3734 Hawkins St., Albuquerque, NM 87109

7 Examples of Ransomware Attacks in 2022 You May Not Have Heard About

Whether or not you’ve heard the term “ransomware” you’ve definitely heard of its effects, since malware attacks have been on the rise in the last few years and are constantly in the news. In this blog, we’ll be talking about what ransomware is and how it works, who hackers tend to target, and share about some of the craziest ransomware attacks from 2022.

What is Ransomware? How Does it Work?

Ransomware is a type of malicious software (malware) that encrypts files on a computer or network. Once the files are locked, the hackers demand a ransom, usually in the form of money, in exchange for releasing the files or a decryption tool to restore access to the victim.

Similar to the movies, the hackers behind the ransomware send the victims a ransom note informing that they have the files and won’t give them back unless they get paid. Likely the company will realize there is a problem before the ransom note, since files usually become encrypted, access could be blocked, or systems could be completely down.

Obviously this is a huge problem because the hackers may even threaten to delete or destroy your files if the victim doesn’t comply with their demands. And, paying the ransom does not guarantee that they’ll get the files back or that the hackers will stop targeting them. In fact, paying the ransom likely encourages the hackers to continue their illegal activities and target others as well.

What Are Some Common Examples of Ransomware?

Of course, hackers might be constantly pivoting to execute new attacks, but their tricks never change. Attacks often come through phishing emails or other phishing campaigns, software vulnerabilities (Microsoft Windows is a common one), malicious attachments, and clicking on malicious ads on compromised websites.

A cybersecurity breach can happen just as easily on mobile devices as the victim’s computer. You’ll see that one of the common threads through these new stories is that a cybercrime group will gain access to employee credentials and enter their network that way. Once they’re in, they can deploy malicious code that encrypts data, deploys a computer virus, or otherwise wreaks havoc on critical infrastructure.

You’ll get an even better idea of how these attacks happen and to who as we share 7 recent stories of ransomware attacks that made the news (or should have!)

Ransomware Attacks in 2022 That Made the News (Or Should Have!)

Bernalillo County, New Mexico

We’ll start off our list with a ransomware attack that was incredibly close to home—right here in Bernalillo County. The attack occurred on January 5, 2022 and caused multiple municipal buildings to shut down. Not only that, but numerous public services in Albuquerque and throughout the county were unavailable for days.

Perhaps what makes this one of the more significant ransomware attacks is that is caused the security cameras and automatic doors to go offline at the Bernalillo County Metropolitan Detention Center. In response, the security team determined that the safest course of action was to keep the inmates in their cells all day, which is a violation of an agreement on inmate conditions.

While it’s not known how the ransomware attack happened, the county responded by greatly increasing their cybersecurity measures, including adding multi-factor authentication for all employee accounts and beginning 24/7 monitoring of the county’s networks.

The County did not pay the ransom demand, and their $2 million insurance policy helped them cover the costs of mitigation and recovery.

Nvidia

Nvidia is America’s biggest microchip company that was a ransomware victim in February 2022. The attack took the company offline for two days, and the ransomware group LAPSUS$ claimed responsibility, threatening to leak 1 TB of data.

LAPSUS$ historically had mostly targeted companies South America and Portugal, targeting the largest media conglomerate in Portugal. But in this case, they set their sites on Nvidia. Instead of focusing on money however, they asked Nvidia to release a good deal of code as open source so they could remove LHR limitations that were slowing down gamers.

It was confirmed that Nvidia was hacked through a phishing email, where they gained access to employee credentials.

This story also stood out because there there were rumors that Nvidia tried to “hack-back” to get all of their data back, although LAPSUS$ claimed the hack was not successful, and Nvidia denied it.

The result of the attack? LAPSUS$ maintained control of proprietary information, including source code, and thousands of employee logins and passwords.

San Francisco 49ers

The football team, the San Francisco 49ers were ransomware victims in February 2022. BlackByte took credit for the attack, doing the most damage to the 49ers corporate, and leaving the stadium and ticketholders in the clear.

Still, it was later confirmed that over 20,000 people had their names and social security numbers leaked in the attack. The team did notify the individuals affected, although it was 6 months later that victims received that notification.

BlackByte is a ransomware-as-a-service, or RaaS, that rents out their malicious code to other threat actors. This model is an unfortunate one, because it means that anyone with bad intent can cause a ransomware infection without being very tech savvy at all.

Toyota

In February and March of 2022, three apparently unrelated ransomware attacks caused major disruption for Toyota, affecting three of their suppliers, including a malware attack on Bridgestone, shutting down North American production of computer parts.

Throughout the attacks, 14 manufacturing plants had to shut down production for a day, causing a 5% dip in the company’s monthly productivity.

This attacks shows just how costly ransomware can be, even if systems are only offline for one day and even if the company doesn’t pay the ransom payment.

Unlike some of the other ransomware attacks we’ll talk about, there isn’t much information on the details of how these attacks happened on what the result was because Toyota has been pretty tight-lipped about the whole thing. In fact, they’re still calling it a “system failure.”

At the time of the attacks last year, there was a lot of speculation on whether or not the attacks were related to Japan coming out as a supporter of Ukraine in the war with Russia, giving $100 million in aid.

The attacks highlight that ransomware groups are savvy to the power of the supply chain. By attacking relatively smaller and more vulnerable companies, hackers are able to make larger companies feel the pain.

The Costa Rican Government

It’s never a good day when your country’s government gets hacked, which is exactly what happened in April 2022 when cybercriminal group Conti held government data at ransom for $10 million.

The first attack targeted the Ministry of Finance, causing total chaos in both the government and the private finance sector. The hackers entered the VPN with compromised credentials, stealing hundreds of GBs of data and installing the ransomware.

Conti upped the ante asking that the victims pay $20 million and escalated the chaos by attacking the healthcare systems and social security system. The average Costa Rican felt this attack since it took the entire healthcare system offline.

This ransomware attack was particularly newsworthy because it really showed how easily a ransomware group could take down an entire government. And Conti, a ransomware gang based out of Russia, was very clear about their motives, evening stating in a post,

“We are determined to overthrow the government by means of cyberattack.”

The US was so concerned with the threat they offered a $10 million reward for information leading to the any key member of the Conti gang. So far though, the gang continues to commit cybercrimes at will.

CHI Health

CHI Health is a part of one of the biggest non-profit hospital chains in the US, and they fell victim to a ransomware attack in October 2022. It compromised patient data and affected daily operations.

Beyond the annoyance or inefficiency of having to return to patient charting by hand, some patients weren’t able to access the medical equipment they rely on daily due to systems being offline.

The risk to patients might make the CHI Health attack one of the most significant ransomware attacks of 2022, just because it truly was a matter of life and death for some.

One cybersecurity expert, Tony Sabaj, interview by local news about the case shared,

“Ransomware actors will go after health care organizations because they’re more apt to pay ransomware attacks to get their systems back online so they can do lifesaving work and not affect patient care.”

Sabaj also stated,

“Healthcare records and healthcare information sells for a lot of money on the dark web. A full health record of an individual on the dark web is going to sell for anywhere from $250 to $1,000 per record, and if you compare that to credit card information, even if it’s complete credit card information, that will go for $1 or $2.”

CHI Health shared publicly that it simply followed its protocols for system failures, and it’s not clear whether or not they paid the ransom payment and that’s how they got back online, or if they figured out the encryption.

LA Unified School District

In the summer of 2022, the Los Angeles Unified School District fell victim to a ransomware attack, where 2,000 students’ assessment results were posted on the dark web. In this very unfortunate instance, the target victims were current and former students who’s detailed and sensitive student mental health records were leaked. Around 500 gigs of information got posted on the dark web after the district refused to pay the ransom.

Threat analyst Brett Callow, who was interviewed in the LA Times at the time of the attack shared how challenging it is to understand the true impact of cyberattacks and leaked personal information,

“What impact does knowing that extremely sensitive information have on people, including in terms of their mental health? How often is the stolen information misused? How often do third parties scrape the data and share it on other websites or on social media? How often [are] people actually contacted in extortion attempts?”

Protect Your Business from Ransomware Attacks in 2023

If hearing these ransomware examples is making you concerned about your business and the state of your cybersecurity, call ABQ-IT for a free risk-free assessment. You don’t even have to be an Albuquerque business to work with us. Especially when it comes to cybersecurity, we can help businesses all over the US because most of what our security analysts can do to help, we can do remotely.

Protect your business from cyber attacks and the costly fallouts of an attack from a ransomware gang. Call (505)582-6583 today to gain peace of mind.