Record-Breaking Ransomware and Breach: A Timeline of Ransomware in 2024

This was different record breaker year for ransomware. While file-locking malware didn’t cause widespread disruptions such as disruptions to online services and long-term outages, ransomware was the cause of unprecedented data theft attacks that affected hundreds of millions of people, and in some cases for life.

While governments have won some rare victories against ransomware hackers over the past twelve months, disruption of the productive LockBit gang and Capture and dismantling of the radarthese data theft and extortion attacks continue to increase dramatically in both frequency and sophistication.

We take a look at some of the most notable ransomware attacks of 2024.

january

LoanDepot

Mortgage and loan giant LoanDepot said at the beginning of the year it has been subjected to a cyber-attack involving “data encryption” or ransomware. Attack customers were unable to access account information or submit paymentsand forced the Florida-based company to “shut down certain systems.” Weeks later, LoanDepot said it had personal information More than 16 million people they compromised.

Fulton County

The notorious LockBit ransomware group claimed to have cyberattacked Fulton County, Georgia’s largest county with a population of over one million, in January. The attack caused weeks of countywide disruption, including IT outages that affected phone lines, courts and tax systems. LockBit published a lot of information from the state of Georgia, including “confidential documents,” but later removed those claims from the dark web leak site, which could be an indication that the victim paid the hackers a ransom. While the LockBit gang claims Fulton County is paying, security experts consider that LockBit has lost most of the data had stolen time the gang’s servers were seized the following month by US and UK law enforcement agencies.

Southern water

UK utility giant Southern Water he said he was investigating at the beginning of the year data theft incident weeks ago then confirms ransomware hackers have stolen the personal information of more than 470,000 customers. The attack on Southern Water, which provides water and wastewater services to millions of people in southeast England, has been claimed by the Black Basta ransomware group, which was previously linked to Russia. The 2023 hack of UK outsourcing giant Capita.

February

Transform healthcare

February saw one of the biggest data breaches of the year – and the largest data breaches of US healthcare and medical data in history. A health technology company owned by UnitedHealth Change Healthcare was hacked by the ALPHV ransomware groupat the time it claimed to have stolen “millions” of sensitive health and patient data from Americans. Change Healthcare reportedly paid ALPHV $22 million before the gang disappeared in March, just for the ALPHV contractor that carried out the hack. to demand a second ransom payment From the change.

UnitedHealth acknowledged the hack in April A data breach that affected “a significant number of people in America.” UnitedHealth wasn’t until October confirmed that there are at least 100 million people were affected by the data breach containing sensitive information, including medical records and health information, but the exact number of individuals affected is expected to be much higher.

March

Omni Hotels

Omni Hotels & Resorts shut down its systems in late March after identifying hackers on the hotel chain’s network, which caused widespread outages at Omni’s properties, including phone and Wi-Fi issues. Hotel giant in April confirmed cybercriminals stole customers’ personal information in a ransomware attack in March. claimed by the prolific Daixin gang. according to to reportsthe gang claimed to have stolen 3.5 million Omni customer records.

June

Development Bank

As a US-based service, it was targeted by banking giant Evolve Bank ransomware attack in June Evolve’s bank customers and fintech startups that rely on the bank, incl Wise and Mercury. The LockBit gang claimed credit for the attack on Evolve, with the group posting data it claimed to have stolen from Evolve on a dark web leak site. In July, Evolve confirmed that hackers obtained the personal information of at least 7.6 million people, including customers’ Social Security numbers, bank account numbers and contact information.

Synnovision

The NHS was forced to declare a critical incident in June ransomware attack at Synnovis, a major provider of pathology services. The cyber attack led to the cancellation of operations and diversion of emergency patients, and also saw the NHS issue a national appeal for ‘O’ blood donors. in the following weeks because of delays in matching blood to patients due to weeks of outages. The Qilin ransomware gang claimed responsibility for the attack, resulting in the leak of 400 gigabytes of sensitive data allegedly stolen from Synnovis. approximately 300 million patient interactions dating for years, doing it one of the biggest ransomware attacks of the year.

july

Columbus, Ohio

About 500,000 residents of Columbus, Ohio, had personal information. stolen including names, dates of birth, addresses, government-issued identification documents, Social Security numbers and their bank account details during the ransomware attack in July. Rhysida is responsible for last year’s cyber crimes Devastating cyber attack on the British Libraryclaimed responsibility for an attack on Columbus in August, saying it stole 6.5 terabytes of data from the city.

September

Transport to London

Transport for London, the government body that oversees the UK capital’s public transport system, is experienced weekly digital disruption after a cyber attack In September, the authorities’ corporate network was later claimed by the notorious Russian-linked Clop ransomware group. London’s transit network continues to operate without a problem, however, the incident has resulted in this The theft of bank details of nearly 5,000 customers — and forced the transit authority to manually reset the login passwords of each of its 30,000 employees.

October

Casio

Japanese electronics giant Casio was the victim of a cyber attack in October. confirms told TechCrunch that the incident was ransomware. An alleged cyberattack by an underground ransomware network, It rendered several Casio systems “unusable”, causing weeks of product shipping delays. The attack also stole personal information of Casio employees, contractors and business partners, including sensitive company data including invoices and human resources files. Casio said the hackers also accessed “data about some customers,” but did not say how many were affected.

november

On the Blue Side

November Ransomware attack on Blue Yonderone of the world’s largest supply chain software providers, has made an impact in several major US and UK retailers. Two of the UK’s biggest supermarket chains, Morrisons and Sainsbury’s, have confirmed to TechCrunch that they have experienced disruption from a ransomware attack, and US coffee giant Starbucks has also been affected, forcing store managers to pay staff manually. Blue Yonder has said little about the incident, including whether any data was stolen, but but also the Clop ransomware gang and the newer Termite crew It claims to have stolen 680 gigabytes of data from a supply chain giant including documents, reports, insurance documents and email lists.

December

NHS Hospitals

Several NHS were breached by ransomware (again) in December, following a prolific ransomware group linked to Russia, Inc. Ransom. he claimed Concession to Alder Hey Children’s Hospital Trust, one of Europe’s largest children’s hospitals. A similarly compromised Russian ransomware network a large NHS trust in Scotland earlier this yearAlder Hey claimed to have access to patient records and donor reports, as well as information from several other nearby hospitals. Separately, Wirral University Teaching Hospital, another NHS site not far from Alder Hey, was also forced to declare a critical case after falling victim to a ransomware.

Artivion

December continued to be a month for healthcare-focused attacks, such as Artivion, a medical device company that makes implantable tissues for heart transplants this month. confirmed a “cybersecurity incident” involving the “acquisition and encryption” of data read as ransomware. Artivion said it took certain systems offline in response to the cyber attack.