Ransomware is one of the most sophisticated and terrifying attacks in today's threat landscape

27.12.2022

Ransomware is one of the most sophisticated and terrifying attacks in today's threat landscape.

A specialized form of malware, ransomware aims to force the encryption of a victim's files. The attacker then demands payment from the victim in exchange for a decryption key to restore access to the data after payment. The cost can range from a few hundred dollars to millions, plus it can cause disruption due to lack of access to data. Even if the ransom is paid, there is no guarantee that the promised key will be delivered. The ability of a ransomware attack to prevent access to a victim's data makes it a much greater threat than simple data theft, making ransomware protection a top cyber defense priority for any organization.

Notable ransomware attacks in 2022:

1. Ransomware attack in Costa Rica (government)

May 2022. Costa Rican President Rodrigo Chaves declared a state of emergency in the country due to Conti ransomware attacking numerous government institutions, including the Ministry of Finance, the Ministry of Science and the Costa Rican Social Security Fund (CCSS).

Conti, ransomware-as-a-service, has been wreaking havoc since 2020. Conti ransomware has several unique features not seen before, including the ability to run 32 encryption threads simultaneously and remote control via command-line options. This allows key data to be quickly encrypted without shutting down the system, enabling the organization to take action.

2. Puma ransomware attack (company)

Puma was notified of a security breach on January 10, caused by a ransomware attack on Kronos, their workforce management solution provider. Using ransomware and data exfiltration, the target was able to download and encrypt the personal data of more than 6,600 employees, including social security numbers, but no customer information was compromised. Kronos regained access to its data shortly thereafter, granting two years of free Experian IdentityWorks to affected Puma employees as compensation, including credit monitoring, insurance and restoration.

3. French hospitals attacked by ransomware (healthcare)
In August, hackers used the LockBit ransomware and attacked France's Centre Hospitalier Sud Francilien hospital, exfiltrating data. In retaliation for not paying the ransom, the attackers exposed patient data, including laboratory analysis, radiology reports and more. The attack disrupted all medical services, forcing the transfer of patients to other facilities and the postponement of operations.

Another French hospital, the André Mignot Hospital in Versailles, was also attacked in December by ransomware. They had to shut down their network for security reasons. André Mignot restricted the admission of new patients and even moved some to other hospitals.