It was one other record-breaking 12 months for ransomware. When file-locking malware wasn’t inflicting widespread disruption, like downing on-line providers and lasting outages, ransomware was the reason for unprecedented information theft assaults affecting lots of of hundreds of thousands of individuals, in some instances for all times.
Whereas governments have struck some uncommon wins in opposition to ransomware hackers over the previous twelve months, together with the disruption of the prolific LockBit gang and the seizure and takedown of Radar, these information theft and extortion assaults proceed to extend dramatically, each when it comes to frequency and class.
We glance again at a few of the most notable ransomware assaults of 2024.
January
LoanDepot
Mortgage and mortgage large LoanDepot mentioned firstly of the 12 months that it had been hit by a cyberattack involving the “encryption of information,” or ransomware. The assault left prospects unable to entry account data or submit funds, and compelled the Florida-based firm to “shut down sure programs.” Weeks later, LoanDepot mentioned that the non-public information of greater than 16 million people have been compromised.
Fulton County
The infamous LockBit ransomware gang claimed a January cyberattack on Fulton County, the most important county in Georgia with a inhabitants over a million. The assault led to weeks of county-wide disruption, together with IT outages affecting telephone traces, the courts, and tax programs. LockBit revealed troves of information from the Georgia county, together with “confidential paperwork,” however later eliminated these claims from its darkish net leak web site, which could be a sign that the sufferer paid the hackers a ransom. Whereas the LockBit gang claimed Fulton County had paid, safety specialists reckon that LockBit doubtless misplaced a lot of the information it had stolen when the gang’s servers have been subsequently seized the next month by U.S. and U.Ok. regulation enforcement.
Southern Water
U.Ok. utility large Southern Water mentioned early within the 12 months that it was investigating an information theft incident, earlier than weeks later confirming that ransomware hackers had stolen the non-public information of greater than 470,000 prospects. The assault on Southern Water, which gives water and wastewater providers to hundreds of thousands of individuals throughout the south-east of England, was claimed by the Black Basta ransomware group, a Russia-linked gang that beforehand took credit score for a 2023 hack on U.Ok. outsourcing large Capita.
February
Change Healthcare
February noticed one of many greatest information breaches of the 12 months — and by far the most important information breaches of U.S. well being and medical information in historical past. UnitedHealth-owned well being tech firm Change Healthcare was hacked by the ALPHV ransomware gang, which on the time claimed to have stolen “hundreds of thousands” of People’ delicate well being and affected person data. Change Healthcare reportedly paid $22 million to ALPHV earlier than the gang vanished in March, just for the ALPHV contractor who carried out the hack to demand a second ransom fee from Change.
UnitedHealth conceded in April that the hack led to an information breach affecting a “substantial proportion of individuals in America.” It wasn’t till October that UnitedHealth confirmed that a minimum of 100 million individuals have been affected by the information breach, which included delicate information together with medical information and well being data, although the exact variety of affected people is predicted to be far greater.
March
Omni Resorts
Lodge chain Omni Resorts & Resorts shut down its programs in late March after figuring out hackers on its community, resulting in widespread outages throughout Omni’s properties, together with telephone and Wi-Fi points. In April, the lodge large confirmed that cybercriminals stole the non-public data of its prospects throughout the March ransomware assault, which was claimed by the prolific Daixin gang. In accordance to reviews, this gang claimed to have stolen 3.5 million Omni buyer information.
June
Evolve Financial institution
U.S.-based banking-as-a-service large Evolve Financial institution was the goal of a ransomware assault in June that had widespread impact on Evolve’s banking prospects and the fintech startups that relied on the financial institution, together with Smart and Mercury. The LockBit gang claimed credit score for the assault on Evolve, with the gang posting information it claimed to have stolen from Evolve on its darkish net leak web site. In July, Evolve confirmed that the hackers had obtained the non-public information of a minimum of 7.6 million individuals, together with prospects’ Social Safety numbers, checking account quantity, and phone data.
Synnovis
The NHS was compelled to declare a crucial incident in June after a ransomware assault on a serious pathology providers supplier, Synnovis. The cyberattack led to canceled operations and the diversion of emergency sufferers, and in addition noticed the NHS problem a nationwide attraction for “O” blood-type group donors within the weeks that adopted due to delays in matching blood to sufferers because of the weeks-long outages. The Qilin ransomware gang claimed duty for the assault and ultimately leaked 400 gigabytes of delicate information allegedly stolen from Synnovis, or round 300 million affected person interactions courting again years, making it one of many largest ransomware assaults of the 12 months.
July
Columbus, Ohio
Some 500,000 residents of the Metropolis of Columbus, Ohio’s state capital, had their private information stolen throughout a July ransomware assault, together with names, dates of delivery, addresses, government-issued identification paperwork, Social Safety numbers, and their checking account particulars. Rhysida, the cybercrime gang answerable for final 12 months’s devastating cyberattack on the British Library, claimed duty for the assault in opposition to Columbus in August, saying it had stolen 6.5 terabytes of information from the town.
September
Transport for London
Transport for London, the federal government physique overseeing the U.Ok. capital’s public transit system, skilled weeks of digital disruption following a cyberattack on the authority’s company community in September that was later claimed by the notorious Russia-linked Clop ransomware group. Whereas the London transit community continued working with out problem, the incident nonetheless resulted in the theft of banking information on some 5,000 prospects — and compelled the transit authority to manually reset the login passwords of each single certainly one of its 30,000 workers in-person.
October
Casio
Japanese electronics large Casio was the sufferer of an October cyberattack, confirming to TechCrunch that the incident was ransomware. The cyberattack, which was claimed by the Underground ransomware gang, rendered a number of of Casio’s programs “unusable,” inflicting weeks of delays to product shipments. The assault additionally noticed the theft of private data belonging to Casio workers, contractors, and enterprise companions, together with delicate firm information together with invoices and human assets information. Casio mentioned the hackers additionally accessed “details about some prospects,” however didn’t say what number of have been affected.
November
Blue Yonder
A November ransomware assault on Blue Yonder, one of many world’s largest suppliers of provide chain software program, had a knock-on impact at a number of main U.S. and U.Ok. retailers. Two of the U.Ok.’s largest grocery store chains, Morrisons and Sainsbury’s, confirmed to TechCrunch, that they’d skilled disruption because of the ransomware assault, and U.S. espresso large Starbucks was additionally affected, forcing retailer managers to pay workers manually. Blue Yonder has mentioned little in regards to the incident, together with whether or not any information was stolen, however each the Clop ransomware gang and the newer Termite crew claims it has stolen 680 gigabytes of information from the availability chain large firm, together with paperwork, reviews, insurance coverage paperwork and electronic mail lists.
December
NHS Hospitals
A number of NHS have been disrupted (once more) by ransomware in December after a prolific Russia-linked ransomware gang dubbed Inc Ransom claimed to have compromised Alder Hey Youngsters’s Hospital Belief, certainly one of Europe’s largest kids’s hospitals. The Russian ransomware gang, which equally breached a serious NHS belief in Scotland earlier this 12 months, claimed it obtained Alder Hey affected person information and donor reviews, together with information from a number of different hospitals within the close by space. Individually, the Wirral College Instructing Hospital — one other NHS location not removed from Alder Hey — was compelled to declare a crucial incident after additionally falling sufferer to ransomware.
Artivion
December continued to be the month for healthcare-targeted assaults, as Artivion, a medical system firm that manufactures implantable tissues for cardiac transplants, this month confirmed a “cybersecurity incident” that concerned the “acquisition and encryption” of information — which reads as ransomware. Artivion mentioned it took sure programs offline in response to the cyberattack.
