In January we saw Royal Mail fall victim to a ransomware attack at the hands of LockBit. The group hacked into the UK’s postal services’ software and blocked all international shipments by encrypting files. Negotiations took place between the two sides, but after two weeks, LockBit set a ransom demand of $80 million, 0.5% of the company’s revenue, in exchange for the decryption of the files. Royal Mail chose to not pay the ransom and take the risk of their data being leaked, which ultimately happened.

Months later, the US Marshals Service is still recovering from an attack which took place in February. The attack impacted a computer system which held sensitive law enforcement data belonging to the Technical Operations Group (TOG) who provide surveillance capabilities to track fugitives. “Most critical tools” were restored within 30 days, but the Marshal’s service is still to bring in a new version of the impacted system online with better security. Stolen data included employees’ personally identifiable information alongside returns from legal processes, administrative information and PII pertaining to subjects of USMS investigations and third parties.

Medusa hit the headlines when the group claimed an attack on Minneapolis Public Schools, exfiltrating a trove of data and demanding $1million to keep the information from being posted on the dark web. The reason behind the headlines was more sinister than the attack itself, it was the data they eventually leaked that caused a stir. Confidential information including complete sexual assault case folios were among the 300,000 files dumped by the ransomware group in March after the attack. Other leaked information included medical records, discrimination complaints, SSNs and contact information of district employees.

Another ransomware attack with sinister consequences was reported in March when ALPHV, aka BlackCat, infiltrated Lehigh Valley Health Network’s computer system. The incident involved systems used for “clinically appropriate patient images for radiation oncology treatment” and other sensitive information. The notorious ransomware group leaked naked images of breast cancer patients along with medical questionnaires, passports, and other sensitive patient data after the healthcare provider refused to pay the ransom demanded. LVHN have since faced lawsuits in relation to this ransomware attack.

British outsourcing company Capita was hit by a ransomware attack in March, since reporting that recovery from the incident is expected to cost up to $25million. Expenses have been attributed to “specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment.” The attack was “significantly restricted” by the company’s security team, but it was confirmed that customer, supplier, and employee data may have been stolen during the incident. BlackBasta claimed responsibility for the attack and has published data belonging to the organization. Not only has Capita incurred exceptional costs but the share price for the company dropped 12% after the attack.

Managed Care of North America (MCNA) Dental exposed a data breach which impacted almost 9 million patients. LockBit claimed the attack, threatening to publish 700GB of sensitive confidential information unless the $10million ransom was paid. Data including PII, health insurance information, care for teeth or braces documentation, and bills and insurance claims was later posted on the group’s dark web site. On the notice MCNA provided, there was also an extensive list of over one hundred healthcare providers that may have been indirectly impacted by the incident.

The fallout from a ransomware attack on City of Dallas in May this year is still making the news. The city was forced to shut down some of its IT systems, with a number of functional areas including the police and fire department experiencing disruption. It has recently come to light that over 26,000 people were affected by the attack orchestrated by Royal ransomware group. Information including names, addresses and medical information is among the data exfiltrated by the threat actors. Some city employees have already reported identity theft, with some of their children also having personal information stolen. In August, it was announced that the Dallas City Council approved $8.6 million in payments for services relating to the attack, including credit monitoring for potential identity theft victims.

In June it was announced that St Margaret’s Health (SMH) in Illinois would be closing after 120 years of serving the community, partially due to a 2021 ransomware attack. The attack crippled operations for months, catastrophically impacting the hospital’s ability to collect payments from insurers for services rendered and forced the shutdown of the hospital’s IT network, email systems, electronic medical records, and other web operations. Other factors leading to the closure included unprecedented expenses tied to COVID-19, low patient volumes and staff shortages.

At least four Australian banks were impacted when a major ransomware attack hit law firm HWL Ebsworth in June. BlackCat claimed the attack, successfully accessing HWL’s servers and exfiltrating 4TB of data. Westpac, NAB, the Commonwealth Bank and ANZ were among the many public and private sector entities who may have had data stolen during the incident. The ransom was reportedly $5million AUSD which the law firm refused to pay. 1.4TB of the exfiltrated data was publicly released which included financial information, customer documentation, and local and remote company credentials.

Ransom demands are not declining, which is made clear by the $70million ransom demanded by Bassterlord following an attack on TSMC. The threat actor, who is affiliated with LockBit, live tweeted the ransomware attack, sharing screenshots of information relating to the company. LockBit posted the attack on their site and stated should the ransom payment not be made the data would be leaked along with published points of entry into the network and password and company logins. TSMC has reported that it has not been breached but rather the systems of one of the IT hardware suppliers, Kinmax Technology, was hacked.

Barts Health NHS Trust, the largest health trust in the UK, was hit by a ransomware attack in June which was claimed by ALPHV, aka BlackCat. The gang stated that it had stolen 7TB of sensitive data in what is claimed to be the biggest breach of healthcare data in the United Kingdom. Samples of the stolen data included employee identification documents including passports and driver’s licenses and labelled internal documents. They also claim to have “citizens’ confidential documents.” The trust is still investigating the scope of the attack.

A class-action lawsuit has been filed against Tampa General Hospital following a cybersecurity incident reported in July. The incident resulted in the theft of protected personal health information (PHI) of up to 1.2 million patients. Although data was stolen, the hospital clarified that the hackers had failed in their attempt to launch a ransomware attack, with robust security systems preventing encryption of files and further damage. The class-action law suit filed against the hospital is for “failing to protect the personal data of its patients.” The hospital is also being accused of failing to notify impacted individuals on time, taking nearly two months to notify them.