This year was another record year for ransomware. When file-locking malware wasn't causing massive disruptions, such as bringing down or prolonged outages of online services, ransomware was causing unprecedented data theft attacks that affected hundreds of millions of people, sometimes for the rest of their lives. I did.
Over the past 12 months, governments have scored rare victories against ransomware hackers, including the destruction of the prolific Rockbit gang and the seizure and destruction of radar, but these data theft and extortion attacks have increased in frequency. continues to increase dramatically both in terms of and sophistication. .
A look back at some of the most notable ransomware attacks of 2024.
January
loan depot
Loan Depot, a major mortgage loan company, announced at the beginning of this year that it had suffered a cyberattack involving “data encryption,” or ransomware. The attack left customers unable to access account information or send payments and forced the Florida-based company to “shut down certain systems.” A few weeks later, LoanDepot announced that the personal data of more than 16 million people had been compromised.
fulton county
The notorious LockBit ransomware gang claimed a cyberattack in January against Fulton County, Georgia's largest county with a population of over 1 million people. The attack caused weeks of countywide disruption, including IT outages that affected phone lines, courthouses and tax offices. Rockbit released large amounts of data from Georgia counties, including “classified documents,” but later removed these claims from its dark web leak site. This could indicate that the victim paid a ransom to the hacker. The LockBit gang claimed Fulton County paid them, but when LockBit's servers were seized by U.S. and British law enforcement the following month, LockBit likely lost most of the stolen data, security experts say. I'm thinking about home.
southern water
British utility giant Southern Water announced earlier this year that it was investigating a data theft incident, only to confirm weeks later that ransomware hackers had stolen the personal data of more than 470,000 customers. . The attack on Southern Water, which provides water and wastewater services to millions of people in south-east England, was carried out by Black Busta, a Russian-linked gang previously credited with a 2023 hack of the British outsourcing giant. – Claimed by a ransomware group. Kapita.
February
change health care
February saw one of the biggest data breaches of the year, and the largest data breach in U.S. health and medical data history. Change Healthcare, a health tech company owned by UnitedHealth, was hacked by the ALPHV ransomware gang, which claimed at the time to have stolen “millions” of sensitive health and patient information of American citizens. Change Healthcare reportedly paid $22 million to ALPHV before the gang disappeared in March, after the ALPHV contractor who carried out the hack demanded a second ransom payment from Change. Masu.
UnitedHealth acknowledged in April that the hack led to a data breach that affected “a significant portion of the population of the United States.” It wasn't until October that UnitedHealth confirmed that at least 100 million people were affected by the data breach, which included sensitive data including medical records and health information. , the exact number of people affected is expected to be much higher.
march
Omni Hotels
Hotel chain Omni Hotels & Resorts shut down its systems in late March after identifying a hacker on its network, causing widespread outages across Omni properties, including phone and Wi-Fi issues. In April, the hotel giant admitted that cybercriminals stole customers' personal information during a ransomware attack in March (claimed by Daxing Group). The gang reportedly claims to have stolen 3.5 million Omni customer records.
June
Evolve Bank
US-based banking-as-a-service giant Evolve Bank was the target of a ransomware attack in June that had widespread impact on Evolve's banking customers and fintech startups such as Wise and Mercury that rely on the bank. I did. The LockBit gang claimed credit for the attack on Evolve and posted data it claimed to have stolen from Evolve on a dark web leak site. Evolve confirmed in July that hackers had obtained the personal data of at least 7.6 million customers, including their social security numbers, bank account numbers, and contact information.
Shinobis
In June, the NHS was forced to declare a major incident following a ransomware attack on leading pathology service provider Synnovis. The cyberattack led to surgery cancellations, emergency patient diversions and weeks of delays in matching blood to patients, prompting the NHS to issue a nationwide appeal for 'O' blood group donors in the weeks that followed. Ta. – Long power outage. The Qilin ransomware gang claimed responsibility for the attack, which ended up leaking 400 gigabytes of sensitive data allegedly stolen from Synovis, or about 300 million patient interactions from years ago, making it the biggest ransomware of the year. This was one of the attacks.
July
columbus ohio
Approximately 500,000 residents of Columbus, Ohio's capital, lost personal data such as names, dates of birth, addresses, government-issued IDs, Social Security numbers, and bank account details in a ransomware attack in July. It was stolen. The cybercriminal group Resida, which was behind last year's devastating cyber attack on the British Library, claimed responsibility for the August attack on the city of Columbus, saying it had stolen 6.5 terabytes of data from the city.
september
transport in london
Transport for London, the government agency that oversees the British capital's public transport system, was attacked in September after a cyberattack on the agency's corporate network was claimed by the notorious Russia-linked Klopp ransomware group. After that, we experienced weeks of digital disruption. Although London's transport network continued to operate without incident, the incident resulted in around 5,000 customers' bank data being stolen and transport authorities being forced to manually reset login passwords for all 30,000 employees face-to-face. I was forced to.
October
casio
Japanese consumer electronics giant Casio was the victim of a cyberattack in October and confirmed to TechCrunch that the incident was ransomware. The cyberattack, claimed by the Underground ransomware group, left several Casio systems “unusable” and delayed product shipments by several weeks. The attack also stole personal information belonging to Casio employees, contractors, and business partners, as well as sensitive company data such as invoices and personnel files. Casio said the hackers also accessed “information about some customers,” but did not say how many people were affected.
november
blue yonder
November's ransomware attack on Blue Yonder, one of the world's largest providers of supply chain software, had a ripple effect on several large retailers in the US and UK. Britain's two biggest supermarket chains, Morrisons and Sainsbury's, confirmed to TechCrunch that they had suffered disruption as a result of the ransomware attack, while U.S. coffee giant Starbucks was also affected, with store managers asking employees to do manual work. I had to pay my salary. Blue Yonder has said little about the incident, including whether any data was stolen, but both the Clop ransomware gang and the new Termite team have stolen documents, reports, insurance forms, and other documents from supply chain giants. and claims to have stolen 680 gigabytes of data, including: Email list.
december
NHS hospital
In December, a large Russian-linked ransomware group called Inc Ransom claimed to have compromised Alder Hey Children's Hospital Trust, one of Europe's largest children's hospitals, after several The NHS has been disrupted (again) by ransomware. A Russian ransomware group similarly breached a major NHS trust in Scotland earlier this year, obtaining patient records and donor reports from Alder Hey, as well as data from several other hospitals in nearby areas. insisted. Separately, Wirral University Teaching Hospital, another NHS hub not far from Alderhey, was also hit by ransomware and was forced to declare a major incident.
Altivion
December continues to be a hot month for attacks targeting healthcare organizations, with Artivion, a medical device company that makes implantable tissue for heart transplants, this month receiving data “capture and encryption” (considered ransomware). We have confirmed a “cyber security incident” related to. . Artivion said it took certain systems offline in response to the cyberattack.