Ransomware attacks have seen year-on-year growth with no signs of slowing down as cybercriminals are using new ransomware software and diversifying their target industries. According to Sharkstriker, there has been an estimated 2.3 billion ransomware attacks in 2022, an 80% increase since 2021 (Zscaler, 2022).

The threat of these attacks is global and is being perpetrated by highly skilled hackers who are notoriously hard to detect and prosecute, allowing them to perform attacks repeatedly on many companies in many sectors. There are many factors that make a ransomware attack worse than others including the amount of data that is accessed, the type of data, the ransom demand and the effect it had on the company and wider society making it difficult to determine one as worse than the other, however below are several severe attacks that occurred in 2022.

What is a ransomware attack?

A ransomware attack is when a cybercriminal uses malware to lock a company’s network control, encrypt their data and demand a ransom in exchange for unlocking the system and decrypting the data. If the ransom is not paid, the data is normally released to the public or sold on the dark web.

1) Costa Rica Government

Ransom Amount - $30 million

Ransomware Group: Conti Group

In April, Costa Rica declared a national state of emergency after 30 of its government institutions suffered ransomware attacks over the space of a few weeks. Conti, a Russian ransomware group claimed the attack which encrypted hundreds of gigabytes of sensitive information. As well as the threat of leaking the data, it also resulted in widespread disruption in the country’s foreign trade, tax and customs systems and civil servant payroll. Many reasons have been suggested as to why Costa Rica became a target such as it siding with Ukraine in the war with Russia, it’s recent presidential election or even spying going on within the Costa Rican government. In any case, it has raised concerns for other smaller nations that do not have the level of security that nations in Europe or the USA have. In the end, Costa Rica refused to pay the ransom which resulted in 50% of the encrypted data to be released to the public.

2) Nvidia

Ransom Amount - $1 million and a percentage of an unspecified fee

Ransomware Group: Lapsu$

Nvidia, the largest gaming chip company in the world declared it had been the victim of a ransomware attack on February 23^rd. The attack resulted in Nvidia’s internal systems being compromised causing disruption with email systems and developer tools, taking two days for the company to get their systems partially running again. Leaked messages between the company and the ransomware group show that they had stolen over 1TB of sensitive data including the source code, customer data and employee login information. It is unclear whether Nvidia paid any of the ransom, however, at least some of the data was leaked online the same week.

3) Optus

Ransom Amount - $1 million

Ransomware Group: Unknown

In September 2022, Australian telecommunications company Optus declared a ransomware attack that had encrypted 11.2 million customers’ data. Australian Minister for home affairs and cyber security, Clare O’Neil, stated the attack was an “unprecedented theft of consumer information in Australian history.” The data included highly sensitive information such as addresses, passport details, and birthdates. Instead of a group being responsible, a lone threat actor claimed responsibility for the attack proving his access by posting 10,000 of the stolen data online and threatened to release more if the ransom was not paid. Strangely however, shortly thereafter he rescinded his $1 million ransom and claimed to have deleted the stolen data. Optus have stated that they have improved their security in response to the attack.

4) Toyota

Ransom Amount - Unknown

Ransomware Group – LockBit, Pandora

Over the course of February and March, multiple Toyota suppliers, Kojjima Industries, Denso and Brisgestone, became victims of ransomware attacks. There were worldwide repercussions from these attacks with plants and factories in Central America, North America and Japan ceasing operation while the attacks were dealt with, resulting in a 5% decrease in productivity for the company. Two separate groups, Pandora and LockBit, claimed the attacks and threatened to leak the data if the unknown ransom amount was not paid. Initially, it was unclear if any customer data was compromised in the attack but after internal cyber investigations, the companies found that the groups had gained access to partial customer data including bank information and social security numbers. Though the suppliers refused to pay any type of ransom it remains unclear whether any data has actually been released to the public as of yet.

5) Bernalillo County, New Mexico

Ransom Amount - Unknown

Ransom Group - Unknown

At the very beginning of 2022, on January 5^th, New Mexico’s largest county found itself under attack with several of its departments and offices offline. Unlike other attacks listed, this attack was not significant because of a potential leak of data but rather due to the effect of system’s being offline had on wider society. County services such as voter registry, transfer of deeds and marriage license grants were limited with some not returning online for several days or weeks. In addition, county jails’ automatic door systems and security camera were shut off in the attack, and as a result, inmates were confined to their cells for days – a violation of inmate confinement. The county refused to pay any ransom to the unknown actor/s, and took months to fully recover from the attack.

This attack in particular shows how even if stealing data is not the main goal, entities and societies can face massive and serious disruption.

The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.

Sources:

https://www.cybersecuritydive.com/news/optus-ransomware-retracted/632763/

https://www.jdsupra.com/legalnews/bridgestone-americas-inc-releases-6242225/#:~:text=On%20August%2031%2C%202022%2C%20Bridgestone%20Americas%20sent%20out%20data%20breach,the%20recent%20data%20security%20incident.

https://www.cm-alliance.com/cybersecurity-blog/5-major-ransomware-attacks-of-2022

https://www.techtarget.com/searchsecurity/news/252512445/Bernalillo-County-ransomware-attack-still-felt-weeks-later

https://sharkstriker.com/blog/top-10-ransomware-attack/

https://www.techfunnel.com/information-technology/halloween-special-the-scariest-cyber-attacks-of-2022/

https://growthbusiness.co.uk/businesses-beware-5-major-ransomware-attack-cases-in-2022-that-victimised-businesses-2560915/

https://www.zscaler.com/press/zscaler-threatlabz-2022-ransomware-report-reveals-record-number-attacks-and-nearly-120-growth

https://www.bcs.org/articles-opinion-and-research/the-biggest-cyber-attacks-of-2022/

https://securityintelligence.com/news/costa-rica-state-emergency-ransomware/

https://statescoop.com/bernalillo-county-cybersecurity-policy-ransomware/

https://threatpost.com/bridgestone-hit-as-ransomware-torches-toyota-supply-chain/178998/

https://www.scmagazine.com/brief/ransomware/cyberattacks-target-toyota-suppliers

https://www.cpomagazine.com/cyber-security/toyotas-supply-chain-cyber-attack-stopped-production-cutting-down-a-third-of-its-global-output/

https://portswigger.net/daily-swig/cyber-attack-on-nvidia-linked-to-lapsus-ransomware-gang

https://informationsecuritybuzz.com/what-caused-the-ransomware-attack-on-toyota-experts-insight/

https://www.itworldcanada.com/article/cyber-security-today-march-7-2022-more-damage-from-the-nvidia-hack-real-customer-data-exposed-the-unexplained-closing-of-a-criminal-forum-and-more/475019

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.