In 2020, 2021 and now 2022, BlackFog measured publicly disclosed attacks globally. We also produced an annual summary of our findings in the 2021 Ransomware attack report. In 2022 we will be tracking even more statistics, such as data exfiltration and several others as the year progresses. As usual you can also subscribe to have the report delivered to your inbox every month.

Ransomware started strong in 2022 with a significant attack on Bernalillo County in New Mexico making headlines. The incident closed most government buildings and impacted education in the area. The cyberattack also had a knock on effect at a county jail when the security camera and automatic doors were knocked offline leaving the inmates in lockdown. Here’s a look at what else we uncovered for the month.

1. We start the new year with a reported attack on Portuguese media group Impresa. This attack occurred over the New Year holiday knocking the organization’s websites and online streaming services offline. Little-known ransomware gang Lapsus$ was behind the attack.
2. French aerospace giant Thales Group were next to make ransomware headlines. A cyberattack on the firm was later confirmed as ransomware with Lockbit claiming responsibility. In a statement Thales said that “despite the fact that we have not received any direct ransom notification, we take this still unfounded allegation – and whatever its source – seriously. A dedicated team of security experts is currently investigating the situation.” Lockbit then took action by disclosing some of the exfiltrated data.
3. A holiday ransomware attack on Crawford County caused havoc with the government computer systems. In a statement they said “our IT guys and the guys at Apprentice (the company that provides IT assistance for the county) have been working day and night to get things back up and running”. They also notes that the computer systems were shut down immediately to prevent the loss of data and files. It’s not known what gang was behind the attack or if there was a ransom demand.
4. Montreal Tourism Agency shared that they had been one of the recent Canadian victims of the Karakurt hacking group. A spokesperson for the organization declined to say how the agency was compromised, whether the stolen data had personally-identifiable information, or what the attacker was asking for. The Karakurt posting, dubbed its Winter Data Leak Digest, says “the data amount we have obtained is speaking for itself. Which means there is a big hole in IT department that allowed us to exfiltrate everything we wanted.”
5. Canadian heavy equipment maker Weldco-Beales Manufacturing was the next victim of the Karahut gang. At time of writing the company was assessing what if any data had been exfiltrated. Asked if the company had heard from the hackers, a spokesperson said, “they leave a trail on the server of files, they are wanting you to get hold of them and send them bitcoin. And they left a couple of voicemails. The voicemails, he said, told the company “to take this seriously, you know how to contact us.” He couldn’t recall how much was demanded in cryptocurrency.
6. Carthage Schools in Missouri confirmed that the ‘cyber event’ they experienced at the end of 2021 was indeed a ransomware attack. In a statement they said, “regrettably, our forensic partners determined the ransomware group behind this attack obtained data from our network and has threatened to publish that information to the Dark Web. At this time, we do not know exactly what data may be at issue; however, we are working as quickly as possible to determine the answer.” Criminal gang Vice Society was behind the attack.
7. Bernalillo County in Albuquerque New Mexico was forced to close most government buildings following a ransomware attack. The incident made several headlines this month, notably when the incident left a jail without access to its camera feeds and rendered its automatic door mechanisms unusable leaving inmates in lockdown.
8. Leading school website provider FinalSite suffered a ransomware attack that disrupted website access for thousands of schools worldwide. The organization did not initially disclose that they had suffered a cyberattack but simply said that they were experiencing errors and “performance issues” across various services. After three days of disruption they confirmed the disruption was caused by a ransomware attack.
9. Bay & Bay Transportation, a Minnesota based trucking and logistics company suffered a second ransomware attack, this time at the hands of the Conti gang. In 2018 a ransomware attack crippled the company forcing them to pay the ransom. On this occasion the organization was better prepared and was able to return to 90% functionality in a day and a half without paying a ransom.
10. The ransomware group Ragnar Locker spread claims of a successful hack of telecom analytics firm Subex and its Broomfield-based cybersecurity subsidiary Sectri later sharing posts condemning the company for failing to protect its own network. An unconfirmed online report stated the firewall, router and VPN configuration data, company passwords, and employee documents had been published.
11. Maryland Department of Health was hit with a devastating ransomware attack which left hospitals struggling amid a surge of COVID-19 cases. In a statement they shared that they had not paid any extortion demands. It’s not yet known what criminal gang was behind the attack.
12. Japanese auto part manufacturer Denso suffered an attack by a criminal gang known as Rook. In a statement on their website the cybercriminals claimed to have exfiltrated 1.1 terabytes of data from the company. Denso belongs to the corporate group led by Toyota Motor Corp.
13. Hensoldt, a German multinational defense contractor confirmed that some of its UK subsidiary’s systems were compromised in a ransomware attack. While the company is yet to issue a public statement regarding this incident, the Lorenz ransomware gang claimed the attack.
14. Durham Johnston School in the UK suffered an attack at the hands of the Vice Society ransomware gang. Following the incident sources said that personal data belonging to pupils and teachers was posted on the Dark Web.
15. UK based contractor payroll service provider Brookson Group reported that they had been hit by a “extremely aggressive” cyberattack to the UK National Cyber Security Centre. Although not confirmed by the company to be ransomware, the BlackCat gang claimed responsibility for the attack.
16. Moncler, the luxury Italian fashion giant was next to make headlines when they confirmed a data breach following an attack by the BlackCat ransomware operation. Moncler confirmed that some data related to customers, current and previous employees, suppliers, consultants and business partners had been impacted.
17. RR Donnelly, a leading integrated services company offering communications, commercial printing, and marketing to enterprise clients suffered a Conti ransomware attack. The company initially disclosed that they were not aware of any client data stolen during the attack, the Conti gang later claimed responsibility and began to leak 2.5GB of exfiltrated data. However, a source told news outlet BleepingComputer that the criminal gang soon removed the data from public view after RRD began further negotiations to prevent the release of data.
18. Indonesia Central Bank disclosed they had been hit by a ransomware attack but public services were not impacted due to the quick measures taken to mitigate the incident. The Conti gang was behind the attack.
19. Griggsville-Perry School District in Illinois, found themselves victim of ransomware gang who were holding their files hostage in return for a ransom. It’s not yet known who was behind the attack or what data was compromised.
20. A ransomware attack on Pembroke Pines in Florida caused outages across certain city computers. A spokesperson for the city said so far it appears that no personal information was compromised and emergency services like police and fire remain operational.
21. In the next reported incident Belarusian activists launched a ransomware attack on Belarusian Railways in protest of dictatorship. The group known as The Belarusian Cyber-Partisans demanded the release of 50 political prisoners and the removal of all Russian troops from the country to release the data.
22. Linn County in Oregon discovered that a number of its computers were infected with ransomware knocking several systems offline including the county’s website which affected their ability to provide services to the public. Officials said at this time there was no evidence of compromised data.
23. The Ministry of Justice in France made headlines when the Lockbit ransomware gang claimed that they had successfully hacked the organization, giving them a deadline of February 10^th to pay the ransom or have their data leaked on the Dark Web.
24. Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell were next to disclose they had been a victim of a cyberattack which affected only ‘non-critical’ systems. While the company’s statement did not name the group behind the attack, a Conti ransomware sample was found to be deployed on the company’s network.
25. New Bedford Police Department in Massachusetts shared that they had been impacted by a ransomware attack affecting some of the department servers and computers, the non-emergency phone network was also out of service as a precautionary measure. It’s not yet known who was behind the attack or if any data was exfiltrated.
26. South Africa based investment administration provider Curo Fund Services found themselves unable to access IT systems for 5 days following a ransomware attack. At time of writing the incident was under investigation “to establish the origin, nature and scope of this incident so as to assess any data breaches”.
27. John Diefenbaker International Airport in Saskatoon, Canada suffered an attack at the hands of the Snatch ransomware gang. The gang posted what is known as a ‘proof pack’ of some of the exfiltrated data on the Dark Web. Sources have told media outlet IT World Canada that the goal of the criminal gang appears to be to embarrass the Saskatoon Airport Authority (SAA) for being unable to pay the ransom demand.