Recent Ransomware attacks 2022

Recent Ransomware attacks 2022

Ransomware attacks have become very high in recent days. The ongoing attacks cause losses to lots of organizations. Knowledge of Ransomware and its anatomy is very important to mitigate these attacks. Some simple Protection and Response plans available can be useful in understanding the basics of the mitigation process. Let’s see some of the attacks by Ransomware groups on famous industries.

In January 2022, the ransomware attack on Bernalillo country in New Mexico can be considered the starting point of this year’s cyber-attack on a large scale. This attack causes many educational institutes and government institutes. The officials, however, said that they didn’t pay any ransom.

The famous sports manufacturer Puma had a data breach on their employee information. Almost 6000 employees’ personal information has been stolen. But the officials announced the customer’s data were not damaged.

Similarly, in Portuguese Media, Impresa was attacked by the Lapsus$ gang. This happened during the New year holidays blocking the organization’s websites and online services.

A multinational defense contractor, Hensoldt, which provides sensor solutions for the defense and security software for many US dense organizations, was under a Ransomware attack. Authorities didn’t reveal the details of the attack, but the ransomware group Lorenz which claimed responsibility for the attack, said they received the ransom. Whether the ransom was paid or not can be a debate.

The LockBit ransomware gang attacked Bridgestone organization, one of the largest manufacturers of tires, in Feb 2022. The organization tried its best to mitigate the attack, but still, the company was forced to halt its productions for nearly a week. The LockBit gang later threatened the company to pay the ransom before 15th march, or they would leak the stolen information. There was no official information on whether the organization paid ransom or not. Still, it is reported that the company was able to perform a comprehensive security check and reconnect to its network. 

Near the end of February, one of the largest microchip makers in the USA, Nvidia, was attacked by the Lapsus$ gang, the same one that attacked Impresa. It was confirmed that the group had stolen the data of employees and proprietary company data. Because of this breach, the company went offline for two days. It was rumored that Nvidia tried to hack the attackers to retrieve the data. But Nvidia authorities announced that they are in the process of analyzing the data loss and have not commented on the hacking part.

In March 2022, Okta, the identity and access management company, confirmed that there was an unsuccessful attempt on their data. Lapsus$ group announced in their Telegram group that they had breached the company’s security and accessed their data. It was later confirmed that Sitel, an Okta sub-processor that provides Okta with contract workers for our Customer Support organization, was breached, and nearly 300 customers were compromised.

The same organization publicly announced that they had claimed an account in Microsoft and gained limited access. Microsoft announced they received an alert and started the mitigating process, and when the attacker announced in public, the company intervened and stopped the attacker. The company also assured “no customer code or data was involved in the observed activities.”

Known ransomware attacks in April 2022 by country

From the pie chart provided by Malwarebytes, it is clear that ransomware attacks are very high worldwide. These charts were only for April, which shows the alarming number of attacks.

The new gang, Black Besta, came out of nowhere and conducted nearly eleven successful breaches of organizations. Experts in the field believed it might be some old gang re-established themselves in the new name. Some of the organizations attacked are American Dental Association and Deutsche Windtechnik.

Austin Peay State University also confirmed it had been a victim of a Ransomware attack. The university asked the professors and students to immediately disconnect their systems from the university network. These actions were taken by posting the alert in their official tweet.

It can be very clear that many attacks were happening worldwide in all industries. Even the top giants also become victims of these attacks. It shows that good knowledge and a well-equipped cybersecurity team are highly important. Moreover, due RaaS model, carrying out ransomware attacks becomes simplified. To know more about the latest trends in cybersecurity services and ransomware, you can check the clearinfosec site.