer cooperative New Cooperative hit by BlackMatter ransomware attack	$5.9 Million	Not disclosed	BlackMatter	New Cooperative suffers BlackMatter ransomware attack
Web hosting service Exabytes suffers ransomware attack	$900,000	Not disclosed	Unknown	A ransomware attack targets Web hosting service Exabytes
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data	$7 Million	Not disclosed	Not disclosed	JVCKenwood ransomware attack
Accenture discloses a data breach after August ransomware attack	$50 Million	Not disclosed	Not disclosed	A ransomware attack hits Accenture
Schreiber Foods hit with cyberattack; plants closed	$2.5 Million	Not disclosed	Not disclosed	Schreiber Foods suffers ransomware attack
Thailand’s Central Restaurants Group (CRG) suffers ransomware attack	Not disclosed	Desorden group refused to accept $900,000.00 USD offer made by Central Restaurants Group (CRG)	Desorden group	Thailand’s Central Restaurants Group (CRG) hit by a ransomware attack
Electronics retail giant MediaMarkt suffers ransomware attack	$240 Million	Not disclosed	Hive ransomware	Hive ransomware hits electronics retail giant MediaMarkt
Hackers dump NHS records of Lister Fertility Clinic on their leak site	£3 Million in BTC	Refused to pay	Unknown	Hackers dump NHS records of Lister Fertility Clinic on dark web
ONUS suffers Log4j hack	$5 Million ransom demand	Refused to pay	Apparently Conti Ransomware exploited Log4j flaws	ONUS ransomware attack
Delta Electronics, a Taiwanese electronics manufacturing company	$15 Million	Not disclosed	Conti Ransomware	Delta Electronics hit by a ransomware attack
BlackCat ransomware implicated in attack on German oil companies	$14 Million	Not disclosed	BlackCat	German oil companies suffer ransomware attack
German’s Hensoldt confirms Lorenz ransomware attack	$500.000 and $700.000	Apparently paid the ransom	Lorenz ransomware	German’s Hensoldt hit by a ransomware attack
New Bedford Police suffer ransomware attack	BTC equal to $5.3 Million	Offered $400,000 payment to unlock the computers, but the attackers refused the offer	RYUK Ransomware	RYUK ransomware hits New Bedford Police
Glenn County Office of Education pays ransom to Quantum group	Not disclosed	$400,000 in BTC	Quantum Ransomware	Glenn County suffers ransomware attack and agrees to pay ransom of $400,000
Walmart hit by Yanluowang ransomware attack	$55 Million	Not disclosed	Yanluowang Ransomware	Ransomware group claims an attack on Walmart
BlackCat attacks University of Pisa; Demands $4.5M Ransom	$4.5 Million	Not disclosed	BlackCat Ransomware	University of Pisa suffers BlackCat ransomware attack
How Conti ransomware hacked and encrypted the Costa Rican government	$20 Million	Not disclosed	Conti Ransomware	Costa Rica government hit by Conti ransomware
Quantum ransomware attack disrupts govt agency in Dominican Republic	$650,000	Not disclosed	Quantum Ransomware	Quantum Ransomware govt agency in Dominican Republic
Hackers demand $10m to end cyber attack on CHSF Hospital Center	$10 Million	Not disclosed	LockBit 3.0	CHSF Hospital Center ransomware attack
Quantum ransomware attack disrupts govt agency in Dominican Republic	$650,000	Not disclosed	Quantum ransomware	Quantum ransomware targets Dominican Republic's govt agency
Damart clothing store hit by Hive ransomware, $2 Million demanded	$2 Million	Not disclosed	Hive Ransomware	Damart clothing store suffers Hive ransomware attack
Montenegro hit by ransomware attack, hackers demand $10 Million	$10 Million	Not disclosed	Apparently Cuba Ransomware	Montenegro govt suffers ransomware attack
Everest ransomware operators claim to have hacked South Africa state-owned company ESKOM Hld SOC Ltd	$200,000	Not disclosed	Everest Ransomware	South Africa state-owned company ESKOM Hld SOC Ltd hit by a ransomware attack
AFP investigates $1m ransom demand posted online for allegedly hacked Optus data	$1 Million	Not disclosed	Optusdata (Telegram Channel Name)	Optus hackers demand $1millon as ransom
Australian insurance firm Medibank confirms ransomware attack	$15 Million	Refused to pay	BlogXX (A Relaunch of REvil)	Medibank hackers demand $15 Million
Pendragon car dealer refuses $60 Million LockBit ransomware demand	$60 Million	Refused to pay	LockBit Ransomware	Pendragon car dealer refuses $60 Million ransom demand of LockBit ransomware
The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider	The ransomware gang demands $500k to buy data and $600k to delete the stolen data	Not disclosed	BlackByte	Asahi Group Holdings faces ransomware attack
Medibank hackers sell Deutsche Bank data online for 7.5 BTC	7.5 BTC	Uncertain	Apparently BlogXX	Hackers that sold Medibank access credentials are selling Deutsche Bank data online Medibank hackers sell Deutsche Bank data
LockBit offers to sell 40TB of stolen files of Continental for $50 Million	$50 Million	Not disclosed	LockBit	LockBit ransomware gang offers to sell Continental data for $50 Million
Hackers that hit AIIMS Delhi raise a demand of nearly $24.5 million in BTC	Nearly $24.5 Million in BTC	Hackers put the AIIMS servers down and it is feared that data of around 3-4 crore patients (including VVIPs patients) could have been compromised	Not disclosed	AIIMS Delhi hackers demand ransom of nearly $24.5 million in BTC

Ransomware Attacks with Undisclosed Demands 2021 & 2022

Summary	Ransom Demanded	Ransom Paid	Ransomware Family	Source Link
Dassault Falcon Jet reports data breach after ransomware attack	Not disclosed	Not disclosed	Ragnar Locker	Dassault Falcon Jet suffers ransomware attack
Audio maker Bose discloses data breach after ransomware attack	Not disclosed	Refused to pay	Unknown	Audio device manufacturer Bose suffers ransomware attack
Canada Post hit by data breach after supplier ransomware attack	Not disclosed	Not disclosed	Lorenz Ransomware	Canada Post hit by a ransomware attack
Iranian hacking group targets Israel with wiper malware known as DEADWOOD	Not disclosed	Not disclosed	Agrius	Agrius targets Israel with Wiper malware
Fujifilm refuses to pay ransom; restores network from backups	Not disclosed	Refused to pay	Apparently REvil Ransomware	Fujifilm suffers ransomware attack and refuses to pay ransom
Computer memory maker ADATA suffers ransomware attack	Not disclosed	Not disclosed	Ragnar Locker	ADATA hit by Ragnar Locker ransomware
Northern UK’s rail ticket machines hit by a ransomware attack	Not disclosed	Not disclosed	Unknown	Northern England’s rail ticket machines suffer ransomware attack
Tulsa warns of data breach after Conti ransomware leaks police citations	Not disclosed	Not disclosed	Conti ransomware	Tulsa city hit by a ransomware attack
BlackMatter ransomware hits medical technology giant Olympus	Not disclosed	Not disclosed	BlackMatter	Medical technology giant Olympus suffers ransomware attack
Acer confirms second security breach in the year 2021	Not disclosed	Not disclosed	Desorden Group	Desorden Group targets Acer
Shutterfly services disrupted by Conti ransomware attack	Undisclosed amount in Millions	Uncertain	Conti Ransomware	Shutterfly hit by ransomware attack
Brazilian Ministry of Health suffers ransomware attack that vanishes COVID-19 vaccination data	Not disclosed	Not disclosed	Lapsus$ Group	A ransomware attack hits Brazilian Ministry of Health
Conti ransomware uses Log4j bug to hack VMware vCenter servers	Not disclosed	Not disclosed	Conti Ransomware	Conti gang uses Log4j vulnerability to target VMware vCenter servers
FinalSite ransomware attack shuts down thousands of school websites	Not disclosed	Not disclosed	Unknown	FinalSite ransomware attack
Lapsus$ ransomware gang hits SIC, Portugal’s largest TV channel	Not disclosed	Not disclosed	Lapsus$ group	Lapsus$ hits Portugal’s largest TV channel SIC
Karakurt ransomware group hits WELDCO-BEALES MFG	Undisclosed demand in cryptocurrency	Not disclosed	Karakurt ransomware	WELDCO-BEALS MFG. hit by Karakurt ransomware attack
Maryland Department Of Health Confirms Ransomware Attack Caused Disruption In COVID-19 Data Last Month	Not disclosed	Not disclosed	Unknown	Maryland Department of Health ransomware attack
Minnesota trucking company Bay & Bay hit in 2nd ransomware attack	Not disclosed	Refused to pay	Conti Ransomware	Minnesota trucking company Bay & Bay suffers ransomware attack
FlexBooker discloses a ransomware attack; over 3.7 million accounts impacted	Not disclosed	Refused to pay	UaWrongTeam group	FlexBooker hit by a ransomware attack
Bernalillo County reports suspected ransomware attack	Not disclosed	Refused to pay	Unknown	Bernalillo County suffers ransomware attack
Compton and Broomhead Dental Center alleged victim of a ransomware attack	Not disclosed	Refused to pay	Unknown	A ransomware attack targets Compton and Broomhead Dental Center
Hospital Centro de Andalucia recovered quickly from ransomware attack	Not disclosed	Refused to pay	Vice Society	Hospital Centro de Andalucia recovers from ransomware attack's impact
Marketing giant RRD confirms data theft in Conti ransomware attack	Not disclosed	Not disclosed	Conti Ransomware	Conti ransomware hits Marketing giant RRD
KP Snacks giant suffers Conti ransomware, deliveries disrupted	Not disclosed	Not disclosed	Conti Ransomware	A ransomware hits KP Snacks
Business services provider Morley uncovers ransomware attack hit the company in August	Not disclosed	Not disclosed	Unknown	Morley Companies Inc. discloses ransomware attack
Airport services firm Swissport discloses a ransomware incident	Not disclosed	Not disclosed	Unknown	Airport services provider Swissport suffers ransomware attack
Ransomware gang says it has hacked 49ers football team	Not disclosed	Not disclosed	BlackByte	BlackByte ransomware hits San Francisco 49ers
The Royal Dublin Society suffers ransomware attack	Not disclosed	Not disclosed	Unknown	A ransomware attack targets Royal Dublin Society
The Jawaharlal Nehru Port Container Terminal hit by a ransomware attack	Not disclosed	Not disclosed	Unknown	The Jawaharlal Nehru Port Container Terminal suffers ransomware attack
Seattle-based logistics company Expeditors International suffers ransomware attack	Not disclosed	Not disclosed	Unknown	Logistics company Expeditors International hit by a ransomware attack
Insurance giant AON hit by a cyberattack	Not disclosed	Not disclosed	Unknown	A ransomware attack hits Insurance giant AON
Toyota stops production in Japan after a cyberattack at a supplier	Not disclosed	Not disclosed	Pandora ransomware	A ransomware attack pauses Toyota operations
Bridgestone Americas confirms ransomware attack	Not disclosed	Not disclosed	LockBit ransomware	Bridgestone Americas suffers LockBit ransomware attack
Automotive giant DENSO hit by new Pandora ransomware gang	Not disclosed	Not disclosed	Pandora ransomware	Pandora ransomware hits Toyota’s main supplier DENSO
Nvidia says its ‘proprietary information’ was leaked by hackers as Lapsus$ hit chip manufacturer	Lapsus$ demands Nvidia permanently make its GPU drivers completely open-source	Unknown	Lapsus$ Ransomware	Nvidia hit by Lapsus$ ransomware
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak	Not disclosed	Not disclosed	Lapsus$ Ransomware	Lapsus$ hits Samsung and leaks source code
Ubisoft hit by ransomware group that hit Nvidia	Not disclosed	Not disclosed	Lapsus$ Ransomware	Ubisoft suffers ransomware attack
Vodafone investigating ransomware attack that hit Samsung, Nvidia	Not disclosed	Not disclosed	Lapsus$ Ransomware	Vodafone suffers ransomware attack
RansomEXX Disrupts Scottish Association for Mental Health	Not disclosed	Not disclosed	RansomEXX	Scottish Association for Mental Health suffers ransomware attack
Microsoft confirms Lapsus$ hit account with limited access after ransomware group released alleged Bing and Cortana source	Not disclosed	Not disclosed	Lapsus$ Ransomware	Lapsus$ group target Microsoft and access the source code
Okta investigates claims of customer data breach from Lapsus$ group	Not disclosed	Not disclosed	Lapsus$ Ransomware	Okta hit by Lapsus$ ransomware
Rio de Janeiro finance department hit with LockBit ransomware	Not disclosed	Not disclosed	LockBit ransomware	LockBit takes responsibility for Rio de Janeiro ransomware attack
American Dental Association hit by new Black Basta ransomware	Not disclosed	Not disclosed	Black Basta ransomware	Black Basta ransomware targets American Dental Association
Panasonic says Canadian operations hit by a ransomware attack	Not disclosed	Not disclosed	Conti ransomware-as-a-service (RaaS) group	Panasonic Canada suffers ransomware attack
Ransomware grounds some flights at Indian budget airline SpiceJet	Not disclosed	Not disclosed	Apparently LockBit ransomware	Indian air carrier SpiceJet hit by a ransomware attack
Costa Rica’s public health agency hit by Hive ransomware	Not disclosed	Not disclosed	Hive Ransomware	Hive group hits Costa Rica’s public health agency CCCS
RansomHouse extortion group hits AMD	Not disclosed	Not disclosed	RansomHouse group	AMD hit by a ransomware attack
Macmillan shuts down systems after likely ransomware attack	Not disclosed	Not disclosed	Unknown	US book publisher Macmillan hit by ransomware attack
Bandai Namco confirms ransomware attack	Not disclosed	Not disclosed	ALPHV Ransomware	Bandai Namco hit by a ransomware attack
Clop ransomware leaks Spinneys’ customer data in UAE	Not disclosed	Not disclosed	Clop ransomware	Spinney’s suffers ransomware attack in UAE
Semiconductor manufacturer Semikron hit by LV ransomware attack	Not disclosed	Not disclosed	LV Ransomware	Semiconductor manufacturer Semikron faces a ransomware attack
LockBit claims ransomware attack on Italian tax agency	Not disclosed	Not disclosed	LockBit Ransomware	LockBit ransomware targets Italian tax agency
LockBit claims ransomware attack on security giant Entrust, leaks data	Not disclosed	Not disclosed	LockBit Ransomware	Entrust hit by LockBit ransomware
Yanluowang ransomware gang stole Cisco source code	Not disclosed	Not disclosed	Yanluowang Ransomware	Yanluowang Ransomware hits Cisco to steal source code
UK’s car dealership Holdcroft Motor Group hit by a ransomware attack	Not disclosed	Not disclosed	Unknown	Holdcroft Motor Group suffers ransomware attack
Greek natural gas operator DESFA suffers ransomware attack	Not disclosed	Not disclosed	Ragnar Locker	Ragnar Locker targets Greek natural gas company DESFA
Leading library services firm Baker & Taylor hit by ransomware	Not disclosed	Not disclosed	Unknown	Baker & Taylor suffers ransomware attack
Ragnar Locker ransomware claims attack on Portugal's flag airline	Not disclosed	Not disclosed	Ragnar Locker	Ragnar Locker hits Portugal's flag airline TAP
Holiday Inn hotels hit by a ransomware type attack	Not disclosed	Not disclosed	Unknown	Holiday Inn hotels faces a ransomware type attack
Hive ransomware claims cyberattack on Bell Canada subsidiary	Not disclosed	Not disclosed	Hive Ransomware	Bell Canada hit by a ransomware attack
Puma hit by data breach after Kronos ransomware attack	Not disclosed	Not disclosed	Kronos Ransomware	Puma suffers Kronos ransomware attack
BlackCat ransomware claims attack on Italian energy agency	Not disclosed	Not disclosed	BlackCat Ransomware	BlackCat ransomware targets Italian energy agency
CommonSpirit hospital chains hit by ransomware, patients are facing problems	Not disclosed	Not disclosed	Unknown	CommonSpirit hospital chains suffer ransomware attack
NHS software vendor Advanced confirms a ransomware attack	Not disclosed	Not disclosed	LockBit 3.0	NHS software vendor Advanced hit by LockBit 3.0
Hive claims ransomware attack on Tata Power, begins leaking data	Not disclosed	Not disclosed	Hive Ransomware	Hive Ransomware targets Tata Power
Ransomware hackers hit Australian defence communications platform ForceNet	Not disclosed	Not disclosed	Unknown	ForceNet faces ransomware attack
LockBit ransomware claims attack on Continental automotive giant	Not disclosed	Not disclosed	LockBit Ransomware	LockBit hits automotive giant Continental
Ransomware attack cripples Vanuatu government systems	Not disclosed	Not disclosed	Unknown	Vanuatu government systems hit by a ransomware attack

Ransomware groups which received ransom payments in 2022

Ransomware Group	Total payments received *	Source Link
Karakurt ransomware group	$4,348,145.276	Karakurt ransomware group receives payment in 2022
darkangels	$1,463,379.327	darkangels ransomware group receives payment in 2022
Conti	$1,118,339.572	Conti ransomware receives payment in 2022
MedusaLocker	$269,244.38	MedusaLocker receives payment in 2022
LockBit	$119,120.459	LockBit receives payment in 2022

*The figures mentioned in the above table are based on information provided from reliable sources. Cyber Management Alliance Pvt Ltd cannot confirm their accuracy, nor does it take responsibility for this information. We have compiled this easy-to-consume visual data table merely for educational purposes.

If all the data on this page makes you anxious about your organisational preparedness against cyber attacks, do know that there is a way out. While NOBODY can ever truly prevent a ransomware attack, you can strengthen your defence against it.

Start by getting your cyber crisis incident response plans and ransomware response plans in order today. Have them professionally reviewed by virtual cybersecurity experts and ensure that they're fit for purpose.

You should also test these plans in a simulated attack environment through a Ransomware Tabletop Exercise. An experienced cybersecurity expert will put your tech and Incident Response team in a verbally simulated attack scenario where they will test their own best laid plans and their decision-making abilities in the face of chaos. You will then be presented with a report on what the gaps in your organisation's ransomware readiness are and how you can fix them.

Ransomware attacks are going nowhere in 2023. They will only become more ubiquitous & complex. The only way to ensure that you are able to mitigate the damage to your business is by bolstering your readiness against them.

View full post