Ransomware is a type of malware that encrypts documents and seeks ransom (in cryptocurrency) in exchange for the decryption key.
In most cases, it finds its way to the devices after someone clicks on the phishing link in an email, downloads an infected attachment, or because of a weak password.
Depending on the hacking capabilities and the kind of malware that is deployed, a ransomware attack can obtain sensitive files or completely lock organisations out of their infrastructures.
According to Statista, over 70 per cent of global companies have reported that they’ve been a victim of ransomware in 2022.
Although those are the highest reported numbers so far, we read only about a few cases in the news since many companies pay the ransom to regain access to critical files.
Here, we cover some major ransomware attack cases that hit the headlines in 2022 thus far to conclude how they affected businesses so that we can learn not to repeat their mistakes.
In August 2022, the IT company Advanced stated that it had been the victim of a ransomware attack. Advanced promptly reacted to the threat, mitigated additional risks, and isolated the health and care environment since that is where the incident took place.
The hackers obtained third-party credentials and used them to gain deeper access to the company’s network. They managed to get more privileged access using a stolen password, copy and exfiltrate information, and install malware that decrypts systems.
This was possible because the systems lacked multifactor authentication that would otherwise request users to confirm their identity as they moved deeper into the network.
The incident disrupted not only their own systems but also those of their clients — such as the NHS. The NHS reported a disruption of their services, such as the inability to access important medical records.
The full extent of the attack, as well as whether the sensitive patient data has been made public, is not yet clear.
In October 2022, Australia’s largest health insurance company, Medibank, was affected by a ransomware attack.
Behind most high-profile ransomware cases are groups of hackers, some of them already widely known to the public. In the Medibank hacking, a well-known ransomware group dubbed REvil was identified to be behind the attack.
Medibank ransomware is one of the worst ransomware attacks that took place this year when it comes to financial damage, as well as the number of users that have been compromised in the incident.
The data breach resulted in hackers gaining the personal information of over 9.7 million customers that used Medibank’s services.
The sensitive information from this breach has already been published on the dark web — including passport numbers, names, birth dates, health claims data, medicare numbers, and more.
The customers whose information has been leaked are likely to be victims of further criminal activity, such as attempted phishing and identity fraud.
In July 2022, the company that specialises in cybersecurity and data protection, Entrust, was also a victim of a ransomware attack.
A version of LockBit, the software that locks a company’s system, has been identified as the culprit.
The group of hackers known as LockBit, which specialise in ransomware, designed this damaging software.
Since the ransom wasn’t paid, the group has started leaking data they obtained in the attack on the dark web.
Although not confirmed by the company itself, it has also been reported that Entrust countered this with Distributed Denial of Service Attack (DDoS) that overwhelmed the site and caused it to be taken down.
That is, the LockBit group accused the cybersecurity company of applying this illegal counterattack technique (of hacking the hacker).
#4 Toyota suppliers
In February and March 2022, multiple Toyota suppliers — Kojima Industries, Denso and Bridgestone — were victims of a ransomware attack.
As a result, Toyota had to cease operation in 14 of its Japanese plants as well as temporarily shut down factories in Central and North America.
As you can imagine, this was a very costly affair. The overall monthly productivity of the company has been cut by 5 per cent.
Responsible for these attacks was LockBit, yet again. The software created to lock users out of the systems until the ransom is paid.
German supplier Denso identified the ransomware group known as Pandora as the one who initiated the attack.
In February 2022, Nvidia suffered a ransomware attack. The company claimed that this incident hasn’t caused it to cease its regular operations. However, it has also been made clear that the employee data and some proprietary information had been made accessible online.
Once the company discovered the attack, they engaged in a threat incident response and straightened their security.
Cybercriminals used stolen credentials to gain access to Nvidia’s network. It came to light that some employees even used weak passwords that contained the company’s name.
The group that has been identified as a threat actor in the Nvidia ransomware is called Lapsus$. They also victimised the following companies using ransomware: T-Mobile, Samsung, Ubisoft, Vodafone, and Microsoft.
The group requested a million dollars from the company and claimed to have over 1TB of information and data concerning the new chip. They promised to leak it if the company didn’t meet their demands.
These ransomware attack cases show that this type of threat is global; it’s on the rise and behind it are organised groups of skilled hackers. What’s worse, anyone is likely to be targeted and extorted.
To prepare and prevent such incidents, it’s important for the government and businesses to work together because it’s clear that this is a global issue.
Also, having security solutions that can detect and mitigate this specific threat before it turns into an incident that damages one’s finances and reputation, as well as strong credentials, can aid businesses in avoiding ransomware.