IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

2021 Cyber Review: The Year Ransomware Disrupted Infrastructure

2021 will be remembered as the most disruptive year so far when it came to cyber attacks, with ransomware impacting businesses and governments — including critical infrastructure — as never before.

2021 in lights.jpg
Unsplash/Valentin Balan
What was the top cyber story in 2021? How will the cyber industry remember this year?

The headline answer clearly includes disruptive ransomware that, perhaps for the first time ever, seized global attention by crippling critical infrastructure — in the form of the Colonial Pipeline incident in the southeastern U.S.

And while the Colonial Pipeline leads the list of top cyber stories, there are many other critical infrastructures that were disabled by ransomware. Here is an excerpt on this topic from a "Lohrmann on Infrastructure" July blog:

“Back in April of this year, a BBC News headline read, 'The ransomware surge ruining lives.' And that was before the cyberattacks on critical infrastructure sectors like Colonial Pipeline, meat-processing giant JBS, the Irish Health Service and so many others.”

As the year progressed, President Biden warned Russian President Putin against cyber attacks on U.S. critical infrastructure:
And ransomware continues to headline across the Internet.

c|net — Hacks, ransomware and data privacy dominated cybersecurity in 2021: “The year started off on a sour security note. In January, the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency jointly suggested that Russia was responsible for an attack against SolarWinds, a Texas-based company whose software was used by everyone from the federal government to railroads, hospitals and major tech companies."

HelpNet Security — Alarming rise in cyberattacks against healthcare facilities, 68 attacks in Q3 2021 only: “Hackers sponsored by the Iranian government were inside the networks of a U.S. children’s hospital earlier this year, poised to launch a ransomware attack at any moment. And that’s just the tip of the iceberg. On Nov. 17, the United States, Britain, and Australia issued a joint warning that Iranian actors have conducted ransomware attacks against U.S. targets and gained access to a wide range of critical infrastructure networks, including the children’s hospital, that would enable more attacks.”

ZDNetFBI: Cuba ransomware group hit 49 critical infrastructure organizations: The FBI claimed the group has made at least $43.9 million in ransom payments.

Threatpost Cyber Command Publicly Joins Fight Against Ransomware Groups: “Cybercriminals who launch attacks on critical U.S. companies are going to be targeted by the branch of the military known as Cyber Command, and everyone has been put on notice.

"Gen. Paul Nakasone, who heads up Cyber Command, told the New York Times this weekend that his team isn’t just going after state actors, but that they’re taking on any cybercriminals who attack American infrastructure.”

And the stories on critical infrastructure being attacked just keep on coming, with this top story being released this past week from the Federal News Network suggesting that critical infrastructure threats require a national cyber strategy.


And yes, there were numerous other hot topics this year in cyberspace.

Just like last year with the late arrival of the SolarWinds supply chain disruptions, the December 2021 announcement of the very serious Log4j Apache vulnerability being under active attack jumped to the top of the worry list for cyber pros worldwide.

Indeed, this situation is still very fluid, with Amit Yoran, chief executive of Tenable, a network security firm, and the founding director of the U.S. Computer Emergency Readiness Team, saying this: "The Apache Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade."

Time will tell if Amit Yoran is right. But one thing is certain: We will be talking about Log4j well into 2022, with many 2022 cyber industry predictions (mine are coming to this blog later this week) now being revised with significant business impacts as a result of this vulnerability.

Next on the list, the number of data breaches in 2021 has again exceeded the year before.

This article from DropSecure highlights their top 5 scariest data breaches from 2021 — with 5 billion records starting the list off at Twitch: “Amazon-owned streaming service Twitch confirmed it suffered a huge data breach this week. A 'human error' committed when configuring a server created an exploitable vulnerability that led to reams of confidential information being leaked online.”

This article highlights the biggest health-care data breaches through November 2021, and this article highlights government and many other top data breaches in 2021.

By now, you are probably thinking — how about some good news on the cyber front from 2021?

Thankfully, dedicated state and local cyber grants were approved in 2021 and will be arriving in 2022. After more than a decade of making the case to federal leaders, state and local agencies are finally celebrating the passage of dedicated cyber funding for the public-sector organizations that desperately need more resources.


Looking back over past year-end cyber summaries can also teach us a wider story on the cyber industry. Consider these “Lohrmann on Cybersecurity and Infrastructure” annual security industry headlines from the past seven Decembers:

While there are several wider security trends one could name from this list, one unmistakable pattern is the continued merger between the physical world and our online cyber world. With the elections in 2016 and 2020, hurricanes in 2017 and now the pandemic in 2020, worldwide headline trends and major events are dramatically impacting our online worlds in disruptive, accelerating ways.

And in 2021, if you connect the dots, that trend continued in full force, with ransomware accelerating to cause physical disruptions to critical infrastructures that even children noticed. Back in mid-May of this year, I wrote this:

"I can easily picture this conversation between a six-year-old girl in the back seat of a car and her father driving her to school last week in North Carolina: 'Daddy, why are the cars all lined-up at the gas station? It wasn’t like this yesterday. What happened?'

“'Well honey, it was ransomware.'”

So will we see more conversations like this in 2022? Is ransomware going to get even worse? What other hot cyber trends will emerge?

Come back next time for a compilation of the cyber industry’s top 2022 prediction reports — along with best prediction awards.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.