With each passing year, the ransomware environment expands and becomes more complicated, and 2022 was no exception. We quickly review five significant ransomware attacks that have already affected companies and governmental institutions throughout the world as the first half of the year draws to a close.
In order for us to collectively be more aware of the plague of ransomware and be better prepared against such assaults, the goal behind mapping these significant attacks—and these are only 5 of many—is to take a deeper look at the techniques and intents of the cybercriminals.
Similar to COVID-19 viral strains, ransomware strains are constantly developing and often becoming worse over time. In addition, numerous new ransomware-as-a-service (RaaS) gangs have already appeared this year, including Mindware, Onyx, and Black Basta. REvil, one of the most deadly ransomware operations in the world, has also made a comeback.
However, before we get further into ransomware prevention and defense techniques, let’s take a brief look at the five most significant assaults that have occurred in the first five months of 2022.
In February 2022, a ransomware outbreak affected the biggest semiconductor chip firm in the world. The business acknowledged that the threat actor had begun posting employee login details and confidential data online.
Lapsus$, a ransomware organization, claimed responsibility for the assault and said it had access to 1TB of stolen corporate data that it planned to post online. Additionally, it requested $1 million as well as a portion of an undefined sum from Nvidia.
According to many media reports, Nvidia had to take some of its operations down for two days because its internal systems were vulnerable. Later on, the business said that the assault had had no effect whatsoever on its operations.
Nvidia quickly hardened its security in reaction to the ransomware assault and instantly hired cyber incident response specialists to help manage the problem. According to some sources, Nvidia reportedly hacked the hacker in return. It seems to have tracked Lapsus$ members and infected their computers with malware. However, this cannot be verified or supported.
Government of Costa Rica
Given that it was the first time a government declared a national emergency in reaction to a cyberattack, this incident has likely received the most attention in 2022. Early in April, the first ransomware assault on the country started, crippling the ministry of finance and affecting both government services and the import/export activities of the business sector.
The initial assault was claimed by the ransomware organization Conti, who demanded a $10 million (and eventually a $20 million) ransom from the government.
Another assault on May 31 completely devastated the nation’s healthcare system. The Costa Rican social security fund was impacted by this assault, which was related to HIVE. Due to the disruption of the nation’s healthcare services, this assault immediately impacted the average Costa Rican citizen.
Although this assault has numerous political overtones and ramifications, and the timeline of how it happened might occupy many pages, the objective of including it on our list is to illustrate the serious consequences that a ransomware attack may have on governmental institutions.
If sufficient funds are not allocated to ransomware preparation, protection strategies, and the provision of cybersecurity training to workers, staff members, etc. for reacting to such assaults, whole countries may become paralyzed.
Bernalillo County, New Mexico
One of the first significant assaults of 2022 was this. On January 5, the biggest county in New Mexico learned that it had been the target of a crippling ransomware assault that had shut down a number of county agencies and offices. However, according to the county authorities, they did not pay the hackers’ demanded ransom.
This ransomware assault attracted special attention to the county since it shut down a prison, in addition to the considerable public concern that results from any government function falling down.
Inmates had to be kept inside their cells as a result of the ransomware assault taking down the security cameras and automated doors at the Metropolitan Detention Center. Due to malfunctioning electronic locking devices on the cell doors, the Center was forced to significantly limit prisoners’ freedom of movement, perhaps in breach of a 25-year-old settlement agreement regarding the detention of detainees.
Due to its failure to abide by the agreement as a result of the malware assault, the county was forced to submit an emergency notice in federal court.
We bring this up to show the range of ways that ransomware attacks may impact customer welfare, corporate operations, and the general health of government or commercial entities.
Three Toyota suppliers were hacked in February and March 2022, demonstrating to us that no matter how secure your organization may be, a determined threat actor can and will find a way to get in.
Toyota had to cease operations in 14 of its Japanese factories after a cyber-attack—not necessarily a ransomware attack—hit one of its suppliers, Kojima Industries. According to reports, this attack caused a staggering 5% decrease in the company’s monthly manufacturing capacity.
What’s worse is that Denso and Bridgestone, two more Toyota suppliers, were victimized by ransomware assaults over the course of 11 days. A ransomware assault on a Bridgestone subsidiary’s computer networks and manufacturing sites in Middle and North America resulted in their being shut down. This assault was admittedly the work of Lockbit.
In the instance of Denso, a group firm in Germany was allegedly taken advantage of by the Pandora ransomware organization. The lesson here is straightforward but terrifying: Even companies with Toyota’s resources are susceptible to these big cyber-attacks. What does this imply for smaller companies with limited resources and knowledge?
Earlier this year, the Indian airline SpiceJet tried a ransomware assault, which left hundreds of customers stuck throughout the nation.
Although the airline emphasized that the ransomware assault was simply an “attempt” and that its IT staff was able to control the issue, the event showed severe cybersecurity flaws in one of the biggest aviation marketplaces in the world.
It brought to light the need for airlines in India and throughout the world to assess their ransomware preparation and step up their ability to react to such attacks promptly and efficiently.
According to press sources, SpiceJet’s image suffered since customers had to wait more than 6 hours for information on the departure of their flights. It also demonstrated the need for prompt emergency response and communication in fields like aviation, where effective incident response planning may have a significant impact.
How can iTechwares help you?
iTechwares specialized in ransomware hack recovery process and negotiating. We have a bunch of experienced ethical hacker who can crack the ransomware code to decrypt your hacked data. Contact us today to get the best ransomware hack recovery service.