Ransomware attacks are ongoing: a recap of major recent incidents, including this week's hit on The Guardian

British newspaper The Guardian suffers a suspected ransomware attack


What just happened? Despite IT security efforts worldwide, ransomware attacks show no sign of slowing down. Various organizations like technology manufacturers, the media, and governments have suffered major incidents this year. The latest and potentially last major attack in 2022 has struck the 201-year-old British newspaper.

The Guardian reported on Wednesday that it suffered a "significant IT incident," which is suspected to be a ransomware attack. The publication hasn't revealed the details of the breach, but it appears to have mainly affected internal systems not visible to readers.

The attack started late on Tuesday and was significant enough that most Guardian staff switched to working from home for the rest of the week. However, the newspaper's website and app have continued publishing stories, and editors say this week's print editions are still on track.

It's unclear how the breach occurred, whether any data was stolen, or if anyone has issued ransom payment demands towards The Guardian. Ransomware groups' objectives usually involve extracting payment to restore the victims' files, selling victims' sensitive data, or both. The publication plans to share more information later this week.

Ransomware gangs have targeted a variety of organizations throughout 2022, striking anyone they think has valuable information or can pay a large ransom.

Large-capacity NAS drives proved to be an attractive target, as QNAP and Asustor customers unfortunately discovered earlier this year. Deadbolt ransomware struck Asustor's internet-connected products in February and hit QNAP's drives in multiple waves over months.

The San Francisco 49ers suffered an attack from BlackByte ransomware on the day of the Super Bowl. Soon after, Lapsus$ notoriously struck Nvidia, failing to lock the company's systems but successfully leaking a significant amount of data. That data included sets of Microsoft credentials other groups used to obtain official Windows signatures for malware.

A group using Lockbit 2.0 ransomware attacked Foxconn's Tijuana factory in the summer, demanding possibly millions of dollars and threatening to leak sensitive data. The company's Mexico sites were hit once before in 2020.

The Pacific Island country of Vanuatu suffered perhaps one of the year's most brazen ransomware incidents when a suspected attack shut down all of its government's computer systems. Services like taxes, driver's licenses, and emergency information regressed to 1990s technology, and the government still hasn't completely recovered.

News organizations are no strangers to digital security breaches either. In September, attackers hijacked Fast Company and sent offensive notifications to the publication's Apple News subscribers.

Despite tech platform holders' constant efforts to plug security vulnerabilities, ransomware groups will likely continue to operate throughout 2023 as long as the business remains profitable.