Major Companies Affected by Ransomware [2022-2023]
The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private businesses to healthcare facilities and governments.
Every day, over 200,000 new ransomware strains are detected, meaning that every minute brings us 140 new ransomware strains capable of evading detection and inflicting irreparable damage. Ransomware operators will never stop, not even after the victim pays the demanded ransom.
What motivates the ransomware actors to become even more creative in their attacks and ask for tens of millions of dollars in payments is the fact that there are companies that agree to pay the ransom and not disclose the attack. It usually happens because they are afraid of the severe social repercussions.
Private and Public Companies Affected by Ransomware Attacks in 2022 & 2023:
- André Mignot Hospital – A ransomware attack forced the hospital in the Paris outskirts to shut down its phone and computer systems. The hospital had to halt operations partially, and only accept walk-ins and appointments. A ransom demand was made but the medical facility says it doesn’t intend to pay it.
- Antwerp – the city of Antwerp, Belgium, is working on restoring its digital services that were allegedly disrupted by a ransomware attack on its digital provider. The disruption in services has affected everything from schools to daycare centers, and the police. The threat actor has not been identified at the moment of writing;
- Bell Canada – RaaS group Hive claimed to be behind a cyberattack that hit Bell Technical Solutions (BTS), an independent subsidiary of Bell Canada with 4.500 employees, that specializes in Bell services across Ontario and Québec.
- Cincinnati State Technical and Community College – Following a cyberattack claimed by the Vice Society ransomware gang, the stolen data was made accessible on the attacker`s Tor data leak site.
- Conoframa – BlackCat ransomware claimed to have stolen more than one terabyte of data from Conoframa, a French furniture distributor, in a claim note posted on the retail chain’s blog on November 6, 2022.
- Continental – LockBit says it’s behind the cyberattack that hit the German auto parts giant Continental. The group allegedly stole some data from the company’s systems and started threatening to make the data publicly available if their demands are not met by Continental.
- Creos Luxembourg S.A. – BlackCat ransomware gang confirmed that it is responsible for the attack that occurred last week on Creos Luxembourg S.A., a company that owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg.
- DESFA – In August 2022, DESFA, a natural gas transmission system operator in Greece, revealed that a cyberattack led to “a limited scope data breach and IT system outage”, with Ragnar Locker claiming responsibility for the incident.
- Entrust – the LockBit ransomware group has declared that it was behind the American software company Entrust incident that occurred in June 2022.
- Ferrari – data from Ferrari’s website was posted on a dark web leak site owned by the ransomware group RansomEXX. The hackers claim they have obtained private information, amounting to almost 7 GB of data.
- Heilbronner Stimme – the German newspaper was part of an ongoing cyberattack, after having all its systems encrypted by unknown threat actors, on October 14th, 2022. The publication`s printing systems were compromised, with phone and email communication only remaining offline during that weekend.
- IKEA stores in Morocco and Kuwait – Vice Society allegedly posted data taken from IKEA stores in Morocco and Kuwait, with snippets from the gang’s leak site suggesting they managed to steal confidential business data and even sensitive employee information.
- IObit – was hacked in January to carry out a widespread attack in order to spread DeroHE ransomware to its forum members;
- Italian City Palermo – in June 2022, the Vice Society ransomware gang declared that it had been behind the attack that targeted the capital of the Italian island of Sicily, Palermo. The incident has caused a large-scale service outage.
- LAUSD – the largest public school system in California and the 2nd largest public school district in the United States, revealed that it had been the victim of a ransomware incident that impacted its Information Technology (IT) systems.
- Lincoln College – has announced that it will shut its doors in May 2022, following a devastating financial impact of the COVID-19 outbreak and a recent ransomware attack. The incident in December was the tipping point, and the decision to close the facility on May 13, 2022, was one that couldn’t be avoided. A decryption key was delivered after money was paid, however not enough data was recovered.
- Macmillan Publishers – the worldwide trade publishing firm declared in July 2022 that was hit by a security breach that looks to have been a ransomware assault. As a result, the company was forced to shut down its network and offices while it recovered. It is unknown which ransomware group is responsible for the assault, and whether or not any data was taken.
- Medibank – In October 2022, Medibank, a health insurance company providing services for more than 3.9 million people in Australia, confirmed that a ransomware attack was the cause of a cyberattack and interruption of online services.
- NYRA – on September 20th, the Hive ransomware group listed NYRA as a victim on their extorsion site. Together with the post, the hackers also published a free-to-download ZIP archive containing all the files stolen from NYRA’s systems.
- Professional Finance Corporation, Inc. (PFC) – the debt management company stated that a ransomware assault that occurred in February 2022 resulted in a data breach that affected over 600 healthcare businesses.
- Rompetrol – In March, Rompetrol, the company that operates Romania’s largest refinery Petromidia, was attacked by Hive ransomware. Following the attack, the petroleum provider was forced to shut down its websites and the Fill&Go service at gas stations.
- Sobeys – The food retailer announced it has been affected by a technical issue traced back to the IT systems. However, its employees claim that all computers in affected Sobeys stores were locked out.
- Sol Oriens – in June, the company confirmed it had suffered a REvil/Sodinokibi ransomware attack that resulted in data theft;
- SpiceJet – the low-cost airline SpiceJet’s computer systems were targeted by ransomware in May 2022, which resulted in delayed departures of flights scheduled for the next morning.
- The San Francisco 49ers – The BlackByte ransomware gang took credit for the 49ers’ attack. The team did not confirm whether or not the ransomware was successfully delivered, but stated they were in the process of restoring systems, implying that the devices were most likely encrypted.
- Thales – The Lockbit 3.0 ransomware group began leaking a 9.5 Gb archive file that is presumably stolen information from French multinational high-tech company Thales Group after the company refused to pay the requested ransom.
- Yum! Brands – The US-based company owns KFC, Pizza Hut, and Taco Bell closed almost 300 of its restaurants in the UK due to a ransomware attack launched by an unknown malicious group. As a response, the company took off the impacted systems and enforced enhanced monitoring technology.
12 of the Biggest Ransomware Attacks of 2021:
- Accenture – noticed the LockBit ransomware attack on its systems in August but the incident was immediately contained;
- Acer – the organization became a victim of a REvil ransomware attack back in March. The threat actors demanded a $50,000,000 ransom;
- Brenntag – in May, the German chemical distribution company suffered a DarkSide Ransomware attack that led to the organization paying a $4.4 million ransom in Bitcoin;
- Colonial Pipeline – company was forced to shut down after being hit by ransomware in May. The operator paid the hackers nearly $5 million in cryptocurrency in return for a decryption key to restore its systems;
- CNA Financial – was affected by a Phoenix Locker ransomware attack on March 21st that interrupted the company’s employee and customer services for three days. The company had reportedly paid the $40 million ransom to restore access to its systems;
- Ireland’s health service (HSE) – had to shut down all of its IT systems following a Conti ransomware attack that took place in May;
- JBS Foods – in June, the world’s largest meatpacking organization was forced to shut down production at several sites globally following a REvil ransomware attack that affected its production facilities;
- Kaseya – the biggest ransomware attack on record, took place in July and was coordinated by the REvil ransomware gang. Threat actors accessed its customers’ data and demanded ransom for the data’s recovery;
- Kia Motors – it suffered a ransomware attack in February conducted by the DoppelPaymer ransomware gang that affected internal and customer-facing systems;
- Kronos – in December 2021, the well-known workforce management solutions provider suffered a ransomware attack that disrupted many of their cloud-based solutions for weeks.
- National Basketball Association (NBA) – in April, the Babuk ransomware gang claimed on its dark web page to have stolen 500 gigabytes of data such as contracts, non-disclosure agreements, and financial information and threatened to disclose it if the team failed to pay the ransom;
- Quanta – REvil ransomware gang stole data belonging to the company, like drawings and schematics meant to be used in relation to some Apple products. Because Quanta didn’t pay the $50 million ransom the hackers asked for, they started posting the stolen schematics for Apple Macbooks on their data leak site;
Most Targeted Industries
According to Cybersecurity & Infrastructure Security Agency (CISA), in 2022, 14 US critical sectors have been subjected to intense ransomware attacks. These 5 sectors included in the video below have been the most common target for ransomware attacks, but we need to keep in mind that no business or industry is safe.
How Can Heimdal™ Help?
In the fight against ransomware, Heimdal™ Security is offering its customers an outstanding integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).
Try it now and avoid being one more of the victims on the list!
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;