Looking for IT Support In Wichita? Call Us Now! (316) 788-1372

A Look Back to 2020 Ransomware

2020 has been an unpredictable year in many ways. Cybersecurity and protection from outside attacks are even more important for businesses as an increasing number of employees are working primarily from home.

written by paul bush posted on December 20, 2020

A Look Back to 2020 Ransomware

2020 has been an unpredictable year in many ways. Cybersecurity and protection from outside attacks are even more important for businesses as an increasing number of employees are working primarily from home. This number will settle around 20 to 30 percent soon. One form of cyber attack is ransomware, a form of malicious software, also called malware, that encrypts your files and demands a ransom payment in exchange for the decryption key.

Ransomware is spread through a variety of means, most typically through phishing emails or when a person visits an infected website. Ransomware is lucrative, costing businesses an estimated $20 billion by 2021. Here is a look back at publicized ransomware attacks from 2020. Is your business protected?

Who Gets Attacked?

Any business that utilizes technology has the potential to be affected by a ransomware attack. In fact, there are many types of businesses that are affected by ransomware. In 2020, the top five industries affected by ransomware included government, manufacturing, services, education, and healthcare.

What Countries are Affected?

By and large, the United States is most affected by ransomware attacks. This should come as no surprise, as the United States is one of the most industrialized countries in the world. So far this year there have been over 220 ransomware attacks worldwide. An astonishing 123 of those attacks have occurred in the United States.

What Types of Attacks Happened in 2020?

Let’s take a look at some of the ransomware attacks that occurred in the United States during 2020. Ransomware attacks were spread throughout the year, with October having the largest number of attacks at 40.


At the beginning of the year, many of the ransomware attacks were targeted at education-related businesses. However, in Florida patients of a medical practice in Miramar received ransom demands from a cybercriminal who threatened to release their private medical data unless a ransom was paid.


February saw an attack on Jordan Health in New York, a non-profit organization operating 9 health centers. The ransomware attack had shut down all of their IT systems.


A newer kind of ransomware called DoppelPaymer hit Connecticut-based medical and military contractor Kimchuk in March. This newer-strain of ransomware extracts data out of an infected network before encrypting user files.


Two healthcare organizations, Colorado-based Parkview Medical Center and Pennsylvania pharma giant ExecuPharm were affected by ransomware attacks in April. Parkview was attacked on April 21, resulting in several IT network outages disrupting the hospital’s ongoing battle with Covid-19. ExecuPharm suffered from encrypted servers that resulted in stolen corporate and employee data.


In a highly publicized attack, Grubman Shire Meiselas & Sacks, a NYC law firm representing celebrity clients like Elton John, Robert DeNiro and Madonna were a victim of REvil ransomware attack. Hackers demanded payment in Bitcoin.

Pitney Bowes was also attacked in May by Maze ransomware for the second time in a year. The cybercriminal group behind Maze utilizes double extortion, an attack that increases pressure on its victims to pay by threatening to release important data in addition to encrypting systems.

Diebold Nixdorf, a provider of ATMs and payment technology located in Ohio, suffered from operations disruptions after a ransomware attack on its corporate network.

A Phoenix-based healthcare provider, Magellan Health, fell victim to ransomware after cybercriminals sent a phishing email posing as an email sent from a client. The hackers were able to steal records containing personal information before releasing ransomware to encrypt files.


The ransomware gang known as Maze attacked a mergers and acquisitions firm in New York called Threadstone Advisors. Business leaders reported that cybercriminals claimed that they stole and encrypted sensitive company data.

A healthcare company based in Rhode Island, Care New England (CNE), had servers attacked by ransomware in mid-June.  The attack shut down the company’s website and other internal systems.


In Kansas, Garmin was attacked and forced to be completely offline for a period of three days. This attack is speculated to have originated from the Russian cybercriminal gang which calls itself “Evil Corp”.


Muskingum Valley Health Center in Ohio was forced to report that it potentially lost the personal information of more than 7,000 patients in a ransomware attack on its EHR system.

That same month, Chicago medical debt collection firm R1 RCM was targeted by a ransomware attack. R1 RCM is a large company with 19,000 employees and contracts with over 750 healthcare organizations nationwide. Few details are known about this attack.


University Hospital in New Jersey suffered a huge data breach, affecting 48,000 documents. The SunCrypt ransomware gang claimed responsibility for the attack.

Universal Health Services was also struck by a ransomware attack, likely initiated by the Ryuk gang. UHS operates 400 hospitals and healthcare facilities in the United States and the United Kingdom and treats millions of patients each year.


Seyfarth Shaw, a global law firm, was subject to an attack that shut down the entire system as a precautionary measure in October. The details of the attack have not been made public.

Dickinson County Healthcare System was the victim of an attack that shut down access to computer systems across its networks. Another healthcare organization, Sky Lakes Medical Center located in Klamath Falls Oregon was attacked by the Ryuk ransomware gang. The hospital had to resort to the use of pen and paper during the attack but reported that there was no evidence that patient information was compromised. Lawrence Health System in New York had three hospitals affected by a ransomware attack that forced the diversion of ambulances. The Ryuk gang attacked the University of Vermont Health Network. This attack affected 20 medical facilities, including multiple facilities within the same hospital chain.


November proved to be another month where healthcare companies were attacked by cybercriminals. Sonoma Valley Hospital was forced to shut down computers company-wide. This attack was probably part of the Russia-backed campaign that may have affected as many as 400 healthcare organizations across the US.

Timberline Billing Service LLC, a medical billing company based in Iowa, was subject to a data breach that affected up to 116,131 individuals.

Patient names, addresses, birthdates and Social Security numbers held by US Fertility, a network of fertility clinics, were compromised by ransomware throughout the fall. The security incident was ongoing for several months.

How Can You Protect Your Business From Ransomware?

If reading about these ransomware attacks makes you wonder if your business is vulnerable to security breaches and cybercriminal attacks, don’t wait until you are attacked to come up with a plan. OneSource Technology offers comprehensive vulnerability testing that searches your existing systems for holes where cybercriminals can gain access. Call us at 316-788-1372 to schedule a review of your vulnerability and protect your business from a ransomware attack today.

OneSource Technology Tips & Articles