Document Ransoms and Breaches: Ransomware Timeline in 2024

It was one other record 12 months for ransomware. When file-locking malware wasn’t inflicting widespread disruptions like on-line service outages and sustained outages, ransomware was behind unprecedented information theft assaults affecting a whole lot of hundreds of thousands of individuals , in some instances for all times.

Whereas governments have scored uncommon victories in opposition to ransomware hackers over the previous twelve months, together with the disruption of the prolific LockBit gang and the seizure and dismantling of the radarThese information theft and extortion assaults proceed to extend considerably, each in frequency and class.

A glance again at among the most notable ransomware assaults of 2024.

January

LoanDeposit

Mortgage and mortgage big LoanDepot said at the beginning of the year that it had been hit by a cyberattack involving “information encryption” or ransomware. The assault blocked customers from accessing account information or submitting paymentsand compelled the Florida-based firm to “shut down sure programs.” A couple of weeks later, LoanDepot stated that private information from more than 16 million individuals have been compromised.

Fulton County

The infamous LockBit ransomware gang claimed duty for a January cyberattack on Fulton County, Georgia’s largest county with a inhabitants of greater than 1 million. The assault led to weeks of nationwide disruption, together with laptop outages affecting telephone strains, courts and tax programs. LockBit launched in depth Georgia county information, together with “confidential paperwork,” however later eliminated these claims from its darkish net leak web site, which can point out the sufferer paid a ransom to the hackers. Whereas the LockBit gang claimed Fulton County paid, safety specialists I think LockBit probably lost most of the data he had flown when the the gang’s servers were then seized the following month by American and British legislation enforcement.

Southern Water

British utility big Southern Water said earlier this year that it was investigating a knowledge theft incident, earlier than weeks later confirming that ransomware hackers had stolen the non-public information of greater than 470,000 clients. The assault on Southern Water, which offers water and sanitation providers to hundreds of thousands of individuals in southeast England, was claimed by the Black Basta ransomware group, a gang linked to Russia who had beforehand taken credit score for the assault. a hack in 2023 against the British outsourcing giant Capita.

FEBRUARY

Altering healthcare

February noticed one of the biggest data breaches of the 12 months – and by far the biggest breach of US well being and medical information in historical past. Well being expertise firm owned by UnitedHealth Change Healthcare was hacked by the ALPHV ransomware gangwhich claimed on the time to have stolen “hundreds of thousands” of People’ delicate well being and affected person info. Change Healthcare reportedly paid $22 million to ALPHV earlier than the gang disappeared in March, only for the ALPHV contractor who carried out the hack. demand a second ransom payment of Change.

UnitedHealth admitted in April that the hack led to a data breach affecting a “substantial proportion of people in America.” It wasn’t till October that UnitedHealth confirmed that at least 100 million people have been affected by the information breach, which concerned delicate information together with medical data and well being info, though the exact variety of individuals affected is anticipated to be a lot increased.

March

Inns in Omni

Lodge chain Omni Inns & Resorts shut down its programs in late March after figuring out hackers on its community, resulting in widespread outages at Omni properties, together with telephone and Wi-Fi points. In April, the large of the resort business confirmed that cybercriminals stole its clients’ private info in the course of the March ransomware assault, which was claimed by the prolific Daixin gang. In accordance with to reportsthis gang claimed to have stolen 3.5 million Omni buyer data.

June

Develop the financial institution

US banking-as-a-service big Evolve Financial institution has been focused by a ransomware attack in June this had a widespread impact on Evolve’s banking clients and fintech startups that relied on the financial institution, together with Wise And Mercury. The LockBit gang claimed duty for the assault on Evolve, with the gang publishing the information it claimed to have stolen from Evolve on its Darkish Internet leak web site. In July, Evolve confirmed that hackers obtained the non-public information of at the very least 7.6 million individuals, together with social safety numbers, checking account numbers and buyer contact particulars.

Synnovision

The NHS was compelled to declare a crucial incident in June after a ransomware attack on a number one pathology service supplier, Synnovis. The cyberattack led to the cancellation of operations and the diversion of emergency sufferers, and likewise noticed the NHS launch a nationwide enchantment for blood group ‘O’ donors. in the weeks that followed resulting from delays in matching blood to sufferers resulting from interruptions lasting a number of weeks. The Qilin ransomware gang claimed duty for the assault and in the end leaked 400 gigabytes of delicate information allegedly stolen from Synnovis, or approximately 300 million patient interactions courting again years, making it one of the biggest ransomware attacks of the year.

July

Columbus, Ohio

Some 500,000 residents of town of Columbus, the capital of the state of Ohio, had their private information stolen throughout a ransomware assault in July, together with their names, dates of beginning, addresses, government-issued identification paperwork, Social Safety numbers and checking account particulars. Rhysida, the cybercrime gang chargeable for final 12 months’s assault Devastating cyber attack on the British Libraryclaimed duty for the assault on Columbus in August, saying it stole 6.5 terabytes of knowledge from town.

September

Transport for London

Transport for London, the federal government company that oversees the British capital’s public transport system, has skilled weeks of digital disruption following a cyberattack on the authority’s company community in September, which was later claimed by the notorious Russia-linked Clop ransomware group. Though London’s public transport community continued to function easily, the incident nonetheless brought about the theft of banking data on some 5,000 customers — and compelled the transit firm to manually reset the login passwords of every of its 30,000 in-person staff.

October

Casio

Japanese electronics big Casio was the sufferer of a cyberattack in October, confirming to TechCrunch that the incident was ransomware. The cyberattack, claimed by the Underground ransomware gang, rendered several Casio systems “unusable”, inflicting weeks of delays in product shipments. The assault additionally resulted within the theft of non-public info belonging to Casio staff, contractors and enterprise companions, in addition to delicate firm information, together with invoices and human assets data. Casio stated the hackers additionally accessed “details about some clients” however didn’t say what number of of them have been affected.

November

Blue there

A November ransomware attack on Blue Yonderone of many world’s largest suppliers of provide chain software program, has had a ripple impact with a number of main US and UK retailers. Two of the UK’s largest grocery store chains, Morrisons and Sainsbury’s, confirmed to TechCrunch that they’d suffered disruption following the ransomware assault, and US espresso big Starbucks was additionally hit, forcing retailer managers to pay employees manually. Blue Yonder has stated little concerning the incident, together with whether or not any information was stolen, however the Clop ransomware gang and the brand new Termite crew claims to have stolen 680 gigabytes of data from the availability chain big, together with paperwork, stories, insurance coverage paperwork and mailing lists.

December

NHS Hospitals

A number of NHS have been disrupted (once more) by ransomware in December after a prolific Russia-linked ransomware gang dubbed Inc Ransom. claimed having compromised Alder Hey Youngsters’s Hospital Belief, one in every of Europe’s largest kids’s hospitals. The Russian ransomware gang, which additionally breached a major NHS trust in Scotland earlier this yearclaimed to have obtained Alder Hey affected person data and donor stories, in addition to information from a number of different hospitals within the neighboring space. Individually, Wirral College Hospital – one other NHS web site not removed from Alder Hey – was compelled to declare a crucial incident after additionally falling sufferer to ransomware.

Artivion

December continued to be the month of assaults focusing on healthcare, akin to Artivion, a medical machine firm that makes implantable tissue for coronary heart transplants, this month. confirmed a “cybersecurity incident” that concerned the “acquisition and encryption” of knowledge – which reads like ransomware. Artivion stated it took some programs offline in response to the cyberattack.