Heimdal Security Blog

Recent Ransomware Attacks

Recent ransomware attacks are reshaping the cybersecurity landscape and challenging organizations to rethink how they secure their digital environments. No one is completely immune to these cunning attacks, no matter the size or industry.

Ransomware is a type of malicious software that encrypts a victim’s files and asks for money to release them. The concept of this type of malware is not new, but its scale and sophistication have grown rapidly, serving as a wake-up call for both organizations and individuals.

This brings up an important question: what do the most recent ransomware attacks look like, and what can they teach us about cybersecurity today?

High-profile ransomware attacks no longer damage a single company; they now have far-reaching implications that impact entire supply chains, destroy critical infrastructure, and even threaten national security.

The recent ransomware events listed below have proved that the stakes have never been higher.

By the time you finish reading this article, you’ll have a comprehensive understanding of the latest ransomware threats that have impacted organizations everywhere, compromised sensitive documents and data, and made headlines around the globe. Additionally, we will explore the valuable lessons these attacks offer for strengthening cybersecurity measures against the most dangerous ransomware groups.

Recent Ransomware Attacks: Ransoms, Consequences, and More

  1. HTC Global Services – The incident involved data like credit card details, email addresses, confidential company documents, and more. HTC’s team has been actively investigating the incident and addressing the situation to ensure the security and integrity of their users’ data.
  2. CloudNordic and AzeroCloud – the Danish hosting firms specializing in cloud services have experienced significant ransomware attacks, leading to extensive data loss and operational disruptions. Both organizations remain firm in their decision not to meet the hacker’s ransom demands.
  3. The city of Dallas – it was discovered that an APT group breached Dallas’ digital systems, accessing the sensitive data of at least 26,212 Texas residents.
  4. ABB – On May 7th, ABB, an important supplier of electrification and automation solutions, was targeted in a cyber attack conducted by the Black Basta ransomware gang. The breach impacted the company’s Windows Active Directory and hundreds of devices.
  5. Harvard Pilgrim Health Care – HPHC has revealed that in April, a ransomware incident impacted 2,550,922 people and stole their sensitive data, including full names, addresses, phone numbers, dates of birth, and Social Security numbers.
  6. Reddit – Back in February, the social news aggregation platform Reddit suffered a security breach in which ransomware actors obtained unauthorized access to corporate documents, code, and some systems. The BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80GB of data from Reddit during the attack and asks for a $4.5 million ransom.
  7. Barts Health NHS Trust – The BlackCat ransomware group claims they have breached the organization and stolen seven terabytes of internal documents. On the Dark Web, they call it “bigger leak from the health care system in the UK”. Barts Health NHS Trust oversees multiple hospitals and clinics in London, including St Bartholomew’s, the Royal London, Mile End, Whipps Cross, and Newham. They serve almost 2.5 million people as one of the biggest hospital groups in the UK.
  8. Dish Network – reported a data breach subsequent to the ransomware attack in February and informed the affected parties. The broadcast company went offline on February 24, 2023, impacting Dish.com, Dish Anywhere, and many other Dish Network services. They acknowledged that the cause of the outage was a ransomware attack.
  9. Royal Mail – a LockBit attack targeted Royal Mail, considered “critical national infrastructure” in the United Kingdom, causing severe disruption to all international deliveries.
  10. San Francisco’s Bay Area Rapid Transit – A cyber attack on San Francisco’s Bay Area Rapid Transit exposed highly sensitive and personal data. Vice Society ransomware claimed responsibility for the attack and allegedly stole information such as employee data, police reports, and crime lab reports, among other susceptible documents.
  11. Dole Food Company – one of the world’s largest suppliers of fresh fruit and vegetables, has disclosed that it has been affected by a ransomware attack that disrupted its operations. The food giant has hired third-party experts to assist with the mitigation and protection of the impacted systems and the incident has also been reported to law enforcement.
  12. Yum! Brands – The US-based company that owns KFC, Pizza Hut, and Taco Bell closed almost 300 of its restaurants in the UK due to an attack launched by an unknown malicious group. As a response, the company took off the impacted systems and enforced enhanced monitoring technology.
  13. Tallahassee Memorial HealthCare in Florida – After being hit with ransomware, the medical facility remained offline for almost a week. The hospital had to switch to paper documentation and handwritten patient notes during the downtime, as surgeries and procedures were limited. During the downtime, some emergency patients were routed to other hospitals. Due to security, privacy, and law enforcement concerns, information remained limited regarding this incident.
  14. Technion Institute of Technology in Israel – was impacted by ransomware in February, with the attack being claimed by DarkBit, a new ransomware group that aims to associate its actions with hacktivism. The group asked for 80 Bitcoin, ($1.7M), payment in order to release the decryptor. The cyber criminals also stated they would add a 30% penalty if Technion refuses to make the payment within 48 hours.
  15. The City of Oakland – the City of Oakland was hit by a ransomware attack in February, forcing the city to take all systems offline until the network can be secured and affected services restored.
  16. The City of Oregon – As a result of a sophisticated ransomware attack, the county suffered significant network disruption. IT staff and third-party specialists restored the network, and data recovery continues. As a result of their investment in backup technology, the city was able to recover from the incident without paying a ransom. Determining whether sensitive documents or personal information was accessed during the attack remains a top priority.
  17. Hospital Clinic de Barcelona – one of the main hospitals in the city suffered a ransomware attack that crippled its computer system, causing 3,000 patient checkups and 150 non-urgent operations to be canceled. The incident occurred on Sunday, the 5th of March 2023.
  18. U.S. Marshals Service – suffered a security breach leading to sensitive information being compromised. A spokesperson declared that the incident occurred in February 2023, when the service discovered a “ransomware and data exfiltration event affecting a stand-alone USMS system.”

What Are the Biggest Ransomware Attacks of 2022?

  1. Costa Rica Governmentthis was perhaps the most talked-about attack in 2022 because it was the first time a country declared a national emergency in reaction to a security incident. The first attack on the country hit the finance ministry, private import-export firms, and government institutions in early April. The first attack was carried out by the Conti ransomware gang, which asked for $10 million from the government. The ransomware payment was later raised to $20 million.
  2. Nvidia– in February 2022, the world’s largest semiconductor chip business was hit by a ransomware attack. According to the company, the attacker started to disclose employee credentials and proprietary data online. Lapsus$, a ransomware gang, claimed responsibility for the attack and stated that they had access to 1TB of exfiltrated corporate data that they planned to release online. It also requested $1 million from Nvidia, as well as a share of an unspecified fee.
  3. SpiceJet – the low-cost airline SpiceJet’s computer systems were targeted by ransomware in May 2022, which resulted in delayed departures of flights scheduled for the next morning.
  4. The San Francisco 49ers – The BlackByte ransomware gang took credit for the 49ers’ attack. The team did not confirm whether or not the ransomware was successfully delivered, but stated they were in the process of restoring systems, implying that the devices were most likely encrypted.
  5. Cisco – Tech giant Cisco, which provides cybersecurity and incident response services with Cisco Talos, announced that on May 24, it was hit by the Yanluowang ransomware group after cyber criminals managed to obtain access to an employee’s credentials via a hacked personal Google account.
  6. LAUSD – the largest public school system in California and the 2nd largest public school district in the United States, revealed that it had been the victim of a ransomware incident that impacted its Information Technology (IT) systems.
  7. Ferrari – data from Ferrari’s website was posted on a dark web leak site owned by the ransomware group RansomEXX. The malicious actors claim they have obtained private information, amounting to almost 7 GB of data.
  8. Italian City Palermo – in June 2022, the Vice Society ransomware gang declared that it had been behind the attack that targeted the capital of the Italian island of Sicily, Palermo. The incident has caused a large-scale service outage.
  9. Macmillan Publishers – the worldwide trade publishing firm declared in July 2022 that was hit by a security breach that looks to have been a ransomware assault. As a result, the company was forced to shut down its network and offices while it recovered. It is unknown which ransomware group is responsible for the assault, and whether or not any data was taken.
  10. Rompetrol – In March, Rompetrol, the company that operates Romania’s largest refinery Petromidia, was attacked by  Hive ransomware. Following the attack, the petroleum provider was forced to shut down its websites and the Fill&Go service at gas stations.

A List of Most Important Ransomware Incidents of 2021:

  1. Accenture – noticed the LockBit ransomware on its systems in August but the incident was immediately contained;
  2. Acer – the organization became a victim of REvil ransomware back in March. The threat actors belonging to the REvil group demanded a $50,000,000 ransom;
  3. Brenntag – in May, the German chemical distribution company suffered a DarkSide Ransomware incident that led to the organization making a $4.4 million ransom payment in Bitcoin;
  4. Colonial Pipelinethe company was forced to shut down after being hit by ransomware in May. The operator paid the malicious actors nearly $5 million in cryptocurrency in return for a decryption key to restore its systems;
  5. CNA Financialwas affected by a Phoenix Locker ransomware incident on March 21st that interrupted the company’s employee and customer services for three days. The company had reportedly paid the $40 million ransom to restore access to its systems;
  6. Ireland’s health service (HSE)  had to shut down all of its IT systems following a Conti ransomware cyber attack that took place in May;
  7. JBS Foods –  in June, the world’s largest meatpacking organization was forced to shut down production at several sites globally following a REvil ransomware attack that affected its production facilities;
  8. Kaseya – the biggest ransomware attack on record, took place in July and was coordinated by the REvil ransomware gang. Threat actors accessed its customers’ data and demanded a ransom payment for the data’s recovery;
  9. Kia Motors – it suffered a ransomware attack in February conducted by the DoppelPaymer ransomware gang that affected internal and customer-facing systems;
  10. Kronos – in December 2021, the well-known workforce management solutions provider suffered a ransomware attack that disrupted many of their cloud-based solutions for weeks.
  11. National Basketball Association (NBA) in April, the Babuk ransomware gang claimed on its dark web page to have stolen 500 gigabytes of data such as contracts, non-disclosure agreements, and financial information and threatened to disclose it if the team failed to pay the ransom;
  12. Quanta – REvil ransomware gang stole data belonging to the company, like drawings and schematics meant to be used in relation to some Apple products. Because Quanta didn’t pay the $50 million ransom the REvil gang members asked for, they started posting the stolen schematics for Apple Macbooks on their data leak site.

What Are the Most Targeted Industries by Ransomware Groups?

According to the Cybersecurity & Infrastructure Security Agency (CISA), in 2022, 14 US critical sectors have been subjected to intense ransomware attacks. These 5 sectors included in the video below have been the most common targets for ransomware attacks, but we need to keep in mind that no business or industry is safe.

How Can Heimdal® Protect You Against Ransomware Attacks?

Heimdal’s exclusive Ransomware Encryption Protection technology was designed to thwart even the most sophisticated ransomware incidents in the cloud and on-premises, preventing and protecting rather than mitigating.

Here’s a quick rundown of what Ransomware Encryption Protection can do for your business:

Ready to take it for a spin? Click here for a personalized demo.

Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube, for more cybersecurity news and topics.

Do you work for an NHS Trust? Heimdal is giving you free ransomware licenses to combat growing cyber attacks.

Get your free ransomware protection here.