It was one other record-breaking 12 months for ransomware. When file-locking malware wasn’t inflicting widespread disruption, like downing on-line providers and lasting outages, ransomware was the reason for unprecedented information theft assaults affecting lots of of hundreds of thousands of individuals, in some instances for all times.
Whereas governments have struck some uncommon wins towards ransomware hackers over the previous 12 months, together with the disruption of the prolific LockBit gang and the seizure and takedown of Radar, these information theft and extortion assaults proceed to extend dramatically, each when it comes to frequency and class.Â
We glance again at a number of the most notable ransomware assaults of 2024.
January
LoanDepot
Mortgage and mortgage large LoanDepot mentioned at first of the 12 months that it had been hit by a cyberattack involving the “encryption of information,” or ransomware. The assault left clients unable to entry account info or submit funds, and compelled the Florida-based firm to “shut down sure programs.” Weeks later, LoanDepot mentioned that the private information of greater than 16 million people have been compromised.
Fulton County
The infamous LockBit ransomware gang claimed a January cyberattack on Fulton County, the biggest county in Georgia with a inhabitants over a million. The assault led to weeks of county-wide disruption, together with IT outages affecting telephone traces, the courts, and tax programs. LockBit printed troves of information from the Georgia county, together with “confidential paperwork,” however later eliminated these claims from its darkish net leak web site, which could be a sign that the sufferer paid the hackers a ransom. Whereas the LockBit gang claimed Fulton County had paid, safety consultants reckon that LockBit probably misplaced many of the information it had stolen when the gang’s servers have been subsequently seized the next month by U.S. and U.Ok. legislation enforcement.
Southern Water
U.Ok. utility large Southern Water mentioned early within the 12 months that it was investigating a knowledge theft incident, earlier than weeks later confirming that ransomware hackers had stolen the private information of greater than 470,000 clients. The assault on Southern Water, which supplies water and wastewater providers to hundreds of thousands of individuals throughout the south-east of England, was claimed by the Black Basta ransomware group, a Russia-linked gang that beforehand took credit score for a 2023 hack on U.Ok. outsourcing large Capita.
February
Change HealthcareÂ
February noticed one of many largest information breaches of the 12 months — and by far the biggest information breaches of U.S. well being and medical information in historical past. UnitedHealth-owned well being tech firm Change Healthcare was hacked by the ALPHV ransomware gang, which on the time claimed to have stolen “hundreds of thousands” of Individuals’ delicate well being and affected person info. Change Healthcare reportedly paid $22 million to ALPHV earlier than the gang vanished in March, just for the ALPHV contractor who carried out the hack to demand a second ransom fee from Change.
UnitedHealth conceded in April that the hack led to a knowledge breach affecting a “substantial proportion of individuals in America.” It wasn’t till October that UnitedHealth confirmed that at the least 100 million individuals have been affected by the info breach, which included delicate information together with medical information and well being info, although the exact variety of affected people is anticipated to be far increased.
March
Omni Motels
Resort chain Omni Motels & Resorts shut down its programs in late March after figuring out hackers on its community, resulting in widespread outages throughout Omni’s properties, together with telephone and Wi-Fi points. In April, the lodge large confirmed that cybercriminals stole the private info of its clients through the March ransomware assault, which was claimed by the prolific Daixin gang. In accordance to experiences, this gang claimed to have stolen 3.5 million Omni buyer information.Â
JuneÂ
Evolve Financial institution
U.S.-based banking-as-a-service large Evolve Financial institution was the goal of a ransomware assault in June that had widespread impact on Evolve’s banking clients and the fintech startups that relied on the financial institution, together with Clever and Mercury. The LockBit gang claimed credit score for the assault on Evolve, with the gang posting information it claimed to have stolen from Evolve on its darkish net leak web site. In July, Evolve confirmed that the hackers had obtained the private information of at the least 7.6 million individuals, together with clients’ Social Safety numbers, checking account quantity, and get in touch with info.Â
SynnovisÂ
The NHS was pressured to declare a vital incident in June after a ransomware assault on a serious pathology providers supplier, Synnovis. The cyberattack led to canceled operations and the diversion of emergency sufferers, and likewise noticed the NHS problem a nationwide enchantment for “O” blood-type group donors within the weeks that adopted due to delays in matching blood to sufferers because of the weeks-long outages. The Qilin ransomware gang claimed accountability for the assault and finally leaked 400 gigabytes of delicate information allegedly stolen from Synnovis, or round 300 million affected person interactions courting again years, making it one of many largest ransomware assaults of the 12 months.
July
Columbus, Ohio
Some 500,000 residents of the Metropolis of Columbus, Ohio’s state capital, had their private information stolen throughout a July ransomware assault, together with names, dates of beginning, addresses, government-issued identification paperwork, Social Safety numbers, and checking account particulars. Rhysida, the cybercrime gang liable for final 12 months’s devastating cyberattack on the British Library, claimed accountability for the assault towards Columbus in August, saying it had stolen 6.5 terabytes of information from town.Â
September
Transport for London
Transport for London, the federal government physique overseeing the U.Ok. capital’s public transit system, skilled weeks of digital disruption following a cyberattack on the authority’s company community in September that was later claimed by the notorious Russia-linked Clop ransomware group. Whereas the London transit community continued working with out problem, the incident however resulted in the theft of banking information on some 5,000 clients — and compelled the transit authority to manually reset the login passwords of each single considered one of its 30,000 workers in-person.
October
Casio
Japanese electronics large Casio was the sufferer of an October cyberattack, confirming to TechCrunch that the incident was ransomware. The cyberattack, which was claimed by the Underground ransomware gang, rendered a number of of Casio’s programs “unusable,” inflicting weeks of delays to product shipments. The assault additionally noticed the theft of private info belonging to Casio workers, contractors, and enterprise companions, together with delicate firm information together with invoices and human sources information. Casio mentioned the hackers additionally accessed “details about some clients,” however didn’t say what number of have been affected.
November
Blue Yonder
A November ransomware assault on Blue Yonder, one of many world’s largest suppliers of provide chain software program, had a knock-on impact at a number of main U.S. and U.Ok. retailers. Two of the U.Ok.’s largest grocery store chains, Morrisons and Sainsbury’s, confirmed to TechCrunch that that they had skilled disruption because of the ransomware assault, and U.S. espresso large Starbucks was additionally affected, forcing retailer managers to pay workers manually. Blue Yonder has mentioned little in regards to the incident, together with whether or not any information was stolen, however each the Clop ransomware gang and the newer Termite crew claims it has stolen 680 gigabytes of information from the provision chain large firm, together with paperwork, experiences, insurance coverage paperwork, and e-mail lists.
December
NHS Hospitals
A number of NHS amenities have been disrupted (once more) by ransomware in December after a prolific Russia-linked ransomware gang dubbed Inc Ransom claimed to have compromised Alder Hey Kids’s Hospital Belief, considered one of Europe’s largest youngsters’s hospitals. The Russian ransomware gang, which equally breached a serious NHS belief in Scotland earlier this 12 months, claimed it obtained Alder Hey affected person information and donor experiences, together with information from a number of different hospitals within the close by space. Individually, the Wirral College Educating Hospital — one other NHS location not removed from Alder Hey — was pressured to declare a vital incident after additionally falling sufferer to ransomware.
Artivion
December continued to be the month for healthcare-targeted assaults, as Artivion, a medical machine firm that manufactures implantable tissues for cardiac transplants, this month confirmed a “cybersecurity incident” that concerned the “acquisition and encryption” of information — which reads as ransomware. Artivion mentioned it took sure programs offline in response to the cyberattack.