In 2020, 2021 and now 2022, BlackFog’s state of ransomware in 2022 measures publicly disclosed attacks globally. We also produced an annual summary of our findings in the 2021 ransomware attack report. In 2022 we will be tracking even more statistics, such as data exfiltration and several others as the year progresses. As usual you can also subscribe to have the report delivered to your inbox every month.

PDF Report Banner

Get our Monthly Ransomware Report as a PDF

vCISO Ransomware Report

Free vCISO Ransomware Assessment

Ransomware Attacks July 2022
Ransomware Exfiltration Country July 2022

January

Ransomware started strong in 2022 with a significant attack on Bernalillo County in New Mexico making headlines. The incident closed most government buildings and impacted education in the area. The cyberattack also had a knock on effect at a county jail when the security camera and automatic doors were knocked offline leaving the inmates in lockdown. Here’s a look at what else we uncovered for the month.

  1. We start the new year with a reported attack on Portuguese media group Impresa. This attack occurred over the New Year holiday knocking the organization’s websites and online streaming services offline. Little-known ransomware gang Lapsus$ was behind the attack.
  2. French aerospace giant Thales Group were next to make ransomware headlines. A cyberattack on the firm was later confirmed as ransomware with Lockbit claiming responsibility. In a statement Thales said that “despite the fact that we have not received any direct ransom notification, we take this still unfounded allegation – and whatever its source – seriously. A dedicated team of security experts is currently investigating the situation.” Lockbit then took action by disclosing some of the exfiltrated data.
  3. A holiday ransomware attack on Crawford County caused havoc with the government computer systems. In a statement they said “our IT guys and the guys at Apprentice (the company that provides IT assistance for the county) have been working day and night to get things back up and running”. They also notes that the computer systems were shut down immediately to prevent the loss of data and files. It’s not known what gang was behind the attack or if there was a ransom demand.
  4. Montreal Tourism Agency shared that they had been one of the recent Canadian victims of the Karakurt hacking group. A spokesperson for the organization declined to say how the agency was compromised, whether the stolen data had personally-identifiable information, or what the attacker was asking for. The Karakurt posting, dubbed its Winter Data Leak Digest, says “the data amount we have obtained is speaking for itself. Which means there is a big hole in IT department that allowed us to exfiltrate everything we wanted.”
  5. Canadian heavy equipment maker Weldco-Beales Manufacturing was the next victim of the Karahut gang. At time of writing the company was assessing what if any data had been exfiltrated. Asked if the company had heard from the hackers, a spokesperson said, “they leave a trail on the server of files, they are wanting you to get hold of them and send them bitcoin. And they left a couple of voicemails. The voicemails, he said, told the company “to take this seriously, you know how to contact us.” He couldn’t recall how much was demanded in cryptocurrency.
  6. Carthage Schools in Missouri confirmed that the ‘cyber event’ they experienced at the end of 2021 was indeed a ransomware attack. In a statement they said, “regrettably, our forensic partners determined the ransomware group behind this attack obtained data from our network and has threatened to publish that information to the Dark Web. At this time, we do not know exactly what data may be at issue; however, we are working as quickly as possible to determine the answer.” Criminal gang Vice Society was behind the attack.
  7. Bernalillo County in Albuquerque New Mexico was forced to close most government buildings following a ransomware attack. The incident made several headlines this month, notably when the incident left a jail without access to its camera feeds and rendered its automatic door mechanisms unusable leaving inmates in lockdown.
  8. Leading school website provider FinalSite suffered a ransomware attack that disrupted website access for thousands of schools worldwide. The organization did not initially disclose that they had suffered a cyberattack but simply said that they were experiencing errors and “performance issues” across various services. After three days of disruption they confirmed the disruption was caused by a ransomware attack.
  9. Bay & Bay Transportation, a Minnesota based trucking and logistics company suffered a second ransomware attack, this time at the hands of the Conti gang. In 2018 a ransomware attack crippled the company forcing them to pay the ransom. On this occasion the organization was better prepared and was able to return to 90% functionality in a day and a half without paying a ransom.
  10. The ransomware group Ragnar Locker spread claims of a successful hack of telecom analytics firm Subex and its Broomfield-based cybersecurity subsidiary Sectri later sharing posts condemning the company for failing to protect its own network. An unconfirmed online report stated the firewall, router and VPN configuration data, company passwords, and employee documents had been published.
  11. Maryland Department of Health was hit with a devastating ransomware attack which left hospitals struggling amid a surge of COVID-19 cases. In a statement they shared that they had not paid any extortion demands. It’s not yet known what criminal gang was behind the attack.
  12. Japanese auto part manufacturer Denso suffered an attack by a criminal gang known as Rook. In a statement on their website the cybercriminals claimed to have exfiltrated 1.1 terabytes of data from the company. Denso belongs to the corporate group led by Toyota Motor Corp.
  13. Hensoldt, a German multinational defense contractor confirmed that some of its UK subsidiary’s systems were compromised in a ransomware attack. While the company is yet to issue a public statement regarding this incident, the Lorenz ransomware gang claimed the attack.
  14. Durham Johnston School in the UK suffered an attack at the hands of the Vice Society ransomware gang. Following the incident sources said that personal data belonging to pupils and teachers was posted on the Dark Web.
  15. UK based contractor payroll service provider Brookson Group reported that they had been hit by a “extremely aggressive” cyberattack to the UK National Cyber Security Centre. Although not confirmed by the company to be ransomware, the BlackCat gang claimed responsibility for the attack.
  16. Moncler, the luxury Italian fashion giant was next to make headlines when they confirmed a data breach following an attack by the BlackCat ransomware operation. Moncler confirmed that some data related to customers, current and previous employees, suppliers, consultants and business partners had been impacted.
  17. RR Donnelly, a leading integrated services company offering communications, commercial printing, and marketing to enterprise clients suffered a Conti ransomware attack. The company initially disclosed that they were not aware of any client data stolen during the attack, the Conti gang later claimed responsibility and began to leak 2.5GB of exfiltrated data. However, a source told news outlet BleepingComputer that the criminal gang soon removed the data from public view after RRD began further negotiations to prevent the release of data.
  18. Indonesia Central Bank disclosed they had been hit by a ransomware attack but public services were not impacted due to the quick measures taken to mitigate the incident. The Conti gang was behind the attack.
  19. Griggsville-Perry School District in Illinois, found themselves victim of ransomware gang who were holding their files hostage in return for a ransom. It’s not yet known who was behind the attack or what data was compromised.
  20. A ransomware attack on Pembroke Pines in Florida caused outages across certain city computers. A spokesperson for the city said so far it appears that no personal information was compromised and emergency services like police and fire remain operational.
  21. In the next reported incident Belarusian activists launched a ransomware attack on Belarusian Railways in protest of dictatorship. The group known as The Belarusian Cyber-Partisans demanded the release of 50 political prisoners and the removal of all Russian troops from the country to release the data.
  22. Linn County in Oregon discovered that a number of its computers were infected with ransomware knocking several systems offline including the county’s website which affected their ability to provide services to the public. Officials said at this time there was no evidence of compromised data.
  23. The Ministry of Justice in France made headlines when the Lockbit ransomware gang claimed that they had successfully hacked the organization, giving them a deadline of February 10th to pay the ransom or have their data leaked on the Dark Web.
  24. Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell were next to disclose they had been a victim of a cyberattack which affected only ‘non-critical’ systems. While the company’s statement did not name the group behind the attack, a Conti ransomware sample was found to be deployed on the company’s network.
  25. New Bedford Police Department in Massachusetts shared that they had been impacted by a ransomware attack affecting some of the department servers and computers, the non-emergency phone network was also out of service as a precautionary measure. It’s not yet known who was behind the attack or if any data was exfiltrated.
  26. South Africa based investment administration provider Curo Fund Services found themselves unable to access IT systems for 5 days following a ransomware attack. At time of writing the incident was under investigation “to establish the origin, nature and scope of this incident so as to assess any data breaches”.
  27. John Diefenbaker International Airport in Saskatoon, Canada suffered an attack at the hands of the Snatch ransomware gang. The gang posted what is known as a ‘proof pack’ of some of the exfiltrated data on the Dark Web. Sources have told media outlet IT World Canada that the goal of the criminal gang appears to be to embarrass the Saskatoon Airport Authority (SAA) for being unable to pay the ransom demand.

February

We recorded 28 ransomware attacks this month, with almost half occurring outside of the United States. Notable incidents included an attack on the San Francisco 49ers’ during Super Bowl weekend and an attack on KP Snacks, a well-known UK snack food manufacturer. Here’s a snapshot of the ransomware attacks that made news during the month.

  1. An attack on German oil company Oiltanking GmbH impacted gas stations across the country. Royal Dutch Shell disclosed that they had been forced to reroute to different supply depots because of the issue, while German newspaper Handelsblatt said 233 gas stations across Germany were impacted and forced to revert to manual processes. The BlackCat ransomware gang was behind the attack.
  2. KP Snacks, a major producer of popular British snack foods was hit by the Conti ransomware group affecting distribution to leading supermarkets across the UK. The gangs private leak page shared samples of credit card statements, birth certificates, spreadsheets including employee personal data, confidential agreements, and other sensitive documents. The gang allegedly gave the company five days to pay a ransom before leaking even more proprietary data on their public blog.
  3. US business services company Morley Companies Inc. disclosed that they had been a victim of ransomware in August 2021. After an internal investigation the company determined that the unnamed threat actors exfiltrated the personal information of 521,046 individuals. The company notified affected parties including employees, contractors, and clients in January this year. In a statement the company said, “Morley Companies is not aware of any misuse of your personal information due to this incident.” Although it seems that might not be the case as HackNotice, the cyber-intelligence platform claims to have seen Morley’s data on the Dark Web a week prior.
  4. An attack on the Neenah School District in Wisconsin disabled the district’s internet, phones, email and other information technology which resulted in a two-day shutdown of schools. A ransom was demanded by the unknown attackers but the school district declined to provide details relating to the amount of the ransom or whether any or all of it had been paid by their insurance company.
  5. Airport management services company Swissport experienced a ransomware attack that targeted its IT infrastructure. Headquartered in Opfikon Switzerland, the company manages airport ground and cargo handling services for over 300 locations. The BlackCat criminal gang was responsible for the attack.
  6. Syndicat Intercommunal d’Informatique (SII), an IT service provider based in France experienced a ransomware attack at the hands of the Hive cybercriminal gang. The organization provides IT services and assistance to various other municipalities within the Department of Seine-Saint-Denis in the French region of Île-de-France, at least three other municipalities were impacted.
  7. Taylor Regional Hospital in Kentucky disclosed on Facebook that their phone lines, email and other IT systems had been taken offline following a ransomware cyberattack. The hospital declined to respond to media queries about the incident and it’s not yet known who was behind the attack.
  8. New Zealand Uniforms was hit by the Conti ransomware gang who shared the incident on their Dark Web site. A spokesperson said the attack had temporarily impacted some of its systems but that they were “fully operational again within 48 hours, minimizing the impact to customers”. They also confirmed that no ransom had been paid or proposed and that they had not engaged with the criminal gang.
  9. Ohlone Community College District in California disclosed that the private information of some staff, faculty and current and former students had been compromised in a cyberattack. An investigation is ongoing and it’s not yet known who was behind the ransomware attack.
  10. Jax Spine and Pain Centers reported a hacking incident to the HHS following a claim from the Avos Locker criminal gang who said they acquired data relating to 260,000 of their patients. On the threat actors leak site they said , “we have the full EHR (Electronic Medical Records) database for 262,000 patients! We are publishing list only for first 100 patients as proof.”
  11. Emil Frey, Europe’s largest car dealer disclosed that they had been a victim of ransomware after they showed up on the list of Hive ransomware victims. A spokesperson for the Swiss company declined to comment on whether or not customer data had been accessed.
  12. Optionis Group, a UK based accounting conglomerate had their data dumped on the Dark Web by the Vice Society, a typical response to a lack of cooperation with the criminal gang. Optionis Group houses brands including Parasol Group, Clearsky, SJD Accounting and NixonWilliams.
  13. The San Francisco 49ers’ made headlines during the Super Bowl weekend when they were hit by ransomware. Confirmation of the attack came after the 49ers were listed on a Dark Web leak site as a victim of the BlackByte ransomware-as-a-service group. The threat actors claimed to have exfiltrated data with an estimated value of $4.175 billion.
  14. Mizuno, the Japanese sportswear and sporting equipment manufacturer suffered an attack which led to significant business disruption, including phone outages, shipping delays and website issues. The company did not provide a public statement about the cause of their outages and it’s not yet known who was behind the attack.
  15. The Royal Dublin Society (RDS) issued a warning to its members that their data may have been compromised in a ransomware attack. RDS management confirmed that cybercriminals had “extracted data from our servers”, which included personal data belonging to staff, members, and suppliers. The RDS has 3000 members.
  16. Centralia College in Washington issued a press release confirming that they had been hit with a ransomware attack. It’s not yet known who was behind the attack or if any employee or student data has been compromised.
  17. Extend Fertility, a New York based clinic recently notified its patients that their data may have been compromised in a recent ransomware cyberattack. A month-long investigation into the incident revealed that the threat actors had access to servers that stored the protected health information (PHI) and personal data of some of the clinic’s patients. The full extent of the attack is currently unknown as the data analysis is ongoing.
  18. The Hays USD 489 school district in Kansas experienced disruption across its IT systems following a cyberattack confirmed to be ransomware. The school has not shared information about the attack as the investigation is ongoing.
  19. The University of Neuchâtel (UniNE) in Switzerland was hit by a ransomware attack by the Conti gang. The school confirmed the incident but at time of writing had not received a ransom demand from the criminal group.
  20. US cookware giant Meyer informed the U.S. Attorney General offices that they had suffered a data breach affecting thousands of their employees. An investigation into the incident revealed that threat actors gained access to personal information belonging to employees of Meyer and its subsidiaries. The Conti criminal gang shared a ZIP file containing 2% of the exfiltrated data but at time of writing had not followed up to publish the remaining 98%.
  21. Expeditors, a Seattle based logistics and freight forwarding company was hit by a ransomware attack which forced the company to shut down global operations. The company did not confirm the type of cyberattack, but a tip shared with media outlet Bleeping Computer said it appeared to be a massive ransomware incident.
  22. India’s only state-owned and operated container terminal Jawaharlal Nehru Port Trust reportedly started turning away ships after suffering what is believed to be a ransomware attack. The Jawaharlal Nehru Port Container Terminal is one of five container terminals in India’s largest container port, Jawaharlal Nehru Port Trust, which accounts for half of all the containers handled in the country.
  23. Russian cybercriminal gang Snatch claimed to have stolen 500 gigabytes of data from McDonalds, posting their demand for an undisclosed sum on the Dark Web. McDonalds has not yet commented on the attack.
  24. LA: Spine Diagnostic & Pain was hit by the Conti criminal gang. The hackers added the Louisiana based practice to their leak site, dumping 3351 files that they claimed represented 30% of all the files they had exfiltrated.
  25.  Graphics card manufacturer Nvidia Corp was hit by the Lapus$ ransomware gang. The company released a public statement confirming the attack but did not share details about the extent of the incident. According to reports from the hackers it seems the company decided to retaliate rather than negotiate.
  26. Cybercriminal gang Lapus$ found the tables turned on them when recent victim Nvidia launched a retaliatory strike against them to prevent the release of the chipmaker’s stolen data. Screenshots from the publicly accessible Lapsus$ Telegram channel were shared on Twitter by several security researchers with the gang claiming the company exfiltrated 1TB of their data.
  27. iTCo a New Zealand based IT company that specializes in online security was hit by the Conti gang who claimed that they had exfiltrated more than 4 gigabytes of data. An investigation into the incident is ongoing.
  28. Managers at the Bridgestone-Firestone tire factory in Iowa were forced to send workers home after learning that hackers may have compromised the international corporation’s data systems. A spokesperson for Bridgestone Americas, said in a statement that company officials are investigating the “information security incident.” She also added that Bridgestone managers had disconnected company devices across many Latin American and North American factories.

March

In March we recorded 25 ransomware attacks with Samsung, Microsoft and Bridgestone making headlines. Automotive giant Toyota also made news when they were forced to halt production across all plants in Japan after a ransomware attack on a key supplier. Here’s a look at what else we uncovered during the month.

  1. We begin the month with insurance giant AON who disclosed that they had been hit by a ransomware attack which reportedly left no significant impact on the company. Little is known about the attack which occurred in late February according to a filing with the Securities and Exchange Commission (SEC).
  2. Toyota made ransomware headlines when they were forced to halt production across all plants in Japan after a ransomware attack on a key supplier. Also affected were Toyota subsidiaries Hino Motors and Daihatsu Motor.
  3. Fleetwood Area School District in Pennsylvania sent a letter to families and staff informing them that the technical difficulties the district had been experiencing were the result of a ransomware attack. No further details about the incident were disclosed.
  4. Electronics giant Samsung made news when the Lapsus$ data extortion gang leaked confidential data which they claimed had been exfiltrated from the company. Following the attack the extortion gang shared a note teasing Samsung about releasing their data with a snapshot of C/C++ directives in Samsung software.
  5. Rompetrol, Romania’s petroleum provider shared that they were battling a massive cyberattack. News outlet Bleeping Computer revealed that the Hive ransomware gang was behind this attack and they had hit the organization with a multi-million dollar ransom.
  6. Denso Automotive  confirmed they were hit by new ransomware player Pandora after the gang began leaking sensitive data. Denso is one of the world’s largest automotive components manufacturers, supplying brands such as Toyota, Mercedes-Benz, Ford, Honda, Volvo, Fiat, and General Motors. While the company stated that the cyberattack did not impact their operations, the Pandora ransomware gang began leaking 1.4TB of files allegedly exfiltrated during the attack.
  7. Canadian aluminium manufacturing company Aluminerie Alouette suffered major systems failure due to a ransomware attack at the hands of the Conti gang. The gang shared details of the attack on their leak site, details of the ransom demand are unknown and Aluminerie Alouette did not respond to media requests for information.
  8. Vodafone appeared to suffer a data breach at the hands of the Lapsus$ ransomware group without even knowing it. The group issued a poll on its Telegram channel asking their subscribers whose stolen data they should dump next – with three options available: Vodafone, Impresa, and MercadoLibre. Vodafone said they were working with law enforcement and investigating the incident but would not comment on the credibility of the claim.
  9. Buenos Aires-based online marketplace Mercado Libre admitted in an SEC filing that source code and user data were accessed, although it did not reveal how. Although the Lapus$ gang sited them as a victim along with Vodafone on their Telegram channel. The company commented “although data from approximately 300,000 users (out of our nearly 140 million unique active users) was accessed, to date, and according to our initial analysis, we have not found any evidence that our infrastructure systems have been compromised or that any users’ passwords, account balances, investments, financial information or credit card information were obtained. We are taking strict measures to prevent further incident”.
  10. Data from Altoona Area School District in Pennsylvania shared that the district had suffered an attack on their server in December 2021, after which they started working with a ‘high-end’ security vendor to secure their servers. However, this month district administration was contacted by employees saying their credit monitoring services had been in touch to advise that their social security numbers or medical identification numbers were found on fraudulent trading websites on the Dark Web.
  11. French video game company Ubisoft confirmed they had suffered a hack at the hands of the Lapus$ gang. In a statement they said “we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident”.
  12. The LockBit gang attacked Bridgestone Americas who managed to recover from the attack. Unfortunately, the ransomware gang later threatened to release the data they managed to exfiltrate during the attack. Bridgestone later hired Accenture Security to investigate and understand the full scope and nature of the incident and to determine what data had been stolen.
  13. East Tennessee Children’s Hospital disclosed that they had been a victim of an “information technology security issue” in the evening hours of Sunday, March 13th. In a statement they said “maintaining the safety and security of our patients and their care is our top priority. We are still able to care for our patients. Our cyber forensics teams and outside agencies are doing everything possible to minimize any disruption. The response is active and still ongoing. We apologize for any inconvenience, and ask for your patience as we address this issue.” No further details were available.
  14. The South African division of US-based consumer credit bureau TransUnion acknowledged that they had suffered a ransomware attack after a third party gained access to one of its servers through misuse of an authorised client’s credentials. In a statement they said “we have received an extortion demand, and it will not be paid”.
  15. The National Rifle Association (NRA) finally confirmed that the cyberattack they experienced in October last year was indeed ransomware. The NRA’s political action committee filed a report to the Federal Election Commission to confirm the attack, claiming it was the reason why the organization couldn’t report some of the donations it had received at the time.
  16. The ​​Scottish Association for Mental Health (SAMH) suffered an attack at the hands of the RansomEXX ransomware gang. The attack impacted its IT systems, including email and some phone lines and unfortunately led to more than 12GB of sensitive data being leaked to the Dark Web.
  17. Officials from Plainfield County in Connecticut disclosed that hackers were holding the town hall and police department computer files hostage after a cyberattack. A spokesperson could not say how the system was breached or what specific steps were being taken to solve the problem, but did confirm that the affected town hall computers contain some basic resident information, including names, addresses and phone numbers, but no billing information.
  18. The Bexar County Appraisal District in Texas confirmed they had become the victim of a ransomware attack. A spokesperson said there was a ransom note but the hackers did not demand an amount of money and didn’t leave contact information.
  19. Lapus$ strikes again, this time San Francisco tech company Okta was the victim. According to the Lapus$ screenshots shared on Telegram, the ransomware group said it did not target Okta’s databases and instead focussed on Okta customer data.
  20. Hellenic Post (ELTA) the state-owned provider of postal services in Greece disclosed they had suffered a ransomware incident which affected most of the organizations services. The agency’s IT teams determined that the threat actors exploited an unpatched vulnerability to drop malware allowing access to one workstation using an HTTPS reverse shell.
  21. Microsoft confirmed that the Lapsus$ hacking group had successfully compromised an employee’s user account and had stolen code, days after the group boasted that it had infiltrated the software giant. The company shared that no customer data or code was affected and that the operation was interrupted by its security team. The company made the admission in a blog post describing Lapsus$’s tactics, and offering guidance on how to protect against them.
  22. Memorial Hospital of Carbon County in Rawlins Wyoming disclosed they had been a victim of ransomware. A hospital spokeswoman did not specify which of the hospital’s systems were targeted in the attack, but added that the hospital’s two electronic health record systems, were not compromised. It’s not yet known who was behind the attack or if any data had been compromised.
  23. Oklahoma City Indian Clinic had 360 GBs of data including health and financial records stolen during a cyberattack claimed by the Suncrypt ransomware gang. The attack impacted some of the clinics computer systems and their auto-prescription refill system.
  24. The Rehab Group in Ireland disclosed they had been a victim of a criminal ransomware attack in which the hackers were trying to access patient information and financial data. It’s not yet known who was behind the attack which a spokesperson described as “a plain vanilla ransomware criminal attack, where they were trying to obtain money in exchange for blackmailing Rehab with threats of destroying their data or publishing their debtors”.
  25. Partnership HealthPlan of California, a non-profit that manages health care for Medi-Cal patients in 14 counties made headlines when the Hive ransomware gang claimed to have stolen private data for 850,000 of its members. A screenshot of the claim stated that “stolen data included…850,000 unique records of name, SSN, date of birth, address, contact, etc.” It also stated that 400 gigabytes of data were stolen from Partnership’s file server. The claim has since been removed and the incident is under investigation.

April

In April the Stormous criminal gang made headlines when they claimed an attack resulting in 161 GBs of data stolen from Coca Cola without the company knowing. Reports say the Russian-linked hackers later put it up for sale for $640,000 or 16 million Bitcoin. The Conti gang was also busy this month with notable attacks on industrial giant Parker Hannifin and Snap On Tools. Newcomers Black Basta also made headlines when they claimed attacks on Deutsche Windtechnik and the American Dental Association. Here’s a snapshot of what organizations made the ransomware list this month.

  1. HP Hood Dairy, the company behind Lactaid, a brand of lactose-free milk was missing from the shelves in US supermarkets at the beginning of the month due to a ransomware attack. The company declined to share details of the incident, but cyber experts say it was likely ransomware. Hood Dairy is the latest victim in a string of high-profile attacks on food manufacturers in the US which is contributing to shortages amid tight supply chains and high prices.
  2. The Anonymous hacker group posted on Twitter that they had launched an attack on the Russian Orthodox Church. The group released around 57,500 emails from the data they stole from the organization.
  3. UK retailer The Works made headlines when a ransomware attack caused by a malicious phishing email forced some of its stores to close. The company who operate 520 stores said that customer data had not been accessed and that they would not speculate about the potential for paying the ransom. The group behind the attack and the ransom demand hasn’t been disclosed as yet.
  4. Perusahaan Gas Negara (PGN), Indonesia‘s state-backed oil and gas company found themselves a victim of the Hive ransomware gang. The Indonesian government holds a majority stake in PGN, which provides gas to 84 million customers.
  5. Following a ransomware attack, listed law firm The Ince Group was granted an interim injunction to stop hackers from releasing confidential data on the Dark Web if they failed to pay the ransom. The judge who made the order called it a clear case of blackmail. It’s not yet known who was behind the attack and if they disclosed any of the exfiltrated data.
  6. Industrial giant Parker Hannifin, a provider of engineered solutions for organizations in the aerospace, mobile, and industrial sectors were hit by the Conti ransomware gang. In a regulatory filing the company disclosed that they had detected a breach and subsequently shut down some systems, an investigation is ongoing. The company confirmed that some information had been accessed including personal employee data. The hackers published 5GBs of data which they claim was 3% of the data they exfiltrated.
  7. In a campus message Florida International University shared the following message, “today, a ransomware group posted that sensitive FIU data had been exfiltrated. We have been investigating and there is no indication thus far that sensitive information has been compromised. At this time, no further information is available”. Cybersecurity experts who looked at the allegedly stolen data confirmed that it did include sensitive information from staff and students at the university. BlackCat was behind the attack which was the 8th reported attack on US colleges this year.
  8. Tech company Globant disclosed in an SEC filing that had experienced a data breach after the Lapsus$ ransomware gang claimed to have stolen 70GB of source code from the company.
  9. American automotive tools manufacturer Snap On announced a data breach after a ransomware attack exposed their associate and franchisee data. The Conti gang was behind the attack which compromised personal data including names, Social Security Numbers, dates of birth, and employee identification numbers.
  10. A&T University in North Carolina was struck by the BlackCat ransomware gang. The attack which affected online systems and was said to have occurred during spring break. News of the incident followed a post on the criminal gangs darknet site where they name and shame in an attempt to extract a ransom payment.
  11. Japanese animation studio Toei Animation is experiencing production issues after a ransomware attack. It’s not known what criminal gang was behind the attack which the company is investigating. The company stated they are not sure that they can completely restore what was lost in the attack.
  12. Vehicle dealer group TrustFord revealed that a ransomware attack by the Conti gang affected their internal systems. TrustFord assured customers that their sites remain open and trading and that the attack did not impact Ford Motor Company Systems.
  13. Tech giant Panasonic confirmed that its Canadian operations were hit by a cyberattack, less than six months after the company last fell victim to hackers. The Conti gang was behind the attack and claimed to have stolen over 2.8 gigabytes of data from Panasonic Canada. When asked by news outlet TechCrunch, the company did not dispute that the incident was the result of a ransomware attack but they declined to say what data was accessed, or how many people were impacted by the breach.
  14. Nordex, one of the world’s largest developers and manufacturers of wind turbines was the next victim of the Conti criminal gang. In an announcement the company disclosed that they had suffered a cyberattack that was detected early and that they had shut down their IT systems to prevent the spread of the attack. They did not confirm that the incident was ransomware despite the Conti gang claiming the attack and sharing details on their leak site.
  15. Funky Pigeon, an online greetings card and gifts business was forced to suspend their business following a cyberattack. The WH Smith-owned company said it had taken its systems offline “as a precaution” and was therefore unable to fulfil any orders. It’s not yet known who was behind the attack.
  16. A  ransomware attack crippled the Costa Rican government computer systems. After refusing to pay a ransom the Conti gang began publishing the stolen information. The Finance Ministry was the first to report problems with a number of its systems including tax collection being impacted. Attacks on the social security agency’s human resources system and on the Labour Ministry, as well as others followed.
  17. The Rio de Janeiro finance department confirmed they had been hit by a ransomware attack on its systems. The LockBit gang claimed to have stolen 420 GBs of data which they would disclose if the ransom was not paid.
  18. The American Dental Association (ADA) was hit by a weekend cyberattack which caused them to shut down portions of their network while undertaking an investigation. The organization downplayed the incident and shared that preliminary investigations did not indicate that data had been compromised. However, new ransomware gang Black Basta later claimed the attack and began leaking data.
  19. Relatively new ransomware gang Stormous made headlines when they claimed an attack on Coca Cola. The criminal gang posted on its website that it had hacked Coca-Cola’s servers and retrieved 161 gigabytes of data which included financial data, passwords and commercial accounts. The group is now trying to sell that data for more than $640,000 or more than 16 million in Bitcoin, Coca Cola is investigating the incident.
  20. Top 100 law firm Ward Hadaway found themselves blackmailed for up to $6m in bitcoin after confidential documents were obtained in a ransomware attack. The firm detected a cyberattack last month and was told by an unidentified hacker that files and data downloaded from its IT systems would be published online if $3 million was not paid within a week, after which the ransom would double to $6 million. The Lorenz gang was behind the attack.
  21. German wind turbine giant Deutsche Windtechnik disclosed that some of its systems were hit by a cyberattack earlier this month. The attack forced the company to switch off remote data monitoring connections to the wind turbines. Deutsche Windtechnik did not disclose the attack but experts believe that the firm was hit with ransomware. Our research confirms that newcomer Black Basta was behind the attack.
  22. Students and staff at Austin Peay State University in Tennessee experienced disruptions after a ransomware attack impacted the schools IT systems. The school administration and APSU Police sent out alerts by email to all students faculty and staff, saying, “APSU ALERT: We are under a Ransomware attack. If your computer is connected to the APSU network, please disconnect IMMEDIATELY.” It’s not yet known who was behind the attack.
  23. An attack on Wyandotte County in Kansas went undetected for 2 days and unreported for a third according to media reports. The attack which caused havoc across multiple government systems hasn’t been claimed by a gang yet but inside sources say there has been a ransom demand. Sources also said that they were unusually ripe for an attack, with insufficient technology and personnel, and had been warned about it well in advance – by tech experts and by a cyberattack on the county’s Board of Public Utilities a few years ago.
  24. Becker Law Office, one of Louisville’s best-known law firms was hit by the LockBit gang who threatened to release their data if the ransom wasn’t paid. Media outlet The Courier Journal learned of the attack from a website that provides real time alerts about cyber risks. In a statement from the company they said the attack is under investigation said it is too early to release information.
  25. A cyberattack that left Elgin County’s IT systems down at the start of the month is now suspected to be ransomware. At the end of the month, data belonging to the county appeared on the Conti gang’s data leak site, shedding new light on the “technical disruption” that had been plaguing the county for the last few weeks. Interestingly the data disappeared from the Conti site soon after indicating that it’s possible the county could be negotiating a ransom with the criminal gang.

May

In May 26 ransomware attacks were publicly disclosed, an increase over both 2020 and 2021. Education and government were the hardest hit verticals for the month, with an attack on Indian airline SpiceJet and farming equipment maker AGCO making the most headlines globally.  The Austrian state of Carinthia also made news when  the BlackCat criminal gang disrupted their systems and demanded a ransom of 5 million. Here’s a snapshot of what else we uncovered.

  1. We start the month in Germany where library service Onleihe disclosed that they had been hit by ransomware. Onleihe allows users to rent and borrow e-books, electronic newspapers, magazines, audio books and music from more than 200 libraries across Germany, Austria, Switzerland, Italy, Liechtenstein, Denmark, Belgium and France. Many websites connected to their platform were impacted by the attack which the LockBit criminal gang claimed responsibility for, they also admitted to leaking data indicating that a ransom had not been paid.
  2. Next up, another library system, but this time in New York. Officials at the Westchester County Library System reported that the library system’s network had been impacted by a ransomware attack but the threat actors were not able to compromise any personal data from its patrons. According to officials, security measures in place managed to curb the attack.
  3. Kellogg Community College in Michigan was forced to cancel classes and closes campuses following a ransomware attack. It’s not yet known who was behind the attack or if personal data belonging to staff and students have been compromised.
  4. The LockBit gang, thought to have strong ties with Russia, announced that they would be releasing files they stole from the Bulgarian refugee agency. Nearly 230,000 Ukrainian refugees have made their way to the country since the start of the war. A note on the dark web site belonging to the gang said that all data would be published but there was no mention of a ransom amount.
  5. Major US farming equipment manufacturer AGCO suffered a ransomware attack which disrupted production. The company confirmed the incident after media in France reported a cyberattack had hit several AGCO sites in the country. Our research indicates that the BlackBasta criminal gang was behind the attack.
  6. Health-systems and medication-management-solutions provider Omnicell had their systems disrupted by a ransomware attack. A spokesperson commented that “upon detecting the security event, the company took immediate steps to contain the incident and implement its business continuity plans to restore and support continued operations.” The gang behind the incident is still unknown.
  7. An attack on web hosting server Opus Interactive caused major disruption across several organizations including the Oregon primary election, Myrtle Beach National golf facility and virtual assistant company Ruby Receptionists. It’s not yet known who was behind the attack and if any data was compromised.
  8. Up next is Canadian fighter jet training company Top Aces. The Montreal based company which is said to be the “exclusive adversary air provider to the Canadian and German armed forces” — showed up on the LockBit ransomware groups data leak site. In a brief statement to press the firm disclosed that they were in the process of investigating the incident.
  9. Texas based Christus Health was hit by the AvosLocker gang. The good news is that the incident didn’t affect patient care, but the bad news is that the gang made off with sensitive patient and employee data. A notice on their data leak site claimed that all of the stolen data was for sale if the owner didn’t pay the ransom.
  10. The LockBit ransomware gang claimed an attack on Mercyhurst University in Pennsylvania. The irony of this is that the incident follows the university’s participation in Cyber Impact 2022 where they patted themselves on the back for their work in cybersecurity. The university didn’t confirm the breach but LockBit claimed they would be leaking the stolen data. In a later update the LockBit listing had been taken down, suggesting there may have been a negotiation or payment.
  11. Auction.com, an online marketplace for buying and selling residential bank owned and foreclosure properties, was among the latest victims of the Conti ransomware group. It was reported that the breach took place on April 13th, with personal financial data and other identifying information being accessed and released on the dark web.
  12. Bank of Zambia made headlines after an attack from the Hive ransomware gang. A spokesperson for the bank commented that their core systems were still up and running and ‘not much sensitive data has actually been shipped out’. The organization didn’t feel it was necessary to engage in a ransom conversation with the attackers, in fact, they made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination), or read the story in Bleeping Computer!
  13. Belgian private hospital group Vivalia suffered a LockBit ransomware attack which severely crippled their operating capacity. As a result of the attack, patient records were unavailable and many processes reverted to manual. The cybercriminal gang threatened to publish 400 GBs of hospital and patient data if ransom demands weren’t met.
  14. Nikkei Inc, a Japanese business news group, reported that its Singapore unit had fallen victim to a ransomware attack. A server at Nikkei Group Asia Pte, containing customer data, first detected unauthorized access on 13th May, according to a company statement. No one has yet claimed responsibility for this attack.
  15. Fort Summer Municipal schools in New Mexico suffered an attack from the CLOP cybercriminal gang. Sensitive information from students, faculty members and parents, including scanned driver’s licenses later appeared on the ransomware group’s data leak site.
  16. The CLOP gang also hit Washington Local Schools in Ohio who released a statement saying a cyberattack had affected phone, email, internet and Wi-Fi networks as well as Google Classroom systems.
  17. Following an attack on the city of Quincy Massachusetts, the mayor shared that the city has spent over $500,000 for an encryption key to regain access to the city’s information service systems. The attack affected the city’s systems but it is believed that no personal information was compromised. A further $150,000 was approved by the city in emergency funds for outside consultants relating to security services, cyber cryptocurrency and ransomware negotiation services.
  18. India’s SpiceJet airlines announced that their systems had faced an “attempted ransomware attack” causing lengthy delays and passengers stranded at airports with very little communication from staff. According to company statements their IT team were able to contain and rectify the situation with no further information given on the attack or perpetrators.
  19. An attack on the Austrian state of Carinthia caused massive disruption across government IT systems. The BlackCat ransomware gang demanded $5million in exchange for decryption software and sensitive data which they have claimed to have accessed. However, a spokesperson shared that demands would not be met as there was no evidence of data exfiltration. 3,000 IT workstations were affected, halting the delivery of new passports and traffic fines. The State’s email service, website, Covid contact tracing and social benefits were also affected by the incident.
  20. The De MontFort School in Eversham UK suffered a cyberattack that affected all of the school’s IT systems including the website, phone and email lines. In a statement released by the school, it was suggested that data, personal or otherwise, was not accessed or stolen during the attack.
  21. Martin University in Indianapolis disclosed that ‘like many other colleges and universities across the nation’, they too had experienced a recent ransomware attack. The university learned of the suspicious activity on January 3, 2022 and immediately hired security experts and a computer forensic investigator to investigate. The investigation revealed that personal information of some current, former, and prospective students may have been impacted. The university publicly disclosed the incident via a press release on My 26th.
  22. A ransomware attack in Central New Jersey’s Somerset County disrupted services and forced employees to shut down computers and create temporary Gmail accounts to ensure the public could still email health, emergency and sheriff’s departments. A spokesperson shared that the FBI were investigating the incident, however it is still unclear who is responsible for the attack. This attack marks the 22nd US state or local government to be hit by ransomware in 2022, according to analysts at Recorded Future. Later news suggested that the attack had taken the County back to 1977 as a result of the level of disruption.
  23. Regina Public Schools was forced to shut down all internet based systems following a ransomware attack. According to the note appearing on the computers, 500GBs of files containing tax reports, health information, social security insurance and passports were been copied and encrypted. The BlackCat gang claimed responsibility.
  24. North Orange County Community College recently reported that they had suffered a ransomware attack in January of this year. The incident which affected more than 19,000 people involved both Cyprus College and Fullerton College. A notice posted by the school suggested some personal, financial and medical information had been compromised from Fullerton College. Cyprus College were unable to determine whether patient data from their Dental Hygiene Clinic was viewed or taken but felt it necessary to issue a notice. It’s not yet known what gang was behind the incident.
  25. On the last day of the month all computer systems on the network of Costa Rica’s public health service ( known as the Costa Rican Social Security Fund or CCCS) were offline following a Hive ransomware attack. The CCCS publicly acknowledged the in a statement issued on Twitter. The investigation is ongoing but the Costa Rican government agency says that citizens’ health and tax information stored in the EDUS (Unified Digital Health) and the SICERE (Centralized Tax-Collection System) databases was not compromised.
  26. American apparel manufacturing giant Hanesbrands disclosed that they had been affected by a ransomware attack in a regulatory filing. At time of writing it’s unclear what effect the ransomware attack had or continues to have on Hanesbrands. In the notice the company said it had “activated its incident response and business continuity plans designed to contain the incident,” and that the forensic investigation into the incident was ongoing.

June

In June we recorded 31 publicly disclosed ransomware attacks, the most we’ve seen this year so far. South Africa’s largest supermarket chain made news when they were hit by the RansomHouse criminal gang, and one of Brazil’s largest retail chains, Fast Shop was also hit. The BlackCat gang claimed an attack on the University of Pisa hitting them with a $4.5 million ransom, while Brooks County in Texas admitted to paying their ransom with tax payer dollars. Here’s a look into what else we uncovered during the month.

  1. We start the month in Australia where the liquidators for building company Pivotal Homes revealed the company had been hit by ransomware just weeks before it collapsed. The company cited rising costs as the reason for the closure and it seems like the ransomware attack may have been the last straw for the struggling company.
  2. Up next was a Memorial Day weekend ransomware attack on the Cape Cod Regional Transit Authority. On the Monday following the holiday staff received an email alerting them that files on their servers had been encrypted, rendering them unreadable. A spokesperson commented that staff did not engage with the cybercriminals via email and the incident was being investigated by the authorities.
  3. The City of Alexandria in Louisiana became a victim of the BlackCat ransomware gang. This isn’t the first time the state of Louisiana has been targeted which was referenced in the note from the criminal gang which read “your servers are lying down again and the network is tightly closed and unavailable. We got more than 80 GB in compressed form of important data city [sic]…Don’t make past mistakes and do the right thing. This time you won’t get away with it.” The gang proceeded to then threaten a local news outlet who was one of the first to report the attack.
  4. Final exams were cancelled at Tenafly Public Schools in New Jersey after a ransomware attack crippled their computers. The attack meant the school was forced back to basics, relying on overhead projectors, and paper and pencils.
  5. The City of Palermo in Italy became the next victim of the Vice Society ransomware gang. The attack caused large-scale service outages which impacted 1.3 million people. The criminal gang posted details of the attack on their leak site disclosing that they would be leaking stolen data if a ransom wasn’t paid, however, the gang did not share any sample data.
  6. Arizona’s Yuma Regional Medical Center (YRMC) disclosed that a ransomware attack had resulted in a data breach affecting 700,000 people. No ransomware gang has claimed the attack as yet.
  7. Back to Italy where this time the BlackCat ransomware gang held the University of Pisa to ransom for a whopping €4.5 million. The university was given access to a chat thread in a private browser so they could communicate with the hackers and negotiate the ransom payment.
  8. The RansomHouse ransomware gang claimed an attack on The Shoprite Group, one of South Africa’s largest supermarket chains. The hackers openly touted their attack on the supermarket chain via their Telegram channel. They shared that the company “was keeping enormous amounts of personal data in plain text/raw photos packed in archived files, completely unprotected.” A sample of the exfiltrated data was published and Shoprite was “invited” to pay a ransom.
  9. Montrose Environmental Group a leading environmental solutions company issued a press release disclosing that they had been the victim of a organized ransomware attack. The press release stated that “the fact patterns of this attack, as well as information from law enforcement and independent cybersecurity experts, lead us to believe that this attack has been carried out by highly sophisticated bad actors.” The BlackBasta gang later claimed responsibility.
  10. Officials in Kansas City confirmed that a ransomware attack had affected the Unified Government of Wyandotte County and Kansas City over the Easter weekend. The UG said it didn’t pay a ransom because most of its services were supported by software as a service and cloud-based applications and all servers were routinely backed up. No gang has so far claimed the attack.
  11. Indiana based healthcare provider Goodman Campbell Brain and Spine announced a data breach following an earlier ransomware attack. An investigation confirmed that “initial analysis indicates that both Goodman Campbell patient and employee data had been accessed by an unauthorized party.” The Hive criminal gang claimed the attack.
  12. Long Island school district Plainedge Public Schools became the next victim of the BlackCat ransomware gang. The criminal gang shared proof of the attack by posting screengrabs including a list of employee contact info including names, phone numbers, email addresses and locations. The gang threatened to leak the data if they did not hear from the district.
  13. Glenn County Office of Education in California was attacked by the Quantum ransomware gang who hit them with a massive $1m ransom demand. In the ransomware negotiation process it appeared that the cybercriminal gang was negotiating based on a false impression that the county’s assets and cyber insurance was going to be enough to cover the demand, which was excessive for an education victim. It later transpired that the Quantum gang had calculated the ransom based on the total county assets and not the Office of Education. A ransom payment of $400,000 was later sent to the cybercriminals.
  14. Mainzer Stadtwerke AG (MSW), a municipal company of the city of Mainz in Germany who provide services and products in the core areas of electricity, gas and water supply was impacted by ransomware following an attack on their IT service provider. Following the incident the organization launched a whole new website and e-mail contact accounts in order to be able to provide information and offer contact options. An unconventional approach to ransomware as it involved a completely new infrastructure including a new domain name. The article suggested this process was faster than repairing the old systems.
  15. A spokesperson from Buncombe County’s Council on Aging, a non-profit organization in North Carolina disclosed they were concerned they had been hit by ransomware and sensitive data may have been accessed. It’s not know what gang was behind the incident.
  16. Brooks County in Texas made ransomware headlines when it was revealed they paid off hackers with tax payer dollars. The attack which impacted the county’s Justice of the Peace and district courts, and its finance department, cost more than $37,000. A spokesperson for the county said the attack took place after an employee opened an email containing a link that allowed someone to hack their system.
  17. Japanese automotive hose maker Nichirin Co. disclosed that a U.S. subsidiary had been forced to shut down its computerized production controls due to a ransomware attack. The subsidiary which supplies parts to Japanese auto makers was forced to revert to manual production.
  18. Grand Valley State University in Michigan was hit by the Vice Society ransomware gang which resulted in some personal student data being leaked online, however, the university remained publicly silent regarding the incident. GVSU informed DataBreaches.net that they first gained access to GVSU’s system on May 24th. Although, they did not reveal how they gained access, they commented that gaining access was “easy enough.” The University has declined to answer any media questions regarding the incident.
  19. Multimedia giant Arte Radiotelevisivo Argentino Group (Artear) was hit by the Hive ransomware gang who admitted to exfiltrating over 1.4Tb of data. Data stolen in the attack included, contracts, sensitive company data such as budgets, plans and investments, as well as employee details.
  20. The Hive gang struck again, this time at Pennsylvania-headquartered firm Diskriter, a company that provides health information management services and staffing for a number of state and municipal governments as well as medical facilities. A spokesperson for the Hive gang disclosed that they exfiltrated more than 160 GB of files including contracts, financial records, software source code and personnel information.
  21. Up next is FastShop, one of Brazil’s largest retailers. The retailer disclosed they had experienced an “extortion cyberattack” that led to network disruption and closure of its online store. The attack didn’t impact the 86 physical locations but it did impact the main website, mobile apps, and online ordering system as the retailer took the systems offline.
  22. Japanese automotive component manufacturer TB Kawashima, part of the Toyota Group of companies disclosed that one of its subsidiaries, a Thai sales company had been hit by a cyberattack. The LockBit ransomware gang claimed the attack and have begun to leak data, although the company has not confirmed the cyberattack was ransomware.
  23. The Medical University of Innsbruck disclosed an IT outage on June 20th restricting access to online servers and computer systems. The following day the IT team reset all student and employee account passwords and requested everyone complete a manual process to access new credentials. The university did mention they had been attacked but did not share any additional details. A few days later Vice Society claimed the attack and added the university to its data leak site.
  24. Fitzgibbon Hospital in Missouri were hit by Daixin Team, a new entry to the ransomware group list. The attackers claimed to have exfiltrated 40 GB of data which they posted on their leak site for the public to access. Exfiltrated data included both patient and employee information.
  25. Wabtec, a leading global provider of equipment, systems, digital solutions, and value-added services for the freight and transit rail sectors were reported to have been hit by a ransomware attack that impacted the ability of employees to log onto the company network. According to a source, some employees were met at the plant gate and told not to log on to their computers. A Union spokesperson commented “we make locomotives, not computers”.
  26. Multinational semiconductor company AMD made headlines when the RansomHouse extortion gang claimed them as their latest victim. AMD disclosed that they were investigating a potential data breach following the claims that the criminal gang had exfiltrated data from the U.S. chipmaker.
  27. A ransomware attack on Napa Valley College caused much disruption and the school was still struggling with it almost 3 weeks post incident. The website and many services remained offline and registration for the fall semester had been impacted. A news article referenced that the school had historically underinvested in IT but that an upgrade had been in progress when the attack was detected. Our research shows the BlackByte cybercriminal gang was behind the attack.
  28. Wiltshire Fine Foods, a leading UK producer of frozen ready meals disclosed that its systems were down following a serious cyberattack. The company shared that they were unable to make deliveries or contact customers at this time. Although the company has not disclosed that the attack was indeed ransomware, industry insiders have been vocal on social media about their speculations around the attack. The ready meals producer, which is owned by German parent company Apetito, said it hopes to get back quickly.
  29. Retail giant Walmart made news at month end when they denied being hit by the Yanluowang ransomware gang, a new cybercriminal entry to our blog. In a statement to media outlet Bleeping Computer, Walmart commented that their “Information Security team is monitoring our systems 24/7,” and believe the claims to be inaccurate. An entry on the data leak site  claimed that that they breached the retailer and encrypted between 40,000 and 50,000 devices.
  30. Macmillan Publishers was forced offline due to a ‘cyberattack’ which experts believe to be ransomware, although at time of writing the company has not confirmed this. Staff from the publishing company took to social media to confirm that the incident had been hugely disruptive for its US side of the business, forcing the company to close its New York head office.
  31. Florida based Geographic Solutions, a company that handles unemployment claims and job placement for state governments in the U.S. was hit by a cyberattack that disrupted online services across the country. At least 9 states were impacted by the incident which the company described as ‘anomalous activity in the company network’. The attack is likely to be ransomware according to cyber experts but the company has yet to confirm this.

July

In July we spotted 21 ransomware attacks in the press including one on an Australian prison when bad actors managed to take control of the computer systems. The LockBit gang was busy this month claiming attacks on Italy’s tax agency, a small Canadian town, a town in Colorado and French telecoms firm,  La Poste Mobile. Here’s a look at who else made news during the month.

  1. We begin the month with Baton Rouge Medical Center who was forced to revert to pen and paper when an attack took its EHR system offline. The hospital is working with authorities and hasn’t share information about the attack yet. However, in a copy of the ransom note shared with the DataBreaches website, the Hive group was clearly behind the attack, but when questioned, a Hive’s spokesperson claimed that DataBreaches had “incorrect info”. The jury is still out on who is responsible for this one.
  2. Next up is the College of the Desert in California, their second attack in two years. The attack took online services offline, the website and phone lines were also affected while employees were unable to access their email accounts.
  3. The Port Phillip Prison in Melbourne, one of Australia’s largest prisons was forced to suspend visits following a ransomware attack. It is believed that the unknown hackers took control of the network and requested a ransom to restore it.
  4. The Mattituck-Cutchogue School District became the latest Long Island district to be the target of a ransomware attack. Upon discovering the attack the district immediately shut down its systems to try and prevent access to data. It’s not yet known who was behind the attack or if data was exfiltrated.
  5. Lamoille Health Partners in Vermont, a community clinic providing a range of healthcare services became a victim of the BlackByte ransomware gang. The criminal gang shared two folders as evidence of exfiltrated data. One folder contained mostly accounting related information while the other contained sensitive patient information.
  6. BlackByte struck again, this time at Gateway Rehab, an addiction facility in Pennsylvania. Data was exfiltrated during the attack and the criminal gang leaked data including internal business documents, accounts information and patient details.
  7. French telecoms operator La Poste Mobile alerted customers that their data may have been compromised in a ransomware attack. The LockBit criminal gang were behind the attack which forced the telco to take company systems offline. A week following the incident the website was still offline and visitors were greeted by a statement in French telling customers to be wary of targeted cyberattacks.
  8. Mooresville Schools in Indiana shared in a statement that they had experienced a computer network disruption that impacted some of its operations. A group known as BianLian which is a new entry to this blog, claimed to have stolen 4,200 student records containing phone numbers, email addresses, and social security numbers. The school shared that they were aware of the claims but that they were unvalidated.
  9. Colorado based debt collector Professional Finance Company had over 1.9 million records exposed following a ransomware attack. Following the incident which occurred in February this year, the firm disclosed that they had ‘detected and stopped a sophisticated ransomware attack’ during which criminals accessed files containing data from more than 650 healthcare providers. The company later notified the affected medical centers and individuals whose data may have been stolen during the incident.
  10. Japanese game publishing giant Bandai Namco confirmed they has been the victim of a cyberattack that may have resulted in the theft of customer data. While the company has not provided any technical details regarding the cyberattack, it has appeared on the BlackCat data leak site. No data has been leaked yet but that can be common pending a ransom negotiation.
  11. An unknown cybercriminal gang attacked the Water Resource Department (WRD) in Goa, India, the organization responsible for the flood monitoring system across 15 of Goa’s major rivers. The currently unknown ransomware gang encrypted the files and demanded Bitcoin in return for decryption. According to reports the server runs on a 24-7 internet line and an absence of antivirus and outdated firewalls helped facilitate the ransomware attack.
  12. The Narragansett Bay Commission which runs sewer systems in parts Rhode Island was hit by a ransomware attack that encrypted data on some computers and systems. A spokesperson disclosed that the systems hit by the attack did not control the operation of the sewage system and there had been no disruption to wastewater collection and treatment services.
  13. The Canadian College MontMorency disclosed that they had been hit by a cyberattack that may have resulted in stolen data. AvosLocker, the gang behind the attack claimed that 8TB of data has been compromised.
  14. A company operating a ‘call taxi system’ in South Korea suffered a ransomware attack which caused taxi calls through smartphone apps to be blocked. The call system was paralyzed in several cities in the region. The company shared a statement which confirmed the ransomware attack and said “I paid the coin required by the hacker to restore the backup server, and now I have requested the data recovery key.”
  15. Building materials giant Knauf Group shared that it has been the target of a cyberattack which caused disruption and forced its global IT team to shut down all IT systems in order to isolate the incident. While Knauf’s announcements doesn’t explain the type of cyberattack they suffered, the Black Basta ransomware group claimed the attack via an announcement on their extortion site.
  16. Waterloo Region District School Board was the target of a cyberattack. Staff and families were informed, but a spokesperson shared that they were unable to say what files, if any had been accessed or if any money was paid to regain access to the system. It’s not yet known who was behind the attack.
  17. Next up is the small Canadian town of Marys in Ontario. The town of around 7500 residents became a victim of the LockBit ransomware gang. A spokesperson shared that the town was ‘in a state of shock’ and after systems were locked, the town had received a ransom demand from the LockBit ransomware gang but had not paid anything to date.
  18. Digital security giant Entrust made news when they confirmed that they had become a victim of a cyberattack. Entrust is a security firm focused on online trust and identity management. The gang behind the attack isn’t publicly known yet but unless they pay the ransom we will likely find out when they start leaking the stolen data.
  19. Italy’s tax office, the Agenzia delle Entrate, made headlines when the LockBit ransomware gang claimed to have stolen 78GB of data, later threatening to leak it if a ransom wasn’t paid by Jul 31st.  Officials from the tax office however say everything is fine after a third party investigator said there was no evidence of a breach.
  20. An attack on email marketing company WordFly impacted some its customers including the US-based Smithsonian, Canada’s Toronto Symphony Orchestra, and the Courtauld Institute of Art in London. The company has said that the exfiltrated data was not sensitive in nature.
  21. Up next is the Wooton Upper School in the UK. The Hive criminal gang sent messages to students and parents informing them that they had compromised the network weeks ago, and had stolen data including addresses, bank details, student psychological reviews and medial records. The gang demanded a massive £500,000 ransom from the school as they believed the school had cyber insurance to cover the demand. They have threatened to release all of the data unless the trust pays up.