Elise Silagy

January 3, 2020

The 8 Most Expensive Cyberattacks of 2019

In 2019, governments and companies in the United States faced a barrage of ransomware attacks. In all, 103 federal, state, and municipal governments and agencies, 759 healthcare providers, and 86 universities, colleges, and school districts were impacted by ransomware attacks. The potential cost could be more than $7.5 billion, and that’s only for US-based organizations. 
That figure doesn’t even take into account lost employee productivity, how many people hours had to be diverted to deal with cyber incidents, and how many patients, students, and other private citizens were affected either directly or indirectly. Students saw tests and admissions services halted, medical records were lost, and some surgeries were canceled. Emergency services, including 911, were interrupted, putting countless lives at risk.
Here’s a look back at 2019’s most expensive cyberattacks.

CapitalOne Breach

Cost: Between $100 million and $150 million.
The CapitalOne hack affected nearly 100 million Americans as well as 6 million Canadians. The hacker managed to gain unauthorized access to 140,000 Social Security Numbers, 1 million Canadian Social Insurance Numbers, and 80,000 bank accounts as well as an undisclosed number of client names, addresses, credit scores, credit limits, and balances as well as other personal information. 
The expected cost of this breach is estimated between $100 million and $150 million.

Norsk Hydro Attack

Cost: At least $52 million
In March, Norsk Hydro (a Norwegian aluminum company with over 35,000 employees in over 40 countries) was targeted by LockerGoga malware and forced to shut down or isolate several manufacturing plants while other plants were forced to continue operations in manual mode. 
Though it isn’t clear how the Norsk Hydro systems became infected (phishing has been ruled out), the malware was still able to encrypt files, forcibly log victims off of the infected systems, and remove the ability for users to log back on. Though Norsk Hydro was able to determine the causes of the attack, the fact that users are logged off and left unable to log back on means that some victims may not even receive the ransom note at all.
As of last April, the company estimated that the cost of repairing the damage inflicted by the malware would likely be at least $52 million.

Baltimore Ransomware Attack

Baltimore Ransomware Attack
Cost: Up to $18 million
Last May, thousands of city computers in Baltimore were encrypted with RobbinHood malware, and the hackers demanded approximately $76,000 in Bitcoins. Though the city refused to pay the ransom, the entire ordeal ended up costing approximately $18 million. Critical systems, including email service for city employees, were affected, and during the downtime, citizens of Baltimore were unable to pay their water bills or have real estate transactions processed.

Texas Ransomware Attacks

Cost: At least $12 million
Over the summer, 22 local governments in the state of Texas fell victim to a coordinated ransomware attack. Though the hackers demanded $2.5 million, the state refused to give in. Unfortunately, even without paying the ransom, the entire incident still ended up costing over $12 million

Grays Harbor Phishing & Ransomware Attack

Cost: Undisclosed
Both the Greys Harbour Community Hospital and the Harbor Medical Group were hit with a ransomware attack this year, during which hackers demanded $1 million. The attack started when an employee clicked on a malicious link in a phishing email. That employee’s machine then went on to infect systems at several clinics in Greys Harbor, though the hospital’s older software prevented the ransomware from being able to properly install itself on the main system.
As a result of the attack, clinics needed to revert to paper records. This pervasive form of malware infected not only the main system but also computer backups of medical records. Though it still isn’t clear whether or not the company decided to pay the ransom, some medical records have yet to be recovered and are feared permanently lost.
The group has cyber insurance that will cover up to $1 million in damages and lost income (since billing was affected during the incident). However, the total cost of the incident, including patient disruptions, is still unknown.

Asurion Ransomware Attack

Cost: $300,000
Asurion (a global phone insurance and tech support company), based in Nashville paid at least $300,000 in ransom to a hacker who claimed that he had managed to steal the private information of thousands of employees as well as the names, addresses, phone numbers, and account numbers of more than a million customers. Though the company believes that the hacker, in fact, accessed far less information, they still paid $300,000 of the $350,000 demanded ransom in $50,000 per day installments.
The hacker, a former employee, named Nicholas Burks, was arrested after the company noticed that a corporate laptop was missing and that the last known login was by Burks, who had also used the stolen laptop to access the corporate network multiple times in the days before his termination.

DHC Health Systems Ransomware Attack

Cost: Undisclosed
In early October of this year, hospitals across Alabama were hit with a widespread ransomware attack that forced them to shift their operations into manual mode, relying on paper copies of charts and medical records until the IT system could be repaired. The hospitals were all members of the DCH Health Systems hospital group and included the DCH Health Systems Regional Medical Center, Northpoint Medical Center, and Fayette Medical Center.
In order to return to normal operations, the group ended up paying the hackers an undisclosed amount in exchange for the digital key to decrypt the system.

University Attacks by Iranian Hackers

University Attacks by Iranian Hackers
Cost: Intellectual Property
As of this year, Iranian hackers have targeted at least 380 universities in over 30 countries using phishing emails. The goal of the hacker group (dubbed Cobalt Dickens) is to steal intellectual property, which is then either exploited or sold for profit. The phishing emails claim they are coming from the school’s library, and ask the user to reactivate their account by clicking on an infected link.
Though previous iterations of this attack used URL shorteners to obscure the fact that the links didn’t go to the library’s website, the newest version has managed to spoof the school website’s URL so that the link appears genuine. Once the user clicks on the link, they are then asked to input their library login credentials on a spoofed version of the library’s actual site. 
Malware detection software has been hindered because the group used publicly available tools and code from GitHub to conduct the attacks instead of using traditional, and easily recognizable, malware. 
Malware, and ransomware, in particular, continues to grow in popularity among hackers. As such, cybersecurity awareness is only becoming more critical for organizations and companies of all sizes. As part of your organization’s new year’s resolutions, you should take the time to review your cybersecurity policies, train employees, and consider partnering with a Managed Security Services Provider to better safeguard your organization’s digital assets.

Related Posts

VirtualArmour Solutions

Detection, investigation, and resolution of your security alerts
Prevention and visibility to protect you from a breach.
Support and monitoring of your firewall and overall security
Evaluation of your infrastructure for vulnerabilities and security gaps.
Team of cybersecurity experts that can bolster your existing security team or supplement light IT staff – to manage and monitor networks, devices, & assets.

Level of Need

Essential Services

Requirements for devices, investigations, and tickets are for a smaller IT environment that needs less.
Requirements for devices, investigations, and tickets are for a larger IT environment that needs continuous white glove service.
One time engagement. Single Service Implementation.


Become a Partner

VirtualArmour partners with companies focused on providing solutions for cybersecurity

Portal Login

About VirtualArmour

Our Team

When people, process, and technology work together, great things happen.

Articles and Resources

Your best resource for articles, tips and best practices for every cyber security situation.

Technology Partners

Learn more about how our team supplies and services, the latest hardware and software solutions.


Read about life at VirtualArmour and search for current openings.


Read more about the industries we serve and our solutions to keep you safe.