February 12, 2023
5 Most Recent Major Ransomware Attacks
In recent years, ransomware attacks have become one of the biggest security threats faced by businesses and individuals. From the Wannacry attack in 2017 to the NotPetya attack in 2018, malicious cyber-attacks have cost businesses and individuals billions of dollars in damage and disruption. With the rise of ransomware attacks, it is essential to understand how to protect yourself and your data from these threats.
Ransomware has become an increasingly common problem in the digital age, and the recent spate of attacks is a reminder of how serious the threat can be. From healthcare providers to governmental agencies, no one is immune to the threat of ransomware, and the five most recent major ransomware attacks have shown us just how damaging it can be. Read on to find out more about these attacks and how you can protect yourself from similar threats.
The attackers (LAPSUS) gained access to large amounts of proprietary data and employee credentials due to the use of weak and easily guessable passwords. Once the attacker has encrypted Nvidia's data, the focus of LAPSUS$ has shifted from traditional ransomware attacks to cyber extortion, with the attacker threatening to leak sensitive information unless a ransom is paid. The company has since responded to this attack by strengthening its security protocols, including introducing multi-factor authentication, requiring stronger passwords, and increasing data encryption. Additionally, they are working with law enforcement to ensure the safe recovery of their data and to prosecute those responsible for the attack.
2. Costa Rica Government
The Conti ransomware gang launched an attack in 2020 that quickly gained notoriety for attacking both the public and private sectors. On April 11, 2022, Conti executed their last attack by gaining access to the Costa Rica government's network using compromised credentials obtained from malware. Advanced Intelligence (AdvIntel) reported that the hackers exfiltrated 672 GB of data on April 15 after reconnaissance activity.
The entry point was a system belonging to the Ministry of Finance, which was accessed over a VPN connection using the compromised credentials. The attack flow followed a typical pattern, with more than 10 Cobalt Strike beacon sessions set up and the adversary gaining local network domain administrator access. The intruder used various tools to enumerate domain trust relationships, scan the network for file shares, and download the filesharing output to a local machine using the Cobalt Strike backdoor channel.
Denso Corporation, a global automotive supplier and a subsidiary of Toyota, confirmed that it suffered a ransomware attack on March 10th, 2022. The company reported that the attack impacted Denso Automotive Deutschland, a subsidiary in Germany that handles engineering and sales in the country. Denso promptly responded by cutting off the network connections of the affected devices and ensuring that the attack would not interrupt its activities. The ransomware group, Pandora, claimed responsibility for the attack and threatened to leak the company’s trade secrets and transaction information. The attack followed similar incidents targeting other Japanese automotive suppliers, Bridgestone and Kojima Industries, highlighting the vulnerability of the Japanese auto industry’s supply chain.
Cisco suffered a cyberattack on May 24, 2022, when attackers gained access to an employee's personal Google account and synced passwords. Cisco Talos, Cisco's cybersecurity subsidiary, said the attackers used voice phishing and multi-factor authentication fatigue to trick the employee into providing access to the company's VPN client, then escalated to administrative privileges. The attacker was associated with the Yanluowang ransomware gang, the LAPSUS$ threat actor group, and the UNC2447 cybercrime gang. The attackers deployed various tools to increase their level of access to systems within the network, but Cisco said it successfully blocked their attempts to access its network. Cisco also said the attack had no impact on its business operations or sensitive customer data. The company is continuing to investigate the attack and said it has taken steps to prevent similar incidents in the future.
5. SpiceJet, an Indian airline
Budget Indian airline SpiceJet was forced to suspend its operations after an attempted ransomware attack. The attack caused significant delays and affected the company's customer service and booking systems. Despite the airline's claim that the situation had been rectified, passengers complained of long wait times, including up to 4 hours on planes without food or refreshments. SpiceJet did not warn customers of the potential disruptions and faced criticism from passengers and government officials. The attack could result in significant financial losses, and SpiceJet is one of several airlines that have faced cybersecurity threats in recent years.
Dangers of ransomware
Financial Losses: Ransomware attacks can be financially devastating, with the average ransom demand in 2021 exceeding $250,000. In many cases, victims are forced to pay the ransom to regain access to their encrypted files. However, there is no guarantee that the attackers will provide the decryption key even if the ransom is paid.
Exposure of Sensitive Information: Ransomware attacks can result in the exposure of sensitive information, including confidential business information, personal financial data, and other sensitive data. In some cases, the attackers may even publish the stolen data online if the ransom is not paid.
Loss of Business Operations: Ransomware attacks can cause significant disruptions to business operations, with some organizations forced to shut down for days or even weeks while they try to recover from the attack.
Reputation Damage: Ransomware attacks can also cause damage to a company's reputation, as customers, clients, and partners may lose trust in the organization's ability to protect sensitive information.
What do they all have in common?
The most common weak link in a ransomware attack is human error. This can include mistakes such as opening email attachments from unknown sources, visiting malicious websites, or failing to keep software up-to-date. Social engineering attacks, such as phishing emails, are also a common tactic used by ransomware attackers to trick victims into downloading the malware.
To mitigate the risk of a ransomware attack, it is essential to educate employees on the dangers of malicious software and the importance of following safe practices when using the internet. Organizations should also implement robust security measures, including firewalls, antivirus software, and regular backups of important data.
Another way to try and prevent ransomware attacks is by staying vigilant and proactive in your cybersecurity practices. This means regularly updating your software and operating systems, using strong passwords and two-factor authentication, and regularly backing up your data. Additionally, it's important to be aware of potential threats and to be sure to only open emails and attachments from trusted sources. Finally, it's essential to implement an effective security strategy that includes educating users on best practices and investing in reliable, up-to-date security solutions.
All ransomware victims have one thing in common: they all failed to take the necessary steps to protect their data. Whether it was not having the right security software in place, not patching their systems, or not backing up their data, ransomware victims have all been caught off guard and are now paying the price. The best way to protect yourself from ransomware is to be proactive and take the necessary steps to ensure your data is secure. This includes keeping your software up to date, backing up your data regularly, and investing in a good security solution to protect your data.
One of the most effective ways to prevent ransomware attacks is by using tools like NovaMDR, which is a security service that helps organizations enhance their security operations by combining the latest technology with human expertise. The service provides accurate threat detection and analysis and actionable response assistance to prevent security incidents. It aims to increase efficiency, enhance visibility, and improve the security operations team.
NovaMDR provides 24/7 security operations, reduces employee attrition, improves organizational security, and frees up internal IT security resources for more important tasks. The service continuously improves security posture with input from security professionals. It also provides automated threat detection and analytics, as well as continuous monitoring and response.