A Look Back On 2020 Ransomware

2020 was an unpredictable year in many ways.

It taught us that cybersecurity and protection from outside attacks are even more important for businesses as an increasing number of employees are working primarily from home. This number will settle around 20 to 30 percent soon.

One popular form of cyber attack is ransomware, a type of malicious software (also called malware) that encrypts your files and demands a ransom payment in exchange for the decryption key. Ransomware is spread through a variety of means, most typically through phishing emails or when a person visits an infected website.

Ransomware is more common than you might think — experts estimate that a ransomware attack will occur every 11 seconds in 2021.

In order to impart the seriousness of this threat, let’s look back at the most notable ransomware attacks from 2020.

Who Gets Attacked?

Any business that utilizes technology has the potential to be affected by a ransomware attack.

In 2020, the top five industries affected by ransomware included government, manufacturing, services, education, and healthcare. Manufacturing companies account for almost 25% of all ransomware attacks, followed by professional services (17%), and then government organizations (13%). The healthcare industry is a perennial victim of ransomware attacks, having paid $25 billion in damages in 2019 alone.

Regardless of your industry, you need to understand that you’re a potential (and likely) target. A recent study estimates that 60% of organizations worldwide have been hit by ransomware — would you bet on those odds?

That’s why you can’t make any assumptions about your cybersecurity. You have to be sure you’re protected from ransomware.

What Countries Are Affected?

By and large, the United States is most affected by ransomware attacks. This should come as no surprise, as the United States is one of the most industrialized countries in the world.

What Types of Attacks Happened In 2020?

With millions of ransomware-related incidents occurring every year, it’s impossible to list them all. Instead, we’ll examine some of the most notable ransomware attacks that occurred in the United States during 2020.

Ransomware attacks were spread throughout the year, with October having the largest number of attacks at 40.


At the beginning of the year, many of the ransomware attacks were targeted at education-related businesses. However, in Florida, patients of a medical practice in Miramar received ransom demands from a cybercriminal who threatened to release their private medical data unless a ransom was paid.


February saw an attack on Jordan Health in New York, a non-profit organization operating 9 health centers. The ransomware attack had shut down all of their IT systems.


A newer kind of ransomware called DoppelPaymer hit Connecticut-based medical and military contractor Kimchuk in March. This newer-strain of ransomware extracts data out of an infected network before encrypting user files.


Two healthcare organizations, Colorado-based Parkview Medical Center and Pennsylvania pharma giant ExecuPharm were affected by ransomware attacks in April. Parkview was attacked on April 21, resulting in several IT network outages disrupting the hospital’s ongoing battle with Covid-19. ExecuPharm suffered from encrypted servers that resulted in stolen corporate and employee data.


In a highly publicized attack, Grubman Shire Meiselas & Sacks, an NYC law firm representing celebrity clients like Elton John, Robert DeNiro and Madonna were a victim of an REvil ransomware attack. Hackers demanded payment in Bitcoin.

Pitney Bowes was also attacked in May by Maze ransomware for the second time in a year. The cybercriminal group behind Maze utilizes double extortion, an attack that increases pressure on its victims to pay by threatening to release important data in addition to encrypting systems.

Diebold Nixdorf, a provider of ATMs and payment technology located in Ohio, suffered from operations disruptions after a ransomware attack on its corporate network.

A Phoenix-based healthcare provider, Magellan Health, fell victim to ransomware after cybercriminals sent a phishing email while posing as a client. The hackers were able to steal records containing personal information before releasing ransomware to encrypt files.


The ransomware gang known as Maze attacked a mergers and acquisitions firm in New York called Threadstone Advisors. Business leaders reported that cybercriminals claimed that they stole and encrypted sensitive company data.

A healthcare company based in Rhode Island, Care New England (CNE), had servers attacked by ransomware in mid-June. The attack shut down the company’s website and other internal systems.


In Kansas, Garmin was attacked and forced to go offline for a period of three days. This attack is speculated to have originated from the Russian cybercriminal gang which calls itself “Evil Corp”.


Muskingum Valley Health Center in Ohio was forced to report that it potentially lost the personal information of more than 7,000 patients in a ransomware attack on its EHR system.

That same month, Chicago medical debt collection firm R1 RCM was targeted by a ransomware attack. R1 RCM is a large company with 19,000 employees and contracts with over 750 healthcare organizations nationwide. Few details are known about this attack.


University Hospital in New Jersey suffered a huge data breach, affecting 48,000 documents. The SunCrypt ransomware gang claimed responsibility for the attack.

Universal Health Services was also struck by a ransomware attack, likely initiated by the Ryuk gang. UHS operates 400 hospitals and healthcare facilities in the United States and the United Kingdom and treats millions of patients each year.


Seyfarth Shaw, a global law firm, was subject to an attack that shut down their entire system as a precautionary measure in October. The details of the attack have not been made public.

Dickinson County Healthcare System was the victim of an attack that shut down access to computer systems across its networks. Another healthcare organization, Sky Lakes Medical Center located in Klamath Falls Oregon was attacked by the Ryuk ransomware gang. The hospital had to resort to the use of pen and paper during the attack but reported that there was no evidence that patient information was compromised.

Lawrence Health System in New York had three hospitals affected by a ransomware attack that forced the diversion of ambulances. The Ryuk gang attacked the University of Vermont Health Network. This attack affected 20 medical facilities, including multiple facilities within the same hospital chain.


November proved to be another month wherein healthcare companies were attacked by cybercriminals. Sonoma Valley Hospital was forced to shut down computers company-wide. This attack was probably part of the Russia-backed campaign that may have affected as many as 400 healthcare organizations across the US.

Timberline Billing Service LLC, a medical billing company based in Iowa, was subject to a data breach that affected up to 116,131 individuals.

Patient names, addresses, birthdates and Social Security numbers held by US Fertility, a network of fertility clinics, were compromised by ransomware throughout the fall. The security incident was ongoing for several months.

Looking Forward In 2021

With 2020 now underwraps, it’s important that you consider your current and future cybersecurity. 2021 has already been a banner year, what with the major Microsoft Exchange hack that recently made headlines.

In March, Microsoft reported the discovery of a series of zero-day vulnerabilities within its Exchange environment, for which they have released emergency security updates and patches. These vulnerabilities could potentially put thousands of email servers used by organizations around the world at risk of infection with a range of malware types.

All of this just goes to show that you can’t “hope for the best” when it comes to cybersecurity. You have to do the work now to protect your organization.

How Can You Protect Your Business From Ransomware?

If reading about these ransomware attacks makes you wonder if your business is vulnerable to security breaches and cybercriminal attacks, don’t wait until you are attacked to come up with a plan.

Discovery IT offers comprehensive vulnerability testing that searches your existing systems for holes where cybercriminals can gain access. Call us at 409-727-7080 to schedule a review of your vulnerability and protect your business from a ransomware attack.

Not Ready To Speak With Us Yet?
Check Out Our Tech Insight.

Read The Discovery IT Tech Blog
(409) 727-7080