It was one other record-breaking 12 months for ransomware. When file-locking malware wasn’t inflicting widespread disruption, like downing on-line providers and lasting outages, ransomware was the reason for unprecedented knowledge theft assaults affecting a whole lot of hundreds of thousands of individuals, in some circumstances for all times.
While governments have struck some uncommon wins towards ransomware hackers over the previous 12 months, together with the disruption of the prolific LockBit gang and the seizure and takedown of Radar, these knowledge theft and extortion assaults proceed to extend dramatically, each when it comes to frequency and class.
We look again at a number of the most notable ransomware assaults of 2024.
January
LoanDepot
Mortgage and mortgage big LoanDepot stated at the beginning of the 12 months that it had been hit by a cyberattack involving the “encryption of information,” or ransomware. The assault left prospects unable to entry account data or submit funds, and compelled the Florida-based firm to “shut down sure programs.” Weeks later, LoanDepot stated that the non-public knowledge of greater than 16 million people had been compromised.
Fulton County
The infamous LockBit ransomware gang claimed a January cyberattack on Fulton County, the most important county in Georgia with a inhabitants over a million. The assault led to weeks of county-wide disruption, together with IT outages affecting cellphone strains, the courts, and tax programs. LockBit revealed troves of information from the Georgia county, together with “confidential paperwork,” however later eliminated these claims from its darkish net leak web site, which could be a sign that the sufferer paid the hackers a ransom. While the LockBit gang claimed Fulton County had paid, safety specialists reckon that LockBit possible misplaced a lot of the knowledge it had stolen when the gang’s servers had been subsequently seized the next month by U.S. and U.Okay. regulation enforcement.
Southern Water
U.Okay. utility big Southern Water stated early within the 12 months that it was investigating an information theft incident, earlier than weeks later confirming that ransomware hackers had stolen the non-public knowledge of greater than 470,000 prospects. The assault on Southern Water, which supplies water and wastewater providers to hundreds of thousands of individuals throughout the south-east of England, was claimed by the Black Basta ransomware group, a Russia-linked gang that beforehand took credit score for a 2023 hack on U.Okay. outsourcing big Capita.
February
Change Healthcare
February noticed one of many greatest knowledge breaches of the 12 months — and by far the most important knowledge breaches of U.S. well being and medical knowledge in historical past. UnitedHealth-owned well being tech firm Change Healthcare was hacked by the ALPHV ransomware gang, which on the time claimed to have stolen “hundreds of thousands” of Americans’ delicate well being and affected person data. Change Healthcare reportedly paid $22 million to ALPHV earlier than the gang vanished in March, just for the ALPHV contractor who carried out the hack to demand a second ransom cost from Change.
UnitedHealth conceded in April that the hack led to a knowledge breach affecting a “substantial proportion of individuals in America.” It wasn’t till October that UnitedHealth confirmed that at the least 100 million individuals had been affected by the info breach, which included delicate knowledge together with medical information and well being data, although the exact variety of affected people is anticipated to be far larger.
March
Omni Hotels
Hotel chain Omni Hotels & Resorts shut down its programs in late March after figuring out hackers on its community, resulting in widespread outages throughout Omni’s properties, together with cellphone and Wi-Fi points. In April, the resort big confirmed that cybercriminals stole the non-public data of its prospects through the March ransomware assault, which was claimed by the prolific Daixin gang. According to reviews, this gang claimed to have stolen 3.5 million Omni buyer information.
June
Evolve Bank
U.S.-based banking-as-a-service big Evolve Bank was the goal of a ransomware assault in June that had widespread impact on Evolve’s banking prospects and the fintech startups that relied on the financial institution, together with Wise and Mercury. The LockBit gang claimed credit score for the assault on Evolve, with the gang posting knowledge it claimed to have stolen from Evolve on its darkish net leak web site. In July, Evolve confirmed that the hackers had obtained the non-public knowledge of at the least 7.6 million individuals, together with prospects’ Social Security numbers, checking account quantity, and make contact with data.
Synnovis
The NHS was compelled to declare a crucial incident in June after a ransomware assault on a significant pathology providers supplier, Synnovis. The cyberattack led to canceled operations and the diversion of emergency sufferers, and likewise noticed the NHS difficulty a nationwide attraction for “O” blood-type group donors within the weeks that adopted due to delays in matching blood to sufferers because of the weeks-long outages. The Qilin ransomware gang claimed duty for the assault and ultimately leaked 400 gigabytes of delicate knowledge allegedly stolen from Synnovis, or round 300 million affected person interactions relationship again years, making it one of many largest ransomware assaults of the 12 months.
July
Columbus, Ohio
Some 500,000 residents of the City of Columbus, Ohio’s state capital, had their private knowledge stolen throughout a July ransomware assault, together with names, dates of delivery, addresses, government-issued identification paperwork, Social Security numbers, and checking account particulars. Rhysida, the cybercrime gang accountable for final 12 months’s devastating cyberattack on the British Library, claimed duty for the assault towards Columbus in August, saying it had stolen 6.5 terabytes of information from town.
September
Transport for London
Transport for London, the federal government physique overseeing the U.Okay. capital’s public transit system, skilled weeks of digital disruption following a cyberattack on the authority’s company community in September that was later claimed by the notorious Russia-linked Clop ransomware group. While the London transit community continued working with out difficulty, the incident nonetheless resulted within the theft of banking knowledge on some 5,000 prospects — and compelled the transit authority to manually reset the login passwords of each single one in every of its 30,000 staff in-person.
October
Casio
Japanese electronics big Casio was the sufferer of an October cyberattack, confirming to TechCrunch that the incident was ransomware. The cyberattack, which was claimed by the Underground ransomware gang, rendered a number of of Casio’s programs “unusable,” inflicting weeks of delays to product shipments. The assault additionally noticed the theft of private data belonging to Casio staff, contractors, and enterprise companions, together with delicate firm knowledge together with invoices and human sources information. Casio stated the hackers additionally accessed “details about some prospects,” however didn’t say what number of had been affected.
November
Blue Yonder
A November ransomware assault on Blue Yonder, one of many world’s largest suppliers of provide chain software program, had a knock-on impact at a number of main U.S. and U.Okay. retailers. Two of the U.Okay.’s largest grocery store chains, Morrisons and Sainsbury’s, confirmed to TechCrunch that they’d skilled disruption because of the ransomware assault, and U.S. espresso big Starbucks was additionally affected, forcing retailer managers to pay workers manually. Blue Yonder has stated little in regards to the incident, together with whether or not any knowledge was stolen, however each the Clop ransomware gang and the newer Termite crew claims it has stolen 680 gigabytes of information from the provision chain big firm, together with paperwork, reviews, insurance coverage paperwork, and electronic mail lists.
December
NHS Hospitals
Several NHS services had been disrupted (once more) by ransomware in December after a prolific Russia-linked ransomware gang dubbed Inc Ransom claimed to have compromised Alder Hey Children’s Hospital Trust, one in every of Europe’s largest kids’s hospitals. The Russian ransomware gang, which equally breached a significant NHS belief in Scotland earlier this 12 months, claimed it obtained Alder Hey affected person information and donor reviews, together with knowledge from a number of different hospitals within the close by space. Separately, the Wirral University Teaching Hospital — one other NHS location not removed from Alder Hey — was compelled to declare a crucial incident after additionally falling sufferer to ransomware.
Artivion
December continued to be the month for healthcare-targeted assaults, as Artivion, a medical machine firm that manufactures implantable tissues for cardiac transplants, this month confirmed a “cybersecurity incident” that concerned the “acquisition and encryption” of information — which reads as ransomware. Artivion stated it took sure programs offline in response to the cyberattack.
