Top Five Ransomware Attacks So Far in 2022

Ransomware attacks

2022 is almost halfway through, and there have been quite a number of ransomware attacks; it’s not looking like something that’ll slow down anytime soon. Now that we are in the middle of the year, we would like to show you the top five ransomware attacks that have affected government organizations and businesses globally.

The idea of talking about these attacks is to let you know about them and look more into the intentions and strategies so that we can all be more aware of how dangerous they can be and prepare against them.

Ransomware strains are pretty similar to that of the coronavirus as they do not stop evolving and mostly become pernicious as time passes. This year, we’ve seen the emergence of several new RaaS (Ransomware-as-a-Service) gangs like Black Basta, Onyx, Mindware, and also the return of one of the most dangerous ransomware attacks operations in the world, REvil.

All organizations need to invest in ransomware mitigation and readiness if they want to protect themselves from the high cost of ransomware attacks – both reputational and monetary.

Below is a quick glance at the five main ransomware attacks that we’ve witnessed in the initial five months of 2022.

1. The Government of Costa Rica
This is likely the most talked-about attack this year as it is the first time a national emergency has been declared by a county because of a cyber attack. The initial ransomware attacks started in early April, which brought the country’s ministry of finance to its knees and impacted not only government services but also private sectors that are engaged in import and export.

Conti, a ransomware group, took responsibility for the initial ransomware attacks, asked the government to pay a ransom of ten million dollars, and later increased it to twenty million dollars.

Another attack happened in the Healthcare system of the country on the 31st of May, and it plunged the system into disarray. They linked this attack to HIVE, and it affected the social security fund of Costa Rica. The attack had a direct impact on the common Costa Rican as it took the Healthcare system of the country offline.

Even though there are many political implications and undertones in this attack and the chronology of how this attack unfolded will fill pages, the reason we listed this attack here is to show you the damaging and deep outcomes of a ransomware attack on government organizations.

2. Nvidia
This is the largest semiconductor chip company in the world, and in February 2022, a ransomware attack compromised it. According to the company, the threat actor had begun to leak the proprietary information and credentials of the employees online.

Lapsus$ is the ransomware group that took responsibility for this attack and said that they’ve got access to 1 terabyte of exfiltrated company data and that they’d leak the data online. The group also demanded one million dollars and a % of an undisclosed fee from Nvidia.

Several media stories stated that as the internal systems of Nvidia were compromised, the company had to move some parts of its business off the internet for 2 days. Nevertheless, the company later said that this attack didn’t have any impact on its operations at all.

Nvidia responded fast to this ransomware attack by solidifying its security and using cyber incident response experts instantly to contain the issue. According to some reports, Nvidia was able to hack the hacker back. The company was able to track the members of Lapsus$ and install ransomware infection on their computers, although we can’t confirm this report.

3. Bernalillo County, New Mexico
This attack was one of the first massive ones this year. On the 5th of January 2022, Bernalillo County discovered that it’d been the victim of a horrifying ransomware attack, which took a lot of county departments and government offices offline. However, the county officials made it known that they didn’t make any ransomware payments to the attackers.

Because this ransomware attack knocked the automatic doors and security cameras offline in the Metropolitan Detention Center, they had to confine the inmates to their cells. There was a failure in the cell doors’ electronic locking systems, which forced the Center to restrict the movement of inmates greatly. This restriction is a potential violation of the 25-year-old settlement agreement over the inmates’ confinement conditions.

Bernalillo County had no option but to file an emergency notice in the federal court because it was unable to comply with the agreement as a result of the malware attack.

4. SpiceJet
SpiceJet is an Indian airline, and ransomware attacks were attempted on its system earlier in 2022, which left hundreds of passengers stranded in different locations.

Even though the airline made it known that the ransomware attacks were only “attempted” and the company’s IT team was able to contain the issue, this incident exposed huge cybersecurity gaps in one of the largest aviation markets in the world.

The fact that the passengers of SpiceJet had to wait for information on their flight departures for more than six hours made an impact on the brand reputation of the airline, according to news reports. It also showed the importance of timely communication and emergency response in industries like aviation – an area where there’s good importance of Incident Response Planning.

5. Toyota
Between February and March this year, some gangs hacked three Toyota suppliers, which shows that irrespective of how secure your organization is, a determined attacker will try their best to find their way in.

When Kojima Industries, a Toyota supplier, was hit by a cyberattack, the company had to pause operations in fourteen Japanese plants. Because of this hack, it is said that the company had a massive 5% decrease in its monthly production capacity.

The worst thing is that two other Toyota suppliers, Bridgestone and Denso, also fell to ransomware attacks within eleven days. The subsidiary of Bridgestone experienced a ransomware attack that caused the production facilities and computer networks in North and Middle America to shut down. A ransomware group, Lockbit, claimed to be responsible for this attack.

As for Denso, Pandora is supposedly the name of the ransomware group that compromised the company.

Conclusion
Because of these five ransomware attacks in 2022 so far, we should now know how important it is for all businesses, no matter the size and scale, to invest in having a better cybersecurity infrastructure. They need to put serious thought into their ransomware response capabilities and readiness.

Archives