Ransomware attacks have been on the rise, accelerated popularization of remote, increased digital transformation within organizations and increased risk around digital supply chains.
The global cost of ransomware attacks is expected to increase from $20bn in 2021 to $265bn by 2031 according to predictions made by Cybersecurity Ventures.
Ransomware is not going away in 2022. Here are five ransomware attacks that targeted large organizations since the start of the year.
Shutting down the government
Bernalillo County, the most populous county in New Mexico, US, discovered a data breach on 5 January 2022. Although no detail of ransom demands has been revealed to date, the county has labelled it a ransomware issue. The ramifications included the closing down of government buildings, the blocking of a jail’s camera feeds and the entrapment of inmates due to the failure of automatic door mechanisms. In response, the county turned many of its systems offline, resulting in some public services becoming unavailable. However, safety services, such as fire and rescue operations, continued to run, owing to unspecified “backup contingencies”. The Bernalillo County received $2mn in recovery funds approved by the county commissioners.
Sports manufacturer Puma was notified of data breach issues on 10 January following a ransomware attack against Kronos, one of Puma’s workforce management solutions providers. The original Kronos incident occurred in December 2021. Attackers stole personal information of over 6,632 of its employees, including US Social Security Numbers, and encrypted the data, according to reports. No customer data was affected. Kronos did not regain full access to their data until 22 January. Kronos offered two years of free Experian IdentityWorks to Puma employees as compensation, which includes credit monitoring, identity theft insurance and identity restoration.
Listed as paid
Hensoldt, a multinational defense contractor, confirmed on 12 January 2022 that some of its UK subsidiaries had fallen prey to a ransomware attack. The organization provides sensor solutions for defense, aerospace and security software for orgnaizations such as the US army, the US Marine Corps and the US National Guard. Although the company has not revealed the details of the security breach, the ransomware group Lorenz claimed credit for it and listed the ransom as “paid”. It remains unclear whether Hensoldt paid the ransom or another threat actor purchased the data.
On 23 February , Nvidia, the largest microchip maker in the US, experienced a ransomware attack by the hacking gang Lapsus$. The group threatened to release 1TB worth of data unless a ransom was paid by 4 March. The stolen information included employee credentials and proprietary company data, such as source codes. This resulted in parts of the business going offline for two days. Although unconfirmed, Lapsus$ later accused Nvidia of hacking back. This is not unheard of in attempts to prevent data leakages, however, is illegal in the US. Due to backups of data, Lapsus$ were not affected by the hacking. Nvidia’s data has since been leaked and they have announced that they are in the process of analysing it.
Bridgestone, one of the largest global manufacturers of tires, detected a security breach on 27 February 2022 by LockBit ransomware gang. Despite Bridgestone’s effort to mitigate the attack by disconnecting manufacturing and retreading facilities in North and Latin America from the network, the company was forces to halt production for a week. The perpetrators released a countdown to 23:59 on 15 March and announced that they would leak the stolen data if a ransom was not paid. Although the company has not provided more details about the ransom, it is reported that they were able to do a comprehensive security check and reconnect to their network. The attack came amidst an alarming trend of attacks against the auto industry, with Denso and Kojima Industries having experienced cyber-attacks earlier in 2022.
How to protect your organization from a ransomware attack:
- Keep your software up to date. Network providers issue updates that address known security vulnerabilities. Install them to prevent hackers from exploiting such weaknesses.
- Backup your data regularly. Use multiple storage systems to minimise data loss and avoid paying ransoms in case of attack.
- Employ multiple security systems, for example firewalls, anti-virus software and spam filters. This enables you to detect and react to intrusions faster.
- Provide awareness training for your employees. Staff are often the target of phishing emails, so it is important they know how to recognise and avoid such scams.
- Use multi-factor authentication. This means that even if hackers get a hold of employee credentials, they will not gain access to your system without additional authenticating factors.