Ransomware and hacks: A timeline of ransomware in 2024

That was something else record breaking year of ransomware. While file-locking malware did not cause serious disruptions, such as bringing down Internet services and long-term outages, ransomware caused unprecedented attacks that affected hundreds of millions of people, sometimes for life.

Although governments have won some rare victories against ransomware attackers in the past twelve months, including Disruption of the main LockBit team and Capture and removal of RadarThese data breaches and hijackings continue to increase dramatically, both in frequency and sophistication.

We take a look back at some of the most popular ransomware of 2024.

January

LoanDepot

Loan and credit giant LoanDepot he said at the beginning of the year that it was affected by a computer attack involving “data encryption,” or ransomware. Attack customers are unable to access account information or send paymentsand forced the Florida company to “shut down some operations.” A few weeks later, LoanDepot reported that information about more than 16 million people he persuaded.

Fulton County

The notorious LockBit ransomware group claimed it took place in January in Fulton County, Georgia’s largest county with a population of over one million. The attack caused weeks of chaos across the province, including IT shutdowns that affected telephone, court, and tax systems. LockBit published a large amount of information from the state of Georgia, including “confidential documents,” but later removed the claims from its blacklist, which could be evidence that the victim paid the hackers a ransom. Although the LockBit gang said Fulton County paid, security experts think LockBit may have lost some information it was stolen when The terrorists’ servers were seized the following month and US and UK authorities.

Southern waters

UK utility giant Southern Water it said earlier this year that it was investigating data theft event, weeks before after confirmation that ransomware attackers stole the information of more than 470,000 customers. The attack on Southern Water, which provides water and wastewater services to millions of people in the south-east of England, was claimed by the Black Basta ransomware group, a Russian-linked group it previously boasted. 2023 hack of UK publishing giant Capita.

February

Changing Healthcare

February saw one of the most destructive data per year – and the largest data breach in US healthcare and medicine in history. UnitedHealth-owned health tech company Change Healthcare was hijacked by the ALPHV ransomware groupwhich at the time claimed to have stolen “millions” of Americans’ health and patient information. Change Healthcare reportedly paid $22 million to ALPHV before the raids ended in March, only to the ALPHV contractor that defrauded it. to demand the payment of the second ransom from Change.

UnitedHealth admitted in April that a hack was responsible a data breach that affected “most Americans.” It wasn’t until October that UnitedHealth confirmed that at least 100 million people were affected by the data breach, which included medical records and health information, although the actual number of people affected is expected to be much higher.

March

Omni Hotels

Omni Hotels & Resorts shut down its systems at the end of March after identifying hackers on the network, causing Omni’s assets to be disrupted, including phone and Wi-Fi networks. In April, the hotel giant it has been confirmed that cybercriminals stole its customers’ information during the March ransomware attack, which was was reported by Daixin’s senior management team. According to to reportsthe group claimed to have stolen the records of 3.5 million Omni customers.

June

Evolve Bank

Major US bank Evolve Bank is the target ransomware attack in June which had a major impact on Evolve’s banking clients and fintech startups that relied on the bank, including Wise and Mercury. The LockBit gang claimed responsibility for the attack on Evolve, where the hacker group posted data it claimed to have stolen from Evolve on its leaky website. In July, Evolve confirmed that hackers gained access to at least 7.6 million people’s personal information, including Social Security numbers, bank account numbers, and credentials.

Synnovision

The NHS was forced to declare a critical incident in June later ransomware attacks at the main pharmaceutical supplier, Synnovis. The cyberattack caused operations to be altered and emergency services disrupted, and saw the NHS issue a national appeal for type “O” blood donors. in the following weeks because of the delay in comparing blood with patients due to the shutdown of several weeks. The criminal group Qilin ransomware claimed responsibility for the attack and eventually released 400 gigabytes of content allegedly stolen from Synnovis, or. around 300 million patients from years ago, to make it one of the biggest ransomware attacks of the year.

July

Columbus, Ohio

About 500,000 residents of the City of Columbus, Ohio’s state capital, had their own data. stolen for the July ransom attack, including names, dates of birth, addresses, government-issued IDs, Social Security numbers, and bank account information. Rhysida, a cybercrime group last year The devastating cyberattack on the British Libraryclaimed responsibility for the attack on Columbus in August, claiming to have stolen 6.5 terabytes of data from the city.

September

Transport in London

Transport for London, the government agency that manages public transport in the UK capital, met weeks of digital disruption after a cyberattack on government companies in September that was later reported by the notorious Russian-linked Clop ransomware group. Although the London transit network continued to operate without incident, the incident took its toll the theft of banking data on approximately 5,000 customers – and forcing administrators to manually reset the passwords of each of its 30,000 employees individually.

October

Kasio

Japanese electronics giant Casio was the victim of an October cyberattack, to confirm to TechCrunch that the incident was ransomware. The cyberattack, which was reported by the Underground ransomware group, rendered several Casio systems “unusable,” causing a delay of several weeks for the goods to be shipped. The attack also saw the theft of personal information about Casio’s employees, contractors, and business partners, as well as company information including invoices and personnel files. Casio said the hackers also accessed “some customer data,” but did not say how many were affected.

November

On the Blue side

November Ransomware attack on Blue Yonderone of the world’s largest supplier software solutions, has impacted many US and UK suppliers. Two of the UK’s largest chains, Morrisons and Sainsbury’s, confirmed to TechCrunch that they experienced disruptions due to ransomware attacks, and US coffee giant Starbucks was also affected, forcing store managers to pay employees manually. Blue Yonder has not said much about what happened, including whether any data was stolen, but all of the Clop ransomware group and a new group of termites it allegedly stole 680 gigabytes of data from major marketing companies, including documents, reports, insurance documents and email lists.

December

NHS hospitals

Several NHS systems were compromised (again) by ransomware in December after a Russian-linked terrorist group called Inc Ransom. he said disrupting Alder Hey Children’s Hospital Trust, one of Europe’s largest children’s hospitals. The Russian ransomware gang, which also broke the largest NHS trust in Scotland earlier this yearit said it had access to Alder Hey patient records and donor reports, as well as a number of other nearby hospitals. Separately, Wirral University Teaching Hospital – another NHS site away from Alder Hey – was forced to declare a critical incident after another collapse with rescue.

Art

December continued to be a month for health-related threats, such as Artivion, a medical device company that manufactures heart valves, this month. it has been confirmed A “cyber security incident” that involves “buying and encrypting” data – which is classified as ransomware. Artivion said it adopted other offline systems in response to the cyberattack.