Top 10 ransomware attacks (2023 edition)

Top 10 ransomware attacks (2022-23 edition)

What is ransomware?

It is a form of external attack where the cybercriminal uses malware or engages in any other form of cyber attack to steal vital company information or lock up their network control and demands a ransom amount in exchange. The information stolen can be either personal, financial, or other sensitive information. 

Why is it worrying organizations globally?

The biggest concern surrounding ransomware attacks is the inability of organizations to recover data and sensitive information that is lost and isn’t restored/unlocked despite the payment of ransom to perpetrators. Over 70% of companies have ended up paying ransom to recover their sensitive data and restore their networks to function back to normal. 

Biggest ransomware ever paid

Ransomware payments can be highly damaging monetarily to businesses. One of the highest-demanded ransoms was by a ransomware group Evil Corp to CNA Financial in 2021 of around $60 million!

The sector paying the most ransomware

Among all the sectors, the manufacturing sector had the highest average ransom payment of $20,36,189 compared to $8,12,360 in other sectors. 

2022 has been a year with many ransomware attacks with over 2.3 billion attacks worldwide. 

Let us take a look at some of the deadliest ransomware attacks that shook the world.

10. GmBH Oiltanking Group

About the victim

A German petrol supplier group, known as Oiltanking GmbH who is responsible for the undisrupted supply of Shell gas stations across 26 companies in Germany.

What happened

A group of ransomware attackers known as BlackCat linked to another big ransomware attack Colonial Pipeline engaged in a Ransomware as a service (RaaS) attack that caused major disruptions in supply using malware ALPHV written in Rust.

When it happened

February 2022

What did it cost

Ransom amount – unknown

Massive disruption in supply chain operations and IT infrastructure

9. Kronos

About the victim

Ultimate Kronos Group (UKG) is a human resources giant based in America operating for a range of renowned public and private clients such as Tesla, MGM Resorts, and other clients which include hospitals and transport companies.

What happened

A ransomware attack suspected to be linked to Log4j vulnerability had impacted payroll and important human resource systems including Kronos Private Cloud and UKG Workforce Central housing payroll management services and data of its numerous clients and UKG staff.

When it happened

January 2022

What did it cost

Ransom amount – unknown

Disruption in payroll, shift management, and other major HR systems impacting some of the biggest clients associated with Ultimate Kronos Group.

8. Impresa

About the victim

Impresa group is one of the biggest media companies in Portugal which also owns Expresso newspaper company and SIC TV channels.

What happened

A renowned ransomware gang Lapsus$ carried out a range of ransomware attacks stealing over 50 Terabytes of data. The attackers had defaced the company’s websites with ransom notes claiming to have gotten hold of data and their Amazon Web Services account.

When it happened

January 2022

What did it cost

Ransom amount – unknown

Disruption of streaming capabilities, Loss of data, and access to account

7. Ward Hadaway

About the victim

Ward Hadaway is one of the world’s top law firms dealing with renowned clients from banking, construction, healthcare, and other sectors.

What happened

A huge chunk of Ward Hadaway’s sensitive data including client data and personal information was breached by an attacker and a ransom was demanded of around $6m with a threat that the information to be published online if the ransom wasn’t paid.

When it happened

January 2022

What did it cost

Ransom amount – unknown

Exposure of sensitive client information and data

6. Rompetrol

About the victim

Rompetrol runs some of the largest oil refineries in Romania such as Patroomidia Navodari which manufactures around 5m tons yearly.

What happened

A ransomware gang that went by the name of Hive had stolen some of Rompetrol’s company secrets and other important information. They had demanded a ransom of $2m in exchange for not publishing company secrets online and giving them the decryption key to their locked data.

When it happened

January 2022

What did it cost

Ransom amount – $2 million

Loss of confidential data of the company

5. Nvidia

About the victim

Nvidia is a renowned GPU and silicon processor manufacturer based in America.

What happened

A huge chunk of information was stolen by a ransomware group known as Lapsus$ in a ransomware attack. This included 1TB of proprietary data, critical employee data, company information, source codes for Nvidia’s hash rate limiter, and access credentials that were published online.

When it happened

February 2022

What did it cost

Ransom amount – $1 million

Breach of proprietary data such as source codes, access credentials, and servers.

4. Optus

About the victim

Australian telecommunications giant Singtel Optus Pty Limited with over 2.8m customers.

What happened

A group of unknown ransomware attackers had breached personal data including addresses, license numbers, passport details, and dates of birth of over 11.2 million of Optus’ customers in exchange for a ransom of around $1m in cryptocurrency.

When it happened

September 2022

What did it cost

Ransom amount – $1 million in cryptocurrency

Breach of privacy and loss of personal data of millions of customers.

3. Montenegro Government

About the victim

The government of Montenegro

What happened

In demand of a $10m ransom, a group of ransomware attackers had breached sensitive financial and personal information from over 150 government workstations in 10 institutions using a virus called Zero date.

When it happened

August 2022

What did it cost

Ransom amount – $10 million

Breach of sensitive financial and personal information.

2. TransUnion

About the victim

TransUnion is an America-based credit reporting agency with over a billion customers in 30 countries.

What happened

In March, over 54m personal records were stolen by a group of ransomware attackers in the South African division of TransUnion by exploiting weak passwords.

When it happened

March 2022

What did it cost

Ransom amount – $15 million

Data theft of over 54m personal records

1. Costa Rica Government

About the victim

The government of Costa Rica

What happened

Over 30 government institutions were attacked in April causing a national state of emergency. This included the Ministry of Finance, Science, Technology, Telecommunications, and other institutions such as the Administrative Board of Municipal Electricity Service of Cartago and the National Meteorological Institute. It was a series of attacks carried out by a gang of ransomware attackers known as Conti Group.

When it happened

April 2022

What did it cost

Ransom amount – $20 million

Theft of citizens’ confidential financial information and other sensitive information belonging to the companies operating in Costa Rica.

Do you want to learn more about ransomware recovery and prevention? Here is our blog on it: Ransomware Prevention or Recovery

We have seen some of the most dangerous ransomware attacks of 2022. Now let us take a look at some tips to protect ourselves individually from ransomware attacks. 

Some tips to defend against ransomware attacks

• Update all the Operating systems regularly.
• Create a regular backup of all of your systems and store them on cloud or an offline device.
• Periodically update and patch all of your systems and software.
• Plan and execute cybersecurity awareness training programs for all employees.
• Ensure that there is a 24/7 SOC team empowered with EDR and SIEM for early detection and hunting of threats.
• For better protection, it is essential to have some other form of email protection in place since most attacks start with a phishing email.
• Run comprehensive cybersecurity assessments regularly through penetration testing for preemptive detection of anomalies and vulnerabilities within your IT infrastructure.
• Integrate threat intelligence in your cybersecurity framework with firewall monitoring through SIEM for early detection of malicious activities and connections.
• Restrict users connected to your network to install software, apply the principle of “least privilege”.
•  Watch out for emails from unknown senders.
• Avoid the usage of USBs and PMDs (portable media devices)
• Encourage employees to download from trusted websites only.
• Avoid the use of public WiFi networks.
• Install anti-malware software.
• Create a backup of all the sensitive data.

Wrapping it up

Ransomware attacks can cause a cascading effect on an organization’s operations and data security. This year has seen a huge rise in ransomware attacks with the evolution of attack methodologies and strategies deployed by threat actors. It has become even more important to have expertise in place that can improve your organization’s cybersecurity posture and protect it from even the most sophisticated cyber attacks. 

SharkStriker is a cybersecurity company with SOC running 24/7/365 across the globe. We possess the right amount of resources and expertise to tackle the most immediate cybersecurity needs of organizations. We blend human expertise with cutting-edge technology to deliver seamless cybersecurity services. 

All of our solutions integrate easily with most of the organization’s IT infrastructure, allowing us to cater to even the most sophisticated bottlenecks such as ransomware attacks with lightning-speed threat detection and response. 

We have a team of expert pen-testers, incident responders, and cybersecurity experts who are seasoned in the deployment of effective incident response plans, reconfigurations, patches, and rules to augment your organization’s cybersecurity readiness. 

Partner with us to experience the next-gen cybersecurity.