Just hours before the Fourth of July weekend, a huge, coordinated cyberattack hit hundreds of businesses across the world. A group of hackers broke in by exploiting a hole in the software code of an information technology company with a wide-ranging client base, then demanded $70 million in ransom.
A large grocery chain in Sweden shut down hundreds of stores. Schools in New Zealand warned that staff might not be able to use computers.
It was the biggest case yet of a scourge that affects the world’s companies and government agencies nearly every day, and that is only getting worse. In an analysis of publicly reported ransomware attacks against health-care providers, municipalities and schools, The Washington Post found that ransomware attacks in the United States more than doubled from 2019 to 2020.
To reconstruct the anatomy of a ransomware attack, The Post conducted its own data analysis and spoke with nearly a dozen cybersecurity experts, law enforcement officials, negotiators and victims. The Post used different examples to illustrate the components of how an attack happens. The resulting examination has five parts: the hackers, the hack, the negotiation, the payment and the aftermath.
[Hackers demand $70 million to unlock businesses hit by sprawling ransomware attack]
The costs of such attacks add up. Some experts conservatively estimate that hackers received $412 million in ransom payments last year.
“Criminals are economically motivated and they are not…
