“In 2022, ransomware remained one of the most dangerous cyberthreats”. This is stated in the report by Apura Cyber Intelligence, a company that develops solutions to monitor and combat virtual threats and cybercrime.
According to data extracted from his BTTng platform, which monitors thousands of events daily In search of possible attacks, ransomware continues to be one of the preferred forms of attack and movement of groups around the world that form large bands in search ofrescues” for valuable information.
The data indexed on the platform showed that North America was the continent with the highest number of attacks suffered, with 56%; followed by Europe, with 26%; Asia, 7%; and South America, 4%. Regarding the sectors attacked, cybercriminals mainly targeted the Engineering and Architecture sector, with 11%; then Treasury, 10%; Industry and Manufacturing, 8%; Retailer/Wholesale, 7%; and Technology, 7%.
To quickly understand how ransomware works, it is enough to remember the cases of kidnapping and ransom demands that appear in the media at one time or another, with the difference that, Instead of people, the ransom is requested for sensitive information or personal data that is “kidnapped” of companies, taking advantage of holes in online security,. That information can be worth literally millions of dollars in cryptocurrency. Many of these groups then offer to release the data on websites if the ransom is not paid.
And so do the groups that engineer massive attacks. “Although some major groups have exited the scene, several others have filled the void left by them. New samples appear almost every day, based on freely shared source codes of other ransomware in malicious forums”, explains Sandro Suffert, cybersecurity expert and CEO of Apura.
According to Suffert, many of these criminal groups that operate through ransomware are based in Russia, and the conflict between the Russians and the Ukrainians has greatly damaged the fight, as the latter were investigated by the international community, which with the war left this investigation in the background.
Therefore, one of the implementations of Apura in BTTng in 2022 was to integrate a exclusive panel for ransomware, through which it is possible to follow the most recent attacks carried out by major ransomware groups, such as LockBit 3, Hive, Vice Society, among others.
Ransomware Affects US County Correctional Systems
It seems taken from a movie, this case demonstrates the harmful impact of a ransomware attack on a penitentiary in the US state of New Mexicowhich had several affected systems: databases, servers, internet service, security cameras, including access cell electronics. In addition, the detainees’ medical records were inaccessible, preventing medications from being administered properly.
Grupo Conti attacks and threatens Peru and Costa Rica
The group responsible for the ransomware Conti has launched attacks against various government services in Peru and Costa Rica. Given the resistance of the countries to pay the required amounts, the operator responsible for the attack threatened to publish confidential information from the Peruvian intelligence agency that would imply acts of torture and espionage, in addition to announcing even more devastating attacks against the infrastructure of Costa Rica.
Cisco falls victim to the Yanluowang ransomware group
the tech giant Cisco was the victim of an attack by the Yanluowang ransomware group in May, although the case was not made public until August. Access was gained through a clever hack tactic. social engineering performed against an employee of the company Although some data has been posted on the website that Yanluowang maintains for the disclosure of victims, Cisco has ensured that there was no access to critical internal systems, such as those related to product development, code signing, etc.
Record TV falls victim to BlackCat ransomware
In October, Record TV, in Brazil, was announced as a victim of BlackCat (ALPHV) ransomware. The group published on the website that they maintain to extort victims, various details of Record employees, including presenters and actors. Balance sheets and other fiscal documents were also published. Due to the attack, some of the station’s programs could not be broadcast and had to be shown reruns.
Disclaimer: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
It may interest you:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.