Top 10: Ransomware Payments

The ethical debate about ransomware payments has ramped up recently, following numerous high-profile incidents. The sad reality for victims is that it is more expensive not to pay a ransomware demand due to the loss of business, reputational damage and cost of rebuilding a network.

This is primarily why ransom demands have soared recently. A study by Palo Alto Networks found that the average payment rose by 171% in 2020 compared with 2019. It has even been reported that ransomware gang DarkSide has retired on $90m in Bitcoin.

Infosecurity has compiled a list of the largest confirmed, or at least widely reported, ransomware payments at the time of writing. Notably, most incidents have taken place in the past 18 months. Yet, in the murky world of ransomware, many payments are not officially confirmed, and it’s plausible that other payments have occurred that are not public knowledge.


1) CNA Financial (2021) — $40m

One of the US’ largest insurance firms, CNA Financial, reportedly agreed to pay $40m after its IT systems were locked down and data was stolen by threat actors. This is by far the largest known ransomware payment to date.


2) JBS Foods (2021) — $11m

In June 2021, meat processing company JBS Foods confirmed it paid its extorters $11m, which it said was necessary to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”


3) Blackbaud (2020) — $10m

It was reported last year that US cloud computing firm Blackbaud paid attackers $10m after being struck with a combined ransomware and data breach attack. The incident is thought to have led to personal information being compromised at a number of university institutions and charities.


4) Garmin (2020) — $10m

Unconfirmed reports circulated last year that the personal fitness giant paid its extorters $10m following a cyber-attack that forced its website and mobile app to go down.


5) CWT Global (2020) — $4.5m

US travel management company, CWT Global, paid $4.5m to hackers after highly sensitive information was stolen and 30,000 computers were taken offline.


6) Brenntag (2021) — $4.4m

The German chemical distribution company reportedly paid a $4.4m ransom after the DarkSide ransomware gang encrypted corporate devices and stole up to 150GB of data from its North American division.


7) Colonial Pipeline (2021) — $4.4m

The notorious attacks on Colonial Pipeline in May 2021 forced the largest fuel pipeline in the US offline for five days. A $4.4m ransom was subsequently paid to the DarkSide gang by the firm, but, encouragingly, the majority of the funds were recovered by the US Department of Justice.


8) Travelex (2020) — $2.3m

The foreign exchange company’s systems were taken offline for almost two weeks at the start of 2020, and its services were only restored after a massive payment was sent to the attackers. The incident is believed to have contributed to Travelex’s administration in August 2020.


9) Internet Nayana (2017) — $1.14m

The only incident on the list to have taken place pre-2020. In 2017, Korean web-hosting firm Nayana paid out what was, at the time, a record ransom to
hackers after more than half of its servers were taken out in an attack.


10) Uni of California, San Francisco (2020) – $1.14m

Last year, the renowned US university confirmed it paid $1.14m to the Netwalker ransomware gang after they encrypted critical academic data related to its COVID-19 research.

What’s Hot on Infosecurity Magazine?