Cyber Security Blog

5 Major Ransomware Attacks of 2022

Written by Aditi Uberoi | 15 June 2022

The ransomware landscape continues to grow and become more complex with each successive year and 2022 has been no exception. As we come to the close of the first half of the year, we take a quick look at 5 major ransomware attacks that have already impacted businesses and government organisations across the globe. 

The idea of mapping these major attacks (and these are just 5 of many) is to take a closer look at the cyber-criminals’ strategies and intentions so that we can collectively be more aware of the scourge of ransomware and be better prepared against such attacks. 

Ransomware strains, much like those of the COVID-19 virus, don’t stop evolving and often become more pernicious over time. Further, this year has already seen the emergence of many new Ransomware-as-a-Service (RaaS) gangs such as Mindware, Onyx and Black Basta as well as the return of one of the world’s most dangerous ransomware operations, REvil. 

All of this points to just one fact: Ransomware attacks are going nowhere and you or your business could be the next victim. Ransomware Protection is the need of the hour, no matter where you are located and what the nature of your business might be. 

Nobody is safe. The next phishing email could look authentic to an employee of your organisation and that can be the beginning of ultimate chaos - compromise sensitive data, encrypted files, offline systems and more.    

Data leakage can occur, including  financial data, in any, even the best service. It also threatens to cause great damage to the business. The company may lose money and its reputation. Many companies use reliable backlinks services in order to increase brand loyalty and awareness. Using such resources also helps protect your data and prevent scammers from getting to the most private details of your business.

Every organisation must invest in ransomware readiness and mitigation if it wants to protect itself from the heavy costs a ransomware attack comes with - both monetary and reputational.   


But before we look deeper into ransomware prevention and protection strategies, here’s a quick overview of the 5 major attacks that have taken place in the first 5 months of 2022. 

This list is by no means exhaustive and doesn’t claim to cover the biggest attacks in monetary terms. It’s simply an indicative list with some better known entities/names to help the reader understand that ransomware attacks can create mayhem in organisations of all natures and sizes. 

1. Nvidia: The world’s largest semiconductor chip company was compromised by a ransomware attack in February, 2022. The company confirmed that the threat actor had started leaking employee credentials and proprietary information online.

The ransomware group, Lapsus$, took responsibility for the attack and claimed that they had access to 1TB in exfiltrated company data that they would leak online. It also demanded $1 million and a percentage of an unspecified fee from Nvidia. 

Many media stories suggested that as Nvidia’s internal systems were compromised, it had to take some parts of its business offline for two days. However, the company later claimed that the attack had not impacted its operations in any way.  

Nvidia responded swiftly to the ransomware attack by hardening its security and engaging cyber incident response experts immediately to contain the situation. Some reports even suggest that Nvidia  allegedly hacked the hacker back. It, apparently, managed to track Lapsus$ members and install ransomware infection on their systems. But this cannot be confirmed or corroborated.  

2. Costa Rica Government: This has probably been the most spoken-of attack in 2022 as it’s the first time a country declared a national emergency in response to a cyber-attack. The first ransomware attack on the nation began in early April and brought the ministry of finance to its knees, impacting not just government services but also the private sector engaged in import/export. 

Ransomware group Conti took responsibility for the first attack, asking the government to pay the ransom of $10 million and later increasing it to $20 million. 

On May 31, another attack plunged the country’s healthcare system into disarray. This attack, linked to HIVE, affected the Costa Rican social security fund. This attack directly affected the common Costa Rican person as it took the country’s healthcare systems offline.  

While the political undertones and implications in this attack are many and the chronology of the way the attack unfolded can fill pages, the idea to feature this attack in this list is to showcase the deep and damaging outcomes a ransomware attack can have on government organisations. 

Entire nations can be crippled if adequate resources have not been invested in preparing for ransomware attacks, protection solutions and providing cybersecurity training to employees, staff members etc. for responding to such attacks.  

3. Bernalillo County, New Mexico: This was one of the first big attacks in 2022. On January 5, the largest county in New Mexico discovered that it had become the victim of a paralysing ransomware attack, taking several county departments and government offices offline. The county officials, however, said that they made no ransom payment to the hackers.

Apart from the severe citizen distress that accompanies any government department going offline, this ransomware attack brought the county particular attention as it took a jail offline. 

As the ransomware attack knocked the security cameras and automatic doors offline in the Metropolitan Detention Center, inmates had to be confined to their cells. The electronic locking systems on the cell doors failed, forcing the Center to severely restrict movement of inmates, a potential violation of a 25-year old settlement agreement over the conditions of inmate confinement. 

The county had to file an emergency notice in federal court due to its inability to comply with the agreement thanks to the malware attack. 

The reason we bring this up here is to demonstrate the variety of ways in which ransomware attacks can affect citizen welfare, organisational operations and the overall health of businesses or government departments. 

4. Toyota: Between February and March 2022, three Toyota suppliers were hacked, showing us that no matter how secure your organisation may be, a determined threat actor can and will find a way to break in.

When Toyota’s supplier, Kojima Industries, was hit by a cyber-attack (not necessarily a ransomware attack), the giant had to halt operations in 14 of its Japanese plants. This hack is said to have caused a whopping 5% dip in the company’s monthly production capability. 

What’s worse is that another two Toyota suppliers, Denso and Bridgestone, fell prey to ransomware attacks within a span of 11 days. Bridgestone’s subsidiary experienced a ransomware attack causing the computer networks and production facilities in Middle and North America to shut down. Lockbit took responsibility for this attack. 

In the case of Denso, a group company in Germany was supposedly compromised by the ransomware group, Pandora. The lesson here is simple but scary: Even businesses with the resources of Toyota are falling prey to these massive cyber-attacks. What does this mean for smaller businesses with tighter budgets and less expertise? 

5. SpiceJet: Indian airline SpiceJet faced an attempted ransomware attack earlier this year, leaving hundreds of passengers stranded in several locations in the country.

While the airline underlined the fact that it was only an “attempted” ransomware attack and that its IT team managed to contain the situation, the incident exposed serious cybersecurity gaps in one of the world’s largest aviation markets. 

It highlighted how Indian airlines and those across the globe must evaluate their ransomware readiness and amplify their preparedness to respond to such attacks quickly and effectively. 

The fact that SpiceJet passengers were, apparently, waiting for information on their flight departures for over 6 hours impacted the airline’s brand reputation as per news reports. It also highlighted how critical emergency response and timely communication is in industries like aviation - a space where good Incident Response Planning can play a huge role. 

Conclusion

These 5 ransomware attacks of 2022 have highlighted the importance for businesses of every scale and size to invest in revitalising their cybersecurity infrastructure and paying serious thought to their ransomware readiness and response capabilities. Giving internal teams access to high-quality cybersecurity training has also become vital to the health of any organisation.  

Having a proper ransomware incident response plan is essential today and rehearsing this plan with the help of experts via Ransomware Tabletop Exercises is even more important. 

If smaller organisations aren’t able to hire full-time experts to help them build the technology and tools to protect themselves, then they can bring in external help or consultants like virtual CISOs or virtual cyber assistants.

Cyber Management Alliance’s unique, modern and technology-driven Virtual Cyber Assistant services can help businesses of every size bolster their defences in a cost-effective way. Because let’s face it, it’s becoming increasingly difficult to stop attackers from gaining unauthorised access. Our best chance lies in responding with agility and controlling the situation before much damage is done.  

As experts in ransomware prevention and protection, we at Cyber Management Alliance have also created several FREE and useful resources for our readers. These resources have been created to help organisations around the world build their resilience against ransomware attacks and respond to them effectively to control the damage as far as possible.

Here are the handy, printable resources created by our experts: 

  1. Ransomware Readiness Checklist - 9 steps you can take today to be better prepared for a ransomware attack on your organisation.  
  2. Ransomware Response Checklist - An easy-to-follow, non-technical checklist on what to do right after you’ve been attacked. 
  3. Ransomware Response Workflow - A no-nonsense, visual workflow that can really come in handy when you’re under a ransomware attack. 


We also offer a high-level Ransomware Readiness Assessment that evaluates where your organisation stands as far as its Incident Response Plans and technology investments go vis-à-vis ransomware attacks. We are also specialists in Ransomware Tabletop Exercises where we help you rehearse your Ransomware Response Plan Templates and achieve any relevant compliance objectives.