Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
5 Largest Ransomware Attacks of 2021 Explained

The Five Largest Ransomware Attacks of 2021 Explained

The Five Largest Ransomware Attacks of 2021 Explained

2021 was a banner year for ransomware, which is a type of malicious software that encrypts files, disrupts the operations of companies, and asks for a ransom in exchange for the release of the data. Attacks have devastated companies of all shapes and sizes, and crippled hospitals, fuel pipelines, food supply organizations and more. The numbers bear witness to the devastation. Ransomware nearly doubled in frequency in 2021 and now accounts for 10 percent of all breaches targeting organizations today, according to the Verizon Data Breach Report. What’s more, 37 percent of organizations reported being the victim of a ransomware attack during the year in some form — a staggering number by any metric.

Over the course of 2021, we saw some milestone attacks that have defined how we look at the significance of ransomware during our time. These are attacks that are significant for managed service providers (MSPs) to know about, as they speak to the growing threats and risk that may someday reach their clients’ doors. Read on for some of the largest attacks that affected organizations this year. You might also want to learn how MSP360 provides ransomware protection.


MSPs are likely familiar with Kaseya, as it offers IT management software for MSPs and large organizations. In July, the company announced it had been hit by a ransomware attack that ultimately rippled out to affect 1,500 organizations around the world that use its software. The attackers, called REvil, demanded $70 million in ransom from the company, though it ultimately declined to pay and obtained a decrypter key through other means.


JBS is one of the largest meat suppliers in the US. A ransomware attack in May affected one of its largest US plants, as well as other locations in Australia and the United Kingdom. The attack affected meat supplies around the world and JBS ultimately paid $11 million in ransom to restore its operations. Similarly to Kaseya, this attack was also attributed to the REvil group.

Colonial Pipeline

The ransomware attack on the Colonial Pipeline, which supplies a significant proportion of the fuel to the East Coast of the United States, is perhaps one of the most memorable from the past year. The attack caused lines at pumps across the country, as it shut down the fuel pipeline for several days. The company ultimately paid attackers a $4.4 million ransom, though the FBI was ultimately able to recover about half of it.

Responding to a Data Breach: Guide for MSPs
Learn how to create a flexible and robust data breach response plan and prepare for the unexpected.

Whitepaper icon

New call-to-action


Organizations around the world also saw significant ransomware attacks. An attack on German chemical distributor Brenntag in April saw 150GB of data stolen from the organization, which attackers threatened to leak publicly. The company ultimately paid a ransom of $4.4 million to the attackers.

  New call-to-action

CNA Financial

Ransomware also hit one of the largest commercial insurers, CNA Financial, in March. The company ultimately had to pay $40 million to attackers to ensure that all of its systems could be fully restored and functioning.

MSPs have a critical role to play in making sure their customers are fully prepared to protect themselves against and respond to ransomware attack. These efforts can include, but are not limited to, ensuring that customers have full backups in place, are using software and network monitoring to detect signs of malware inside their organization, have patched and updated all systems, and are offering cybersecurity awareness training to all their employees.

There are no signs that these types of attacks will slow down any time soon. If anything, all the indications are that ransomware will continue to rise in the years to come. As trusted advisors to their customers, MSPs can help make sure that they are protected from this rising risk.

WP icon

New call-to-action
The MSP’s Response Guide to a Ransomware Attack

Read our free guide to learn about:

  • Common MSP vulnerabilities;
  • How to prepare for a ransomware attack to keep your clients safe;
  • Which actions response to a ransomware attack should involve;
  • How to manage clients while handling an attack.

Kurt Abrahams

About the author

Kurt Abrahams is the Vice President of Marketing at MSP360 with expertise in technology marketing, cybersecurity and AI based technology.

More articles by Kurt Abrahams