July is Ransomware Awareness Month, a perfect time to catch up on how cybercriminals are infiltrating networks and to re-establish your organization’s practices to guard against costly attacks.
Ransomware is the fastest growing malware threat, targeting users of all types – from the home user to the corporate network. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015. Even though we are only halfway through 2022, the year has not been a stranger to ransomware with some pretty significant attacks.
Top 5 Ransomware Attacks of 2022, So Far
#1 Bernalillo County, New Mexico
One of the first big attacks of 2022 occurred on January 5. The largest county in New Mexico became the victim of a debilitating ransomware attack that took several county departments and government offices offline. The county did not make a ransom payment to the cybercriminals, but it did garner significant attention, as the attack took a jail offline.
The ransomware attack took the Metropolitan Detention Center’s security cameras and automatic doors offline, resulting in confining inmates to their cells. The electronic locking systems on the cell doors failed, forcing the doors to be manually opened and closed by guards. The facility had to severely restrict the movement of inmates, potentially violating a 25-year-old settlement agreement related to the conditions of inmate confinement. The county had to file an emergency notice in federal court, reporting its inability to comply with the agreement due to the malware attack.
675,000 residents were affected by the attack. It took several weeks to get all systems online and functioning properly; however, full recovery, including shoring up systems and adding additional safeguards, is still ongoing and will take a few years.
Between February and March 2022, not one but three Toyota suppliers were infiltrated by cyber criminals, confirming that no matter how physically secure your organization may be, a determined threat actor can and will find a way in.
When Toyota’s supplier, Kojima Industries, was hit by a cyberattack, the giant had to halt operations in 14 of its Japanese plants. The attack has been rumored to have caused a whopping 5 percent dip in the company’s monthly production capability. To add insult to injury, another two Toyota suppliers, Denso and Bridgestone, fell prey to ransomware attacks within a span of 11 days.
Lockbit, a subclass of ransomware known as a “cryptovirus” due to forming its ransom requests around financial payment in exchange for decryption, was deployed. Subsequently, Bridgestone’s subsidiary experienced a ransomware attack causing the computer networks and production facilities in Middle and North America to shut down. Pandora – ransomware that leverages double extortion tactics to exfiltrate and encrypt large quantities of personal data – was responsible for the compromise of a group company in Germany in the case of the Toyota supplier Denso.
If businesses with the resources of Toyota are falling prey to these massive cyberattacks, what does this mean for smaller businesses with tighter budgets and less in-house expertise?
In February 2022, the world’s largest semiconductor chip company was compromised by a ransomware attack. The company confirmed that the infiltrator had begun leaking employee credentials and proprietary information online.
An international ransomware group, Lapsus$, took responsibility for the attack and claimed that it had access to 1TB in exfiltrated company data that it intended to leak online. The group demanded $1 million in addition to a percentage of an unspecified fee from Nvidia. Even though many media stories suggested that Nvidia’s internal systems were compromised and were forced to take some of its business offline for two days, the company later claimed that the attack had not impacted operations.
Nvidia responded swiftly to the ransomware attack by hardening its security and engaging cyber incident response experts to contain the situation.
#4 Costa Rican Government
The first ransomware attack on the nation began in early April and was perpetrated by the ransomware group Conti. Most Conti ransomware is laid directly by a cybercriminal that has accessed an unprotected RDP port, utilized email phishing to remote into a network via an employee’s computer, or utilized malicious attachments, downloads, application patch exploits or vulnerabilities to gain access to a network.
The cyber attack brought the Costa Rican Ministry of Finance to its knees, impacting not just government services but also the private sector engaged in import/export. Conti asked the government to pay a ransom of $10 million, then later increased it to $20 million.
Then, on May 31, another attack thrust the country’s healthcare system into chaos. This attack was linked to HIVE – ransomware, designed to be used by ransomware-as-a-service providers to enable novice cyber criminals to launch ransomware attacks on healthcare providers, energy providers, charities and retailers across the globe.
The attack affected the Costa Rican social security fund. Costa Rican residents were directly affected, as the attack took the country’s healthcare systems offline. For the first time ever, a country was forced to declare a national emergency in response to a cyberattack.
Entire nations can be incapacitated if inadequate resources are in place to prepare for ransomware attacks. Providing protection solutions as well as cybersecurity awareness training for employees must be high priorities for organizations to limit exposure. Government entities are even more vulnerable as they are often the target of these types of ransomware attacks.
#5 Spice Jet
Even though it was an “attempted” ransomware attack, Indian airline SpiceJet was incapacitated for a brief time, leaving hundreds of passengers stranded in several locations throughout the country. While the airline’s IT team managed to contain the situation, the incident exposed serious cybersecurity gaps in one of the world’s largest aviation markets. The most significant loss to SpiceJet was brand reputation, as news reports of the passengers’ delayed flight information lasted over six hours.
The ransomware attack demonstrates how airlines around the globe must evaluate their ransomware readiness and amplify their preparedness to respond quickly and effectively. The attack further underscores how critical emergency response and timely communication is in industries like aviation – a space where good incident response planning makes all the difference.
How Businesses Can Raise Ransomware Awareness
Ransomware is only going to get worse. Threat actors are cunning and are consistently coming up with new, creative ways to penetrate organizations of all sizes. Some attacks are for fun, while many are laser-focused on a monetary payout.
How can businesses prepare? Security awareness is half the battle when it comes to ransomware. Knowing what ransomware is, how it is perpetrated and how to prepare and defend against it are keys to successfully mitigating risk.
When it comes to cybersecurity, don’t cut corners! Make ransomware awareness month a time to ramp up your company’s defenses and readiness:
- Policies, Procedures, Readiness and Response Plans. Make sure you have the proper policies and procedures in place and that they are communicated throughout the organization. Readiness and response plans are crucial to your business continuity.
- Involve Everyone. Everyone from the CEO down plays an important role in maintaining a cyber secure organization. Make sure all employees are properly trained on a regular basis; once-a-year training is no longer enough. Make training engaging and fun to ensure user adoption. Use communication materials such as a newsletter, poster and videos to reinforce messaging.
- Phishing Simulation. Phish your users regularly. Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. Use training simulations that allow the user to explore phishing in a safe environment.
- Penetration Testing and Vulnerability Scans. Penetration testing and vulnerability scans of your systems, websites, etc., need to be conducted regularly to ensure you are operating at your safest, most secure level.
Ransomware is a scary cyber threat to any business. With the right training program and tools in place, you can mitigate your risk and avoid exposure. Get started now during Ransomware Awareness Month!