Wrapping up 2022: The worst malware attacks

3 Mins read
worst malware attacks

What is Malware?

Malware, short for malicious software, is any software designed to harm or exploit computer systems. This can include viruses, worms, Trojan horses, ransomware, and spyware, among other types of harmful software.

Malware is often spread through email attachments, malicious websites, and infected software downloads. Malware and other cyber threats can have a wide range of effects, from stealing personal information to causing widespread damage to computer systems. The best way to protect against malware is to use anti-virus software and to be cautious when opening emails or clicking on links from unknown sources.

The Worst Malware Attacks in 2022


In February 2022, NVIDIA was compromised by a ransomware attack. Lapsus$, a ransomware group, took responsibility for this attack, claimed they gained access to 1TB of company data and demanded $1 million and other unspecified fees.

While online rumors implied that some parts of NVIDIA’s business were offline for two days, the company claimed that the attack did not impact its operations. NVIDIA responded quickly to the attack by hardening the company’s security and employing cyber incident response experts to contain the situation.

Costa Rica Government

In 2022, the Costa Rica government declared a national emergency in response to a cyber-attack. The first ransomware attack began in April and impacted government services and the import and export sector. Ransomware group Conti took responsibility for this attack and demanded a ransom of $10 million from the government, later increasing it to $20 million.

On May 31, an attack linked to HIVE targeted Costa Rica’s healthcare system. This attack affected Costa Rica’s social security fund and took the country’s healthcare systems offline, directly harming Costa Rican civilians.


In 2022, Indian airline SpiceJet faced an attempted ransomware attack that left hundreds of passengers stranded in multiple locations across the country. The airline’s IT team succeeded in containing the situation, but this incident exposed critical cybersecurity gaps. It showed that Indian airlines and others across the globe must reevaluate their ransomware readiness and strengthen their preparedness to respond to similar attacks quickly and effectively.

NHS Services

In August 2022, MSP Advanced, which provides 85% of services to NHS 11, was hit by the Lockbit 3.0 ransomware. This attack caused massive disruption to the United Kingdom’s National Health Service (NHS), which uses the 111 service to refer patients for medical care, create appointment bookings, dispatch ambulances, and more.

Uber and Rockstar

The attack on Uber in September 2022 involved a combination of social engineering and malware. Threat actors sent a fake two-factor authentication notification that urged the victim to click a link to verify a request. The victim complied, allowing the actors to compromise the employee’s account.

On compromising the account, the actors used the company’s virtual private network (VPN) to access internal resources. Next, they gained access to Uber’s privilege access management service, used it to escalate privileges, and claimed access to multiple Uber systems, including Duo, AWS, GSuite, Slack, OneLogin, Windows, and VMware. This highlights the risk of insider threats – because attackers could gain such extensive access with one compromised account.

The actors then attacked Rockstar Games and downloaded the entire source code for Grand Theft Auto 5 and 6 and various confidential information. This incident involved targeting collaboration tools most developers use, such as Confluence Wiki and Slack.


A ransomware attack on health insurer Medibank affected its 3.9 million existing and former customers. The attackers demanded $9.7 million not to publish the stolen data, and Medibank refused to pay. In response, the attackers threatened to release data every day while the ransom remained unpaid.

This attack was estimated to cost Medibank $25 to $35 million before paying customer compensation and regulatory and legal costs. Medibank’s delayed insurance premium increased until January 2023, costing the company $62 million.

Florida International University

Florida International University was hit by ransomware several weeks after the attack on North Carolina Agricultural and Technical State University (A&T). The ALPHV/BlackCat group took responsibility for both attacks.

During the attack on Florida International University, the group exfiltrated 1.2 terabytes of sensitive data, including accounting documents, email databases, and social security numbers. At that time, the university claimed the attack did not compromise information, but security researchers later examined the stolen data and verified that it was real.


In conclusion, 2022 was a year marked by a significant increase in the frequency and severity of malware attacks. The rise of ransomware, in particular, had a devastating impact on businesses and individuals alike. The use of sophisticated techniques and tools by cybercriminals made it increasingly difficult for organizations to protect themselves.

However, it’s important to note that many of these attacks could have been prevented with proper cybersecurity measures, including regular software updates, employee education and training, and endpoint protection and detection tools. As we move into 2023, businesses and individuals must stay vigilant and take proactive steps to secure their systems and protect against malware attacks.

Author Bio: Gilad David Maayan

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.


Read Next: Kubernetes Security: Understanding the Attack Surface

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 2 =