February ransomware attacks hit major enterprises

Following a month where attacks on municipalities impacted millions across the U.S., February saw more of an impact on the private sector.

In January, SearchSecurity reviewed ransomware incidents like the one that brought down the Bernalillo County systems for weeks to start off the new year. This month, it examines the large-scale businesses that suffered data breaches from ransomware as well as the schools across the U.S. hit by threat actors.

In February, there were 26 publicly reported ransomware attacks against businesses and public entities within the United States. The victims have included one of the world's largest chipmakers, a professional football team, a cookware titan and more than 10,000 college students across the country.

The most recent of these major attacks on private companies came on Feb. 23 against chipmaker Nvidia. While the attack, first reported by the Telegraph, was initially unconfirmed, Nvidia this week issued a statement acknowledging it had suffered a cyber attack. Nvidia said no ransomware was deployed, but threat actors stole proprietary product data and employee credentials and started leaking them online.

The ransomware group that claimed responsibility for the attack, known as Lapsus$, also demanded a ransom from the company and threatened to release an apparent 1 TB of data that was stolen in the breach.

Nvidia was not the only big name in the private sector to be hit by ransomware in February. On the day of the Super Bowl, Feb. 13, the San Francisco 49ers announced that they had been the victims of a ransomware attack.

The team admitted to this "network security incident," and it was also confirmed by the BlackByte ransomware gang, who claimed to have initiated the attack, posting alleged team documents and financial data on the dark web.

While the team has not specified what kind of financial information may have been compromised by the threat actors, the 49ers did tell CNN in a statement that the breach was contained to the team's corporate network and was not a threat to any ticketholders or stadium employees.

This ransomware attack on the 49ers was the first reported data breach against a major American sports team since threat actors reportedly attempted to execute ransomware within the network of the Houston Rockets last spring.

Outside of the realm of sports, one of the largest companies to report a ransomware attack in February was Meyer Corporation, one of the largest distributors of cookware in the world.

Employees were notified of the attack in February, after the breach that happened in October reportedly left over 2,500 potential victims and potentially compromised personal information such as Social Security numbers and driver's license numbers. The Conti ransomware group claimed the attack and reportedly leaked a small amount of the stolen data onto the dark web as evidence.

It was not just private companies that were impacted by ransomware attacks last month. The trend of attacks on municipalities and public education within the United States has carried over from January.

Two public colleges reported ransomware attacks on their systems during the past month. Ohlone Community College in Fremont, Calif., and Centralia College in Centralia, Wash., had either systems shut down as a result of the breach or had data stolen in the attack.

Centralia College's attack took down the Wi-Fi on its campus as well as the ability to receive emails from "outside senders," according to a statement to local news outlet The Chronicle.

In a notice posted on the school website, Ohlone said that "on Jan. 20, 2022, Ohlone Community College District experienced a network disruption that impacted our ability to access certain files on our network." The school then noted that it would be notifying individuals who may have had information compromised in the breach. While it did not provide specifics on their website, Ohlone said that information may have include Social Security numbers, medical information and financial account numbers.

In addition, private college the University of Detroit Mercy also suffered a ransomware attack, which reportedly occurred on Feb. 4. The school said there was a breach of its network but has yet to announce what, if any, systems are down as a result or what information may have been compromised by the ransomware.

Similar to January, February also saw ransomware attacks against local governments in the U.S. While no attacks were of the same scale as the one that hit Bernalillo County in New Mexico, at least one incident was reported that hampered public services at a local level. ­

The city of Quincy, Mass., suffered network disruptions as a result of a ransomware attack at the beginning of the month, according to the Quincy Sun. The attack impacted internal city servers, including one belonging to the city's police department. No information appears to have been compromised yet, even though a reported ransom has been demanded in exchange for stolen data.