Ransomware attacks have become one of the most worrying cybersecurity threats of recent years, particularly in France, where we rank 5th among the most targeted countries in 2022. With cybercriminals becoming increasingly sophisticated in their approach, whatever their sector, organizations of all sizes are finding themselves targeted by these malicious attacks.
Nvidia: In February 2022, Nvidia was attacked by the Lapsus$ ransomware gang. The group claimed responsibility for leaking the password hashes of Nvidia employees and even threatened to release a further 1 TB of stolen data, containing sensitive information related to RTX GPUs.
McDonald’s: A Russian-linked hacker group called Snatch has claimed to have stolen 500GB of data from McDonald’s corporate headquarters in Chicago. Following the attack, the group demanded a non-disclosure ransom on the dark web.
Toyota Motor Corp: In early 2022, a Toyota supplier fell victim to a ransomware attack, leading to the suspension of operations at 14 plants in Japan. This disruption represented almost a third of Toyota’s worldwide production, resulting in a significant loss of output.
Aon Plc: February 2022 also saw a ransomware attack on Aon Plc, the world’s second largest insurance broker. Given the sensitive nature of the data held by the company, the implications of this breach could have been catastrophic.
SpiceJet Ltd: Indian airline SpiceJet Ltd. faced operational challenges following a ransomware attack in May 2022. The attack compromised some of its systems, resulting in flight delays and communication barriers with customers.
Coca-Cola: In early 2022, the Stormous ransomware group claimed to have stolen 161 GB of data from Coca-Cola. This data, purported to contain business accounts, passwords and financial details, was offered for sale on the dark web.
AGCO: May 2022 was a difficult month for American farm equipment manufacturer AGCO. A ransomware attack during the sales season caused major production disruptions, impacting sales and the company as a whole.
Cisco: Cisco’s systems were breached by an Initial Access Broker in May 2022, paving the way for ransomware group Lapsus$ to launch an attack. This breach highlighted the evolving tactics of ransomware groups, this particular attack using voice phishing and social engineering.
Orion Innovation: August 2022 saw the LockBit ransomware group target Orion Innovation. The group’s demands and the subsequent implications of this attack highlight the increasing audacity of ransomware groups.
The financial impact of ransomware attacks is profound. With an average 31% increase in ransom payments between Q2 and Q3 2022, reaching an alarming $233,817, businesses are feeling the pinch. What’s more, the long-term financial impacts, such as loss of business, reputational damage and potential lawsuits, can be crippling for organizations.
Ransomware attacks are no longer just about data encryption. The landscape has evolved, with attackers now stealing data and threatening to divulge it to extort their victims. This change in tactics underlines the need for businesses to be more vigilant than ever.
SOS ransomware a specialized Recoveo service
Present 24/7, our cybersecurity experts are at your side, to help you overcome a ransomware incident within your organization. We’ve been the leader in data recovery in France for over 20 years. We have already rescued over 100,000 storage media.
Far from it! Here are two recent examples, but the list of structures affected is long… Here are just a few of the victims that have caught the media’s attention: the French Rugby Federation, the town of Sartrouville, the town of Betton, the Rennes University Hospital, the AIX-Marseille Chamber of Commerce and Industry, etc.
Cl0p’s use of MOVEit software
In July 2023, ransomware attacks reached a record high, mainly due to the exploitation of MOVEit software by the Cl0p ransomware group.
Who is Cl0p? Active since 2019, Cl0p is a notorious ransomware group responsible for numerous major attacks. They are particularly known for their double extortion tactics, stealing information before encrypting it.
The impact of the MOVEit exploit on organizations: the MOVEit exploit affected hundreds of organizations worldwide, exposing data belonging to millions of people. Victims included major entities such as the US Department of Energy and Shell.
Sectors most affected: industrial sectors were the hardest hit, followed by consumer goods and technology. The Cl0p, LockBit 3.0 and 8Base ransomware groups were particularly active.
The PyLocky affair
The hunt for hacker Hamza Bendelladj:
Investigators from the cybercrime squad have succeeded in tracking down the notorious hacker Hamza Bendelladj, alias BX1, in connection with the PyLocky ransomware.
The investigative methods of the cybercrime squad: thanks to in-depth analysis and judicial requisitions, investigators were able to unravel the workings of PyLocky and identify links with Hamza Bendelladj.
Links with other cyber attacks: further research revealed connections between PyLocky and other major cyber attacks, underlining the complexity and interconnectedness of cyber threats.
Economic and operational impact on businesses: ransomware attacks can have devastating consequences for businesses, ranging from data loss to major operational disruptions.
The need for heightened vigilance: in the face of the growing threat, businesses need to reinforce their security measures and be constantly vigilant in the face of new threats.
In these difficult times, having a trusted partner can make all the difference. SOS Ransomware presents itself as a beacon of hope for organizations, offering expert assistance in the event of a ransomware incident. With a proactive approach and rapid response, you can protect your organization against cyber attacks.
Our mini-guide for everyone
We have over 20 years’ experience in data recovery. Call on the data recovery leader, our expertise enables us to provide you with a top-level response.
Introduction: what is ransomware?
Detecting a ransomware attack
How to react to a ransomware attack?
Some examples of ransomware attacks
What are the most active threats?
How to protect yourself from a ransomware attack?