Top 5 Ransomware Attacks of 2022

Top 5 Ransomware Attacks of 2022 | White Blue Ocean

Ransomware attacks have seen year-on-year growth with no signs of slowing down as cybercriminals are using new ransomware software and diversifying their target industries. According to Sharkstriker, there has been an estimated 2.3 billion ransomware attacks in 2022, an 80% increase since 2021 (Zscaler, 2022).

The threat of these attacks is global and is being perpetrated by highly skilled hackers who are notoriously hard to detect and prosecute, allowing them to perform attacks repeatedly on many companies in many sectors. There are many factors that make a ransomware attack worse than others including the amount of data that is accessed, the type of data, the ransom demand and the effect it had on the company and wider society making it difficult to determine one as worse than the other, however below are several severe attacks that occurred in 2022.

What is a ransomware attack?

A ransomware attack is when a cybercriminal uses malware to lock a company’s network control, encrypt their data and demand a ransom in exchange for unlocking the system and decrypting the data. If the ransom is not paid, the data is normally released to the public or sold on the dark web.

1) Costa Rica Government

Ransom Amount - $30 million

Ransomware Group: Conti Group

In April, Costa Rica declared a national state of emergency after 30 of its government institutions suffered ransomware attacks over the space of a few weeks. Conti, a Russian ransomware group claimed the attack which encrypted hundreds of gigabytes of sensitive information. As well as the threat of leaking the data, it also resulted in widespread disruption in the country’s foreign trade, tax and customs systems and civil servant payroll. Many reasons have been suggested as to why Costa Rica became a target such as it siding with Ukraine in the war with Russia, it’s recent presidential election or even spying going on within the Costa Rican government. In any case, it has raised concerns for other smaller nations that do not have the level of security that nations in Europe or the USA have. In the end, Costa Rica refused to pay the ransom which resulted in 50% of the encrypted data to be released to the public.


2) Nvidia

Ransom Amount - $1 million and a percentage of an unspecified fee

Ransomware Group: Lapsu$

Nvidia, the largest gaming chip company in the world declared it had been the victim of a ransomware attack on February 23rd. The attack resulted in Nvidia’s internal systems being compromised causing disruption with email systems and developer tools, taking two days for the company to get their systems partially running again. Leaked messages between the company and the ransomware group show that they had stolen over 1TB of sensitive data including the source code, customer data and employee login information. It is unclear whether Nvidia paid any of the ransom, however, at least some of the data was leaked online the same week.


3) Optus

Ransom Amount - $1 million

Ransomware Group: Unknown

In September 2022, Australian telecommunications company Optus declared a ransomware attack that had encrypted 11.2 million customers’ data. Australian Minister for home affairs and cyber security, Clare O’Neil, stated the attack was an “unprecedented theft of consumer information in Australian history.” The data included highly sensitive information such as addresses, passport details, and birthdates. Instead of a group being responsible, a lone threat actor claimed responsibility for the attack proving his access by posting 10,000 of the stolen data online and threatened to release more if the ransom was not paid. Strangely however, shortly thereafter he rescinded his $1 million ransom and claimed to have deleted the stolen data. Optus have stated that they have improved their security in response to the attack.


4) Toyota

Ransom Amount - Unknown

Ransomware Group – LockBit, Pandora

Over the course of February and March, multiple Toyota suppliers, Kojjima Industries, Denso and Brisgestone, became victims of ransomware attacks. There were worldwide repercussions from these attacks with plants and factories in Central America, North America and Japan ceasing operation while the attacks were dealt with, resulting in a 5% decrease in productivity for the company. Two separate groups, Pandora and LockBit, claimed the attacks and threatened to leak the data if the unknown ransom amount was not paid. Initially, it was unclear if any customer data was compromised in the attack but after internal cyber investigations, the companies found that the groups had gained access to partial customer data including bank information and social security numbers. Though the suppliers refused to pay any type of ransom it remains unclear whether any data has actually been released to the public as of yet.


5) Bernalillo County, New Mexico

Ransom Amount - Unknown

Ransom Group - Unknown

At the very beginning of 2022, on January 5th, New Mexico’s largest county found itself under attack with several of its departments and offices offline. Unlike other attacks listed, this attack was not significant because of a potential leak of data but rather due to the effect of system’s being offline had on wider society. County services such as voter registry, transfer of deeds and marriage license grants were limited with some not returning online for several days or weeks. In addition, county jails’ automatic door systems and security camera were shut off in the attack, and as a result, inmates were confined to their cells for days – a violation of inmate confinement. The county refused to pay any ransom to the unknown actor/s, and took months to fully recover from the attack.

This attack in particular shows how even if stealing data is not the main goal, entities and societies can face massive and serious disruption.


The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.



The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Related news

SIAE Data Breach

News of the latest cyberattack comes from Italy, where on the afternoon of the 20th October it was disclosed that SIAE, the Italian Society of Authors and Publishers, was targeted by a ransomware attack. SIAE, which was founded in 1882, is the Italian copyright collecting agency for artists in different areas of the entertainment industry, including television, music, theatre, visual arts and literature, and aims to guarantee that artists receive the right remuneration for their work.

Read more
Ransomware attack results in the shutdown of the Colonial Pipeline

The cyberattack that at the beginning of May targeted and caused the shutdown of the Colonial Pipeline, the largest fuel pipeline in the US, was a powerful example of the threat posed by the rising number of ransomware attacks, and the detrimental effect they can have not only on businesses but on national critical infrastructure.

Read more
The growing cloud of cyberwarfare

Cyberwarfare might seem like a threat of the future, but the reality is that cyberwarfare acts, that have the power to disrupt normal life as we know it and cause destruction in the physical world, are a present danger.

Read more
Quishing – Phishing just got an upgrade
Quishing – Phishing just got an upgrade

QR codes have become very popular in recent years and can be used for many purposes. Cybercriminals exploit them to lure users into sharing a variety of personal information such as credentials and financial data. As the number of quishing attacks continues to grow, it is important to know how to protect.

Read more
2022 CRIF Cyber Observatory  - First semester
2022 CRIF Cyber Observatory - First semester

In the first half of 2022, over 850,000 alerts were sent, mainly related to data found on the dark web. The type of data found: email, password, username, postal address, phone number and other valuable data for hackers.

Read more
LockBit 3.0: the most prolific ransomware group in the world | White Blue Ocean
Who Are LockBit 3.0?

At the moment LockBit 3.0 stands out as the world’s most successfully run ransomware group and have conducted over 850 attacks in 2023. Their unique way of operating has allowed them to collect $91m in ransom since 2020, with FBI monitoring showing limited impact so far.

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!