In 2020, 2021 and now 2022, BlackFog’s state of ransomware in 2022 measures publicly disclosed attacks globally. We also produced an annual summary of our findings in the 2021 ransomware attack report. In 2022 we will be tracking even more statistics, such as data exfiltration and several others as the year progresses. As usual you can also subscribe to have the report delivered to your inbox every month.

PDF Report Banner

Get our Monthly Ransomware Report as a PDF

vCISO Ransomware Report

Free vCISO Ransomware Assessment

April Ransomware Variant 2022

January

Ransomware started strong in 2022 with a significant attack on Bernalillo County in New Mexico making headlines. The incident closed most government buildings and impacted education in the area. The cyberattack also had a knock on effect at a county jail when the security camera and automatic doors were knocked offline leaving the inmates in lockdown. Here’s a look at what else we uncovered for the month.

  1. We start the new year with a reported attack on Portuguese media group Impresa. This attack occurred over the New Year holiday knocking the organization’s websites and online streaming services offline. Little-known ransomware gang Lapsus$ was behind the attack.
  2. French aerospace giant Thales Group were next to make ransomware headlines. A cyberattack on the firm was later confirmed as ransomware with Lockbit claiming responsibility. In a statement Thales said that “despite the fact that we have not received any direct ransom notification, we take this still unfounded allegation – and whatever its source – seriously. A dedicated team of security experts is currently investigating the situation.” Lockbit then took action by disclosing some of the exfiltrated data.
  3. A holiday ransomware attack on Crawford County caused havoc with the government computer systems. In a statement they said “our IT guys and the guys at Apprentice (the company that provides IT assistance for the county) have been working day and night to get things back up and running”. They also notes that the computer systems were shut down immediately to prevent the loss of data and files. It’s not known what gang was behind the attack or if there was a ransom demand.
  4. Montreal Tourism Agency shared that they had been one of the recent Canadian victims of the Karakurt hacking group. A spokesperson for the organization declined to say how the agency was compromised, whether the stolen data had personally-identifiable information, or what the attacker was asking for. The Karakurt posting, dubbed its Winter Data Leak Digest, says “the data amount we have obtained is speaking for itself. Which means there is a big hole in IT department that allowed us to exfiltrate everything we wanted.”
  5. Canadian heavy equipment maker Weldco-Beales Manufacturing was the next victim of the Karahut gang. At time of writing the company was assessing what if any data had been exfiltrated. Asked if the company had heard from the hackers, a spokesperson said, “they leave a trail on the server of files, they are wanting you to get hold of them and send them bitcoin. And they left a couple of voicemails. The voicemails, he said, told the company “to take this seriously, you know how to contact us.” He couldn’t recall how much was demanded in cryptocurrency.
  6. Carthage Schools in Missouri confirmed that the ‘cyber event’ they experienced at the end of 2021 was indeed a ransomware attack. In a statement they said, “regrettably, our forensic partners determined the ransomware group behind this attack obtained data from our network and has threatened to publish that information to the Dark Web. At this time, we do not know exactly what data may be at issue; however, we are working as quickly as possible to determine the answer.” Criminal gang Vice Society was behind the attack.
  7. Bernalillo County in Albuquerque New Mexico was forced to close most government buildings following a ransomware attack. The incident made several headlines this month, notably when the incident left a jail without access to its camera feeds and rendered its automatic door mechanisms unusable leaving inmates in lockdown.
  8. Leading school website provider FinalSite suffered a ransomware attack that disrupted website access for thousands of schools worldwide. The organization did not initially disclose that they had suffered a cyberattack but simply said that they were experiencing errors and “performance issues” across various services. After three days of disruption they confirmed the disruption was caused by a ransomware attack.
  9. Bay & Bay Transportation, a Minnesota based trucking and logistics company suffered a second ransomware attack, this time at the hands of the Conti gang. In 2018 a ransomware attack crippled the company forcing them to pay the ransom. On this occasion the organization was better prepared and was able to return to 90% functionality in a day and a half without paying a ransom.
  10. The ransomware group Ragnar Locker spread claims of a successful hack of telecom analytics firm Subex and its Broomfield-based cybersecurity subsidiary Sectri later sharing posts condemning the company for failing to protect its own network. An unconfirmed online report stated the firewall, router and VPN configuration data, company passwords, and employee documents had been published.
  11. Maryland Department of Health was hit with a devastating ransomware attack which left hospitals struggling amid a surge of COVID-19 cases. In a statement they shared that they had not paid any extortion demands. It’s not yet known what criminal gang was behind the attack.
  12. Japanese auto part manufacturer Denso suffered an attack by a criminal gang known as Rook. In a statement on their website the cybercriminals claimed to have exfiltrated 1.1 terabytes of data from the company. Denso belongs to the corporate group led by Toyota Motor Corp.
  13. Hensoldt, a German multinational defense contractor confirmed that some of its UK subsidiary’s systems were compromised in a ransomware attack. While the company is yet to issue a public statement regarding this incident, the Lorenz ransomware gang claimed the attack.
  14. Durham Johnston School in the UK suffered an attack at the hands of the Vice Society ransomware gang. Following the incident sources said that personal data belonging to pupils and teachers was posted on the Dark Web.
  15. UK based contractor payroll service provider Brookson Group reported that they had been hit by a “extremely aggressive” cyberattack to the UK National Cyber Security Centre. Although not confirmed by the company to be ransomware, the BlackCat gang claimed responsibility for the attack.
  16. Moncler, the luxury Italian fashion giant was next to make headlines when they confirmed a data breach following an attack by the BlackCat ransomware operation. Moncler confirmed that some data related to customers, current and previous employees, suppliers, consultants and business partners had been impacted.
  17. RR Donnelly, a leading integrated services company offering communications, commercial printing, and marketing to enterprise clients suffered a Conti ransomware attack. The company initially disclosed that they were not aware of any client data stolen during the attack, the Conti gang later claimed responsibility and began to leak 2.5GB of exfiltrated data. However, a source told news outlet BleepingComputer that the criminal gang soon removed the data from public view after RRD began further negotiations to prevent the release of data.
  18. Indonesia Central Bank disclosed they had been hit by a ransomware attack but public services were not impacted due to the quick measures taken to mitigate the incident. The Conti gang was behind the attack.
  19. Griggsville-Perry School District in Illinois, found themselves victim of ransomware gang who were holding their files hostage in return for a ransom. It’s not yet known who was behind the attack or what data was compromised.
  20. A ransomware attack on Pembroke Pines in Florida caused outages across certain city computers. A spokesperson for the city said so far it appears that no personal information was compromised and emergency services like police and fire remain operational.
  21. In the next reported incident Belarusian activists launched a ransomware attack on Belarusian Railways in protest of dictatorship. The group known as The Belarusian Cyber-Partisans demanded the release of 50 political prisoners and the removal of all Russian troops from the country to release the data.
  22. Linn County in Oregon discovered that a number of its computers were infected with ransomware knocking several systems offline including the county’s website which affected their ability to provide services to the public. Officials said at this time there was no evidence of compromised data.
  23. The Ministry of Justice in France made headlines when the Lockbit ransomware gang claimed that they had successfully hacked the organization, giving them a deadline of February 10th to pay the ransom or have their data leaked on the Dark Web.
  24. Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell were next to disclose they had been a victim of a cyberattack which affected only ‘non-critical’ systems. While the company’s statement did not name the group behind the attack, a Conti ransomware sample was found to be deployed on the company’s network.
  25. New Bedford Police Department in Massachusetts shared that they had been impacted by a ransomware attack affecting some of the department servers and computers, the non-emergency phone network was also out of service as a precautionary measure. It’s not yet known who was behind the attack or if any data was exfiltrated.
  26. South Africa based investment administration provider Curo Fund Services found themselves unable to access IT systems for 5 days following a ransomware attack. At time of writing the incident was under investigation “to establish the origin, nature and scope of this incident so as to assess any data breaches”.
  27. John Diefenbaker International Airport in Saskatoon, Canada suffered an attack at the hands of the Snatch ransomware gang. The gang posted what is known as a ‘proof pack’ of some of the exfiltrated data on the Dark Web. Sources have told media outlet IT World Canada that the goal of the criminal gang appears to be to embarrass the Saskatoon Airport Authority (SAA) for being unable to pay the ransom demand.

February

We recorded 28 ransomware attacks this month, with almost half occurring outside of the United States. Notable incidents included an attack on the San Francisco 49ers’ during Super Bowl weekend and an attack on KP Snacks, a well-known UK snack food manufacturer. Here’s a snapshot of the ransomware attacks that made news during the month.

  1. An attack on German oil company Oiltanking GmbH impacted gas stations across the country. Royal Dutch Shell disclosed that they had been forced to reroute to different supply depots because of the issue, while German newspaper Handelsblatt said 233 gas stations across Germany were impacted and forced to revert to manual processes. The BlackCat ransomware gang was behind the attack.
  2. KP Snacks, a major producer of popular British snack foods was hit by the Conti ransomware group affecting distribution to leading supermarkets across the UK. The gangs private leak page shared samples of credit card statements, birth certificates, spreadsheets including employee personal data, confidential agreements, and other sensitive documents. The gang allegedly gave the company five days to pay a ransom before leaking even more proprietary data on their public blog.
  3. US business services company Morley Companies Inc. disclosed that they had been a victim of ransomware in August 2021. After an internal investigation the company determined that the unnamed threat actors exfiltrated the personal information of 521,046 individuals. The company notified affected parties including employees, contractors, and clients in January this year. In a statement the company said, “Morley Companies is not aware of any misuse of your personal information due to this incident.” Although it seems that might not be the case as HackNotice, the cyber-intelligence platform claims to have seen Morley’s data on the Dark Web a week prior.
  4. An attack on the Neenah School District in Wisconsin disabled the district’s internet, phones, email and other information technology which resulted in a two-day shutdown of schools. A ransom was demanded by the unknown attackers but the school district declined to provide details relating to the amount of the ransom or whether any or all of it had been paid by their insurance company.
  5. Airport management services company Swissport experienced a ransomware attack that targeted its IT infrastructure. Headquartered in Opfikon Switzerland, the company manages airport ground and cargo handling services for over 300 locations. The BlackCat criminal gang was responsible for the attack.
  6. Syndicat Intercommunal d’Informatique (SII), an IT service provider based in France experienced a ransomware attack at the hands of the Hive cybercriminal gang. The organization provides IT services and assistance to various other municipalities within the Department of Seine-Saint-Denis in the French region of Île-de-France, at least three other municipalities were impacted.
  7. Taylor Regional Hospital in Kentucky disclosed on Facebook that their phone lines, email and other IT systems had been taken offline following a ransomware cyberattack. The hospital declined to respond to media queries about the incident and it’s not yet known who was behind the attack.
  8. New Zealand Uniforms was hit by the Conti ransomware gang who shared the incident on their Dark Web site. A spokesperson said the attack had temporarily impacted some of its systems but that they were “fully operational again within 48 hours, minimizing the impact to customers”. They also confirmed that no ransom had been paid or proposed and that they had not engaged with the criminal gang.
  9. Ohlone Community College District in California disclosed that the private information of some staff, faculty and current and former students had been compromised in a cyberattack. An investigation is ongoing and it’s not yet known who was behind the ransomware attack.
  10. Jax Spine and Pain Centers reported a hacking incident to the HHS following a claim from the Avos Locker criminal gang who said they acquired data relating to 260,000 of their patients. On the threat actors leak site they said , “we have the full EHR (Electronic Medical Records) database for 262,000 patients! We are publishing list only for first 100 patients as proof.”
  11. Emil Frey, Europe’s largest car dealer disclosed that they had been a victim of ransomware after they showed up on the list of Hive ransomware victims. A spokesperson for the Swiss company declined to comment on whether or not customer data had been accessed.
  12. Optionis Group, a UK based accounting conglomerate had their data dumped on the Dark Web by the Vice Society, a typical response to a lack of cooperation with the criminal gang. Optionis Group houses brands including Parasol Group, Clearsky, SJD Accounting and NixonWilliams.
  13. The San Francisco 49ers’ made headlines during the Super Bowl weekend when they were hit by ransomware. Confirmation of the attack came after the 49ers were listed on a Dark Web leak site as a victim of the BlackByte ransomware-as-a-service group. The threat actors claimed to have exfiltrated data with an estimated value of $4.175 billion.
  14. Mizuno, the Japanese sportswear and sporting equipment manufacturer suffered an attack which led to significant business disruption, including phone outages, shipping delays and website issues. The company did not provide a public statement about the cause of their outages and it’s not yet known who was behind the attack.
  15. The Royal Dublin Society (RDS) issued a warning to its members that their data may have been compromised in a ransomware attack. RDS management confirmed that cybercriminals had “extracted data from our servers”, which included personal data belonging to staff, members, and suppliers. The RDS has 3000 members.
  16. Centralia College in Washington issued a press release confirming that they had been hit with a ransomware attack. It’s not yet known who was behind the attack or if any employee or student data has been compromised.
  17. Extend Fertility, a New York based clinic recently notified its patients that their data may have been compromised in a recent ransomware cyberattack. A month-long investigation into the incident revealed that the threat actors had access to servers that stored the protected health information (PHI) and personal data of some of the clinic’s patients. The full extent of the attack is currently unknown as the data analysis is ongoing.
  18. The Hays USD 489 school district in Kansas experienced disruption across its IT systems following a cyberattack confirmed to be ransomware. The school has not shared information about the attack as the investigation is ongoing.
  19. The University of Neuchâtel (UniNE) in Switzerland was hit by a ransomware attack by the Conti gang. The school confirmed the incident but at time of writing had not received a ransom demand from the criminal group.
  20. US cookware giant Meyer informed the U.S. Attorney General offices that they had suffered a data breach affecting thousands of their employees. An investigation into the incident revealed that threat actors gained access to personal information belonging to employees of Meyer and its subsidiaries. The Conti criminal gang shared a ZIP file containing 2% of the exfiltrated data but at time of writing had not followed up to publish the remaining 98%.
  21. Expeditors, a Seattle based logistics and freight forwarding company was hit by a ransomware attack which forced the company to shut down global operations. The company did not confirm the type of cyberattack, but a tip shared with media outlet Bleeping Computer said it appeared to be a massive ransomware incident.
  22. India’s only state-owned and operated container terminal Jawaharlal Nehru Port Trust reportedly started turning away ships after suffering what is believed to be a ransomware attack. The Jawaharlal Nehru Port Container Terminal is one of five container terminals in India’s largest container port, Jawaharlal Nehru Port Trust, which accounts for half of all the containers handled in the country.
  23. Russian cybercriminal gang Snatch claimed to have stolen 500 gigabytes of data from McDonalds, posting their demand for an undisclosed sum on the Dark Web. McDonalds has not yet commented on the attack.
  24. LA: Spine Diagnostic & Pain was hit by the Conti criminal gang. The hackers added the Louisiana based practice to their leak site, dumping 3351 files that they claimed represented 30% of all the files they had exfiltrated.
  25.  Graphics card manufacturer Nvidia Corp was hit by the Lapus$ ransomware gang. The company released a public statement confirming the attack but did not share details about the extent of the incident. According to reports from the hackers it seems the company decided to retaliate rather than negotiate.
  26. Cybercriminal gang Lapus$ found the tables turned on them when recent victim Nvidia launched a retaliatory strike against them to prevent the release of the chipmaker’s stolen data. Screenshots from the publicly accessible Lapsus$ Telegram channel were shared on Twitter by several security researchers with the gang claiming the company exfiltrated 1TB of their data.
  27. iTCo a New Zealand based IT company that specializes in online security was hit by the Conti gang who claimed that they had exfiltrated more than 4 gigabytes of data. An investigation into the incident is ongoing.
  28. Managers at the Bridgestone-Firestone tire factory in Iowa were forced to send workers home after learning that hackers may have compromised the international corporation’s data systems. A spokesperson for Bridgestone Americas, said in a statement that company officials are investigating the “information security incident.” She also added that Bridgestone managers had disconnected company devices across many Latin American and North American factories.

March

In March we recorded 25 ransomware attacks with Samsung, Microsoft and Bridgestone making headlines. Automotive giant Toyota also made news when they were forced to halt production across all plants in Japan after a ransomware attack on a key supplier. Here’s a look at what else we uncovered during the month.

  1. We begin the month with insurance giant AON who disclosed that they had been hit by a ransomware attack which reportedly left no significant impact on the company. Little is known about the attack which occurred in late February according to a filing with the Securities and Exchange Commission (SEC).
  2. Toyota made ransomware headlines when they were forced to halt production across all plants in Japan after a ransomware attack on a key supplier. Also affected were Toyota subsidiaries Hino Motors and Daihatsu Motor.
  3. Fleetwood Area School District in Pennsylvania sent a letter to families and staff informing them that the technical difficulties the district had been experiencing were the result of a ransomware attack. No further details about the incident were disclosed.
  4. Electronics giant Samsung made news when the Lapsus$ data extortion gang leaked confidential data which they claimed had been exfiltrated from the company. Following the attack the extortion gang shared a note teasing Samsung about releasing their data with a snapshot of C/C++ directives in Samsung software.
  5. Rompetrol, Romania’s petroleum provider shared that they were battling a massive cyberattack. News outlet Bleeping Computer revealed that the Hive ransomware gang was behind this attack and they had hit the organization with a multi-million dollar ransom.
  6. Denso Automotive  confirmed they were hit by new ransomware player Pandora after the gang began leaking sensitive data. Denso is one of the world’s largest automotive components manufacturers, supplying brands such as Toyota, Mercedes-Benz, Ford, Honda, Volvo, Fiat, and General Motors. While the company stated that the cyberattack did not impact their operations, the Pandora ransomware gang began leaking 1.4TB of files allegedly exfiltrated during the attack.
  7. Canadian aluminium manufacturing company Aluminerie Alouette suffered major systems failure due to a ransomware attack at the hands of the Conti gang. The gang shared details of the attack on their leak site, details of the ransom demand are unknown and Aluminerie Alouette did not respond to media requests for information.
  8. Vodafone appeared to suffer a data breach at the hands of the Lapsus$ ransomware group without even knowing it. The group issued a poll on its Telegram channel asking their subscribers whose stolen data they should dump next – with three options available: Vodafone, Impresa, and MercadoLibre. Vodafone said they were working with law enforcement and investigating the incident but would not comment on the credibility of the claim.
  9. Buenos Aires-based online marketplace Mercado Libre admitted in an SEC filing that source code and user data were accessed, although it did not reveal how. Although the Lapus$ gang sited them as a victim along with Vodafone on their Telegram channel. The company commented “although data from approximately 300,000 users (out of our nearly 140 million unique active users) was accessed, to date, and according to our initial analysis, we have not found any evidence that our infrastructure systems have been compromised or that any users’ passwords, account balances, investments, financial information or credit card information were obtained. We are taking strict measures to prevent further incident”.
  10. Data from Altoona Area School District in Pennsylvania shared that the district had suffered an attack on their server in December 2021, after which they started working with a ‘high-end’ security vendor to secure their servers. However, this month district administration was contacted by employees saying their credit monitoring services had been in touch to advise that their social security numbers or medical identification numbers were found on fraudulent trading websites on the Dark Web.
  11. French video game company Ubisoft confirmed they had suffered a hack at the hands of the Lapus$ gang. In a statement they said “we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident”.
  12. The LockBit gang attacked Bridgestone Americas who managed to recover from the attack. Unfortunately, the ransomware gang later threatened to release the data they managed to exfiltrate during the attack. Bridgestone later hired Accenture Security to investigate and understand the full scope and nature of the incident and to determine what data had been stolen.
  13. East Tennessee Children’s Hospital disclosed that they had been a victim of an “information technology security issue” in the evening hours of Sunday, March 13th. In a statement they said “maintaining the safety and security of our patients and their care is our top priority. We are still able to care for our patients. Our cyber forensics teams and outside agencies are doing everything possible to minimize any disruption. The response is active and still ongoing. We apologize for any inconvenience, and ask for your patience as we address this issue.” No further details were available.
  14. The South African division of US-based consumer credit bureau TransUnion acknowledged that they had suffered a ransomware attack after a third party gained access to one of its servers through misuse of an authorised client’s credentials. In a statement they said “we have received an extortion demand, and it will not be paid”.
  15. The National Rifle Association (NRA) finally confirmed that the cyberattack they experienced in October last year was indeed ransomware. The NRA’s political action committee filed a report to the Federal Election Commission to confirm the attack, claiming it was the reason why the organization couldn’t report some of the donations it had received at the time.
  16. The ​​Scottish Association for Mental Health (SAMH) suffered an attack at the hands of the RansomEXX ransomware gang. The attack impacted its IT systems, including email and some phone lines and unfortunately led to more than 12GB of sensitive data being leaked to the Dark Web.
  17. Officials from Plainfield County in Connecticut disclosed that hackers were holding the town hall and police department computer files hostage after a cyberattack. A spokesperson could not say how the system was breached or what specific steps were being taken to solve the problem, but did confirm that the affected town hall computers contain some basic resident information, including names, addresses and phone numbers, but no billing information.
  18. The Bexar County Appraisal District in Texas confirmed they had become the victim of a ransomware attack. A spokesperson said there was a ransom note but the hackers did not demand an amount of money and didn’t leave contact information.
  19. Lapus$ strikes again, this time San Francisco tech company Okta was the victim. According to the Lapus$ screenshots shared on Telegram, the ransomware group said it did not target Okta’s databases and instead focussed on Okta customer data.
  20. Hellenic Post (ELTA) the state-owned provider of postal services in Greece disclosed they had suffered a ransomware incident which affected most of the organizations services. The agency’s IT teams determined that the threat actors exploited an unpatched vulnerability to drop malware allowing access to one workstation using an HTTPS reverse shell.
  21. Microsoft confirmed that the Lapsus$ hacking group had successfully compromised an employee’s user account and had stolen code, days after the group boasted that it had infiltrated the software giant. The company shared that no customer data or code was affected and that the operation was interrupted by its security team. The company made the admission in a blog post describing Lapsus$’s tactics, and offering guidance on how to protect against them.
  22. Memorial Hospital of Carbon County in Rawlins Wyoming disclosed they had been a victim of ransomware. A hospital spokeswoman did not specify which of the hospital’s systems were targeted in the attack, but added that the hospital’s two electronic health record systems, were not compromised. It’s not yet known who was behind the attack or if any data had been compromised.
  23. Oklahoma City Indian Clinic had 360 GBs of data including health and financial records stolen during a cyberattack claimed by the Suncrypt ransomware gang. The attack impacted some of the clinics computer systems and their auto-prescription refill system.
  24. The Rehab Group in Ireland disclosed they had been a victim of a criminal ransomware attack in which the hackers were trying to access patient information and financial data. It’s not yet known who was behind the attack which a spokesperson described as “a plain vanilla ransomware criminal attack, where they were trying to obtain money in exchange for blackmailing Rehab with threats of destroying their data or publishing their debtors”.
  25. Partnership HealthPlan of California, a non-profit that manages health care for Medi-Cal patients in 14 counties made headlines when the Hive ransomware gang claimed to have stolen private data for 850,000 of its members. A screenshot of the claim stated that “stolen data included…850,000 unique records of name, SSN, date of birth, address, contact, etc.” It also stated that 400 gigabytes of data were stolen from Partnership’s file server. The claim has since been removed and the incident is under investigation.

April

In April the Stormous criminal gang made headlines when they claimed an attack resulting in 161 GBs of data stolen from Coca Cola without the company knowing. Reports say the Russian-linked hackers later put it up for sale for $640,000 or 16 million Bitcoin. The Conti gang was also busy this month with notable attacks on industrial giant Parker Hannifin and Snap On Tools. Newcomers Black Basta also made headlines when they claimed attacks on Deutsche Windtechnik and the American Dental Association. Here’s a snapshot of what organizations made the ransomware list this month.

 

  1. HP Hood Dairy, the company behind Lactaid, a brand of lactose-free milk was missing from the shelves in US supermarkets at the beginning of the month due to a ransomware attack. The company declined to share details of the incident, but cyber experts say it was likely ransomware. Hood Dairy is the latest victim in a string of high-profile attacks on food manufacturers in the US which is contributing to shortages amid tight supply chains and high prices.
  2. The Anonymous hacker group posted on Twitter that they had launched an attack on the Russian Orthodox Church. The group released around 57,500 emails from the data they stole from the organization.
  3. UK retailer The Works made headlines when a ransomware attack caused by a malicious phishing email forced some of its stores to close. The company who operate 520 stores said that customer data had not been accessed and that they would not speculate about the potential for paying the ransom. The group behind the attack and the ransom demand hasn’t been disclosed as yet.
  4. Perusahaan Gas Negara (PGN), Indonesia‘s state-backed oil and gas company found themselves a victim of the Hive ransomware gang. The Indonesian government holds a majority stake in PGN, which provides gas to 84 million customers.
  5. Following a ransomware attack, listed law firm The Ince Group was granted an interim injunction to stop hackers from releasing confidential data on the Dark Web if they failed to pay the ransom. The judge who made the order called it a clear case of blackmail. It’s not yet known who was behind the attack and if they disclosed any of the exfiltrated data.
  6. Industrial giant Parker Hannifin, a provider of engineered solutions for organizations in the aerospace, mobile, and industrial sectors were hit by the Conti ransomware gang. In a regulatory filing the company disclosed that they had detected a breach and subsequently shut down some systems, an investigation is ongoing. The company confirmed that some information had been accessed including personal employee data. The hackers published 5GBs of data which they claim was 3% of the data they exfiltrated.
  7. In a campus message Florida International University shared the following message, “today, a ransomware group posted that sensitive FIU data had been exfiltrated. We have been investigating and there is no indication thus far that sensitive information has been compromised. At this time, no further information is available”. Cybersecurity experts who looked at the allegedly stolen data confirmed that it did include sensitive information from staff and students at the university. BlackCat was behind the attack which was the 8th reported attack on US colleges this year.
  8. Tech company Globant disclosed in an SEC filing that had experienced a data breach after the Lapsus$ ransomware gang claimed to have stolen 70GB of source code from the company.
  9. American automotive tools manufacturer Snap On announced a data breach after a ransomware attack exposed their associate and franchisee data. The Conti gang was behind the attack which compromised personal data including names, Social Security Numbers, dates of birth, and employee identification numbers.
  10. A&T University in North Carolina was struck by the BlackCat ransomware gang. The attack which affected online systems and was said to have occurred during spring break. News of the incident followed a post on the criminal gangs darknet site where they name and shame in an attempt to extract a ransom payment.
  11. Japanese animation studio Toei Animation is experiencing production issues after a ransomware attack. It’s not known what criminal gang was behind the attack which the company is investigating. The company stated they are not sure that they can completely restore what was lost in the attack.
  12. Vehicle dealer group TrustFord revealed that a ransomware attack by the Conti gang affected their internal systems. TrustFord assured customers that their sites remain open and trading and that the attack did not impact Ford Motor Company Systems.
  13. Tech giant Panasonic confirmed that its Canadian operations were hit by a cyberattack, less than six months after the company last fell victim to hackers. The Conti gang was behind the attack and claimed to have stolen over 2.8 gigabytes of data from Panasonic Canada. When asked by news outlet TechCrunch, the company did not dispute that the incident was the result of a ransomware attack but they declined to say what data was accessed, or how many people were impacted by the breach.
  14. Nordex, one of the world’s largest developers and manufacturers of wind turbines was the next victim of the Conti criminal gang. In an announcement the company disclosed that they had suffered a cyberattack that was detected early and that they had shut down their IT systems to prevent the spread of the attack. They did not confirm that the incident was ransomware despite the Conti gang claiming the attack and sharing details on their leak site.
  15. Funky Pigeon, an online greetings card and gifts business was forced to suspend their business following a cyberattack. The WH Smith-owned company said it had taken its systems offline “as a precaution” and was therefore unable to fulfil any orders. It’s not yet known who was behind the attack.
  16. A  ransomware attack crippled the Costa Rican government computer systems. After refusing to pay a ransom the Conti gang began publishing the stolen information. The Finance Ministry was the first to report problems with a number of its systems including tax collection being impacted. Attacks on the social security agency’s human resources system and on the Labour Ministry, as well as others followed.
  17. The Rio de Janeiro finance department confirmed they had been hit by a ransomware attack on its systems. The LockBit gang claimed to have stolen 420 GBs of data which they would disclose if the ransom was not paid.
  18. The American Dental Association (ADA) was hit by a weekend cyberattack which caused them to shut down portions of their network while undertaking an investigation. The organization downplayed the incident and shared that preliminary investigations did not indicate that data had been compromised. However, new ransomware gang Black Basta later claimed the attack and began leaking data.
  19. Relatively new ransomware gang Stormous made headlines when they claimed an attack on Coca Cola. The criminal gang posted on its website that it had hacked Coca-Cola’s servers and retrieved 161 gigabytes of data which included financial data, passwords and commercial accounts. The group is now trying to sell that data for more than $640,000 or more than 16 million in Bitcoin, Coca Cola is investigating the incident.
  20. Top 100 law firm Ward Hadaway found themselves blackmailed for up to $6m in bitcoin after confidential documents were obtained in a ransomware attack. The firm detected a cyberattack last month and was told by an unidentified hacker that files and data downloaded from its IT systems would be published online if $3 million was not paid within a week, after which the ransom would double to $6 million. The Lorenz gang was behind the attack.
  21. German wind turbine giant Deutsche Windtechnik disclosed that some of its systems were hit by a cyberattack earlier this month. The attack forced the company to switch off remote data monitoring connections to the wind turbines. Deutsche Windtechnik did not disclose the attack but experts believe that the firm was hit with ransomware. Our research confirms that newcomer Black Basta was behind the attack.
  22. Students and staff at Austin Peay State University in Tennessee experienced disruptions after a ransomware attack impacted the schools IT systems. The school administration and APSU Police sent out alerts by email to all students faculty and staff, saying, “APSU ALERT: We are under a Ransomware attack. If your computer is connected to the APSU network, please disconnect IMMEDIATELY.” It’s not yet known who was behind the attack.
  23. An attack on Wyandotte County in Kansas went undetected for 2 days and unreported for a third according to media reports. The attack which caused havoc across multiple government systems hasn’t been claimed by a gang yet but inside sources say there has been a ransom demand. Sources also said that they were unusually ripe for an attack, with insufficient technology and personnel, and had been warned about it well in advance – by tech experts and by a cyberattack on the county’s Board of Public Utilities a few years ago.
  24. Becker Law Office, one of Louisville’s best-known law firms was hit by the LockBit gang who threatened to release their data if the ransom wasn’t paid. Media outlet The Courier Journal learned of the attack from a website that provides real time alerts about cyber risks. In a statement from the company they said the attack is under investigation said it is too early to release information.
  25. A cyberattack that left Elgin County’s IT systems down at the start of the month is now suspected to be ransomware. At the end of the month, data belonging to the county appeared on the Conti gang’s data leak site, shedding new light on the “technical disruption” that had been plaguing the county for the last few weeks. Interestingly the data disappeared from the Conti site soon after indicating that it’s possible the county could be negotiating a ransom with the criminal gang.