Best Technology news & reviews
Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Google
Government & Policy
Hardware
Instagram
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
It was another record-breaking year for ransomware. When file-locking malware wasn’t causing widespread disruption, like downing online services and lasting outages, ransomware was the cause of unprecedented data theft attacks affecting hundreds of millions of people, in some cases for life.
While governments have struck some rare wins against ransomware hackers over the past 12 months, including the disruption of the prolific LockBit gang and the seizure and takedown of Radar, these data theft and extortion attacks continue to increase dramatically, both in terms of frequency and sophistication.
We look back at some of the most notable ransomware attacks of 2024.
Mortgage and loan giant LoanDepot said at the start of the year that it had been hit by a cyberattack involving the “encryption of data,” or ransomware. The attack left customers unable to access account information or submit payments, and forced the Florida-based company to “shut down certain systems.” Weeks later, LoanDepot said that the personal data of more than 16 million individuals were compromised.
The notorious LockBit ransomware gang claimed a January cyberattack on Fulton County, the largest county in Georgia with a population over one million. The attack led to weeks of county-wide disruption, including IT outages affecting phone lines, the courts, and tax systems. LockBit published troves of data from the Georgia county, including “confidential documents,” but later removed these claims from its dark web leak site, which can be an indication that the victim paid the hackers a ransom. While the LockBit gang claimed Fulton County had paid, security experts reckon that LockBit likely lost most of the data it had stolen when the gang’s servers were subsequently seized the following month by U.S. and U.K. law enforcement.
U.K. utility giant Southern Water said early in the year that it was investigating a data theft incident, before weeks later confirming that ransomware hackers had stolen the personal data of more than 470,000 customers. The attack on Southern Water, which provides water and wastewater services to millions of people across the south-east of England, was claimed by the Black Basta ransomware group, a Russia-linked gang that previously took credit for a 2023 hack on U.K. outsourcing giant Capita.
February saw one of the biggest data breaches of the year — and by far the largest data breaches of U.S. health and medical data in history. UnitedHealth-owned health tech company Change Healthcare was hacked by the ALPHV ransomware gang, which at the time claimed to have stolen “millions” of Americans’ sensitive health and patient information. Change Healthcare reportedly paid $22 million to ALPHV before the gang vanished in March, only for the ALPHV contractor who carried out the hack to demand a second ransom payment from Change.
UnitedHealth conceded in April that the hack led to a data breach affecting a “substantial proportion of people in America.” It wasn’t until October that UnitedHealth confirmed that at least 100 million people were affected by the data breach, which included sensitive data including medical records and health information, though the precise number of affected individuals is expected to be far higher.
Hotel chain Omni Hotels & Resorts shut down its systems in late March after identifying hackers on its network, leading to widespread outages across Omni’s properties, including phone and Wi-Fi issues. In April, the hotel giant confirmed that cybercriminals stole the personal information of its customers during the March ransomware attack, which was claimed by the prolific Daixin gang. According to reports, this gang claimed to have stolen 3.5 million Omni customer records.
U.S.-based banking-as-a-service giant Evolve Bank was the target of a ransomware attack in June that had widespread effect on Evolve’s banking customers and the fintech startups that relied on the bank, including Wise and Mercury. The LockBit gang claimed credit for the attack on Evolve, with the gang posting data it claimed to have stolen from Evolve on its dark web leak site. In July, Evolve confirmed that the hackers had obtained the personal data of at least 7.6 million people, including customers’ Social Security numbers, bank account number, and contact information.
The NHS was forced to declare a critical incident in June after a ransomware attack on a major pathology services provider, Synnovis. The cyberattack led to canceled operations and the diversion of emergency patients, and also saw the NHS issue a national appeal for “O” blood-type group donors in the weeks that followed because of delays in matching blood to patients as a result of the weeks-long outages. The Qilin ransomware gang claimed responsibility for the attack and eventually leaked 400 gigabytes of sensitive data allegedly stolen from Synnovis, or around 300 million patient interactions dating back years, making it one of the largest ransomware attacks of the year.
Some 500,000 residents of the City of Columbus, Ohio’s state capital, had their personal data stolen during a July ransomware attack, including names, dates of birth, addresses, government-issued identification documents, Social Security numbers, and bank account details. Rhysida, the cybercrime gang responsible for last year’s devastating cyberattack on the British Library, claimed responsibility for the attack against Columbus in August, saying it had stolen 6.5 terabytes of data from the city.
Transport for London, the government body overseeing the U.K. capital’s public transit system, experienced weeks of digital disruption following a cyberattack on the authority’s corporate network in September that was later claimed by the infamous Russia-linked Clop ransomware group. While the London transit network continued operating without issue, the incident nevertheless resulted in the theft of banking data on some 5,000 customers — and forced the transit authority to manually reset the login passwords of every single one of its 30,000 employees in-person.
Japanese electronics giant Casio was the victim of an October cyberattack, confirming to TechCrunch that the incident was ransomware. The cyberattack, which was claimed by the Underground ransomware gang, rendered several of Casio’s systems “unusable,” causing weeks of delays to product shipments. The attack also saw the theft of personal information belonging to Casio employees, contractors, and business partners, along with sensitive company data including invoices and human resources files. Casio said the hackers also accessed “information about some customers,” but did not say how many were affected.
A November ransomware attack on Blue Yonder, one of the world’s largest providers of supply chain software, had a knock-on effect at several major U.S. and U.K. retailers. Two of the U.K.’s largest supermarket chains, Morrisons and Sainsbury’s, confirmed to TechCrunch that they had experienced disruption as a result of the ransomware attack, and U.S. coffee giant Starbucks was also affected, forcing store managers to pay staff manually. Blue Yonder has said little about the incident, including whether any data was stolen, but both the Clop ransomware gang and the newer Termite crew claims it has stolen 680 gigabytes of data from the supply chain giant company, including documents, reports, insurance documents, and email lists.
Several NHS facilities were disrupted (again) by ransomware in December after a prolific Russia-linked ransomware gang dubbed Inc Ransom claimed to have compromised Alder Hey Children’s Hospital Trust, one of Europe’s largest children’s hospitals. The Russian ransomware gang, which similarly breached a major NHS trust in Scotland earlier this year, claimed it obtained Alder Hey patient records and donor reports, along with data from several other hospitals in the nearby area. Separately, the Wirral University Teaching Hospital — another NHS location not far from Alder Hey — was forced to declare a critical incident after also falling victim to ransomware.
December continued to be the month for healthcare-targeted attacks, as Artivion, a medical device company that manufactures implantable tissues for cardiac transplants, this month confirmed a “cybersecurity incident” that involved the “acquisition and encryption” of data — which reads as ransomware. Artivion said it took certain systems offline in response to the cyberattack.
Topics
Carly Page is a Senior Reporter at TechCrunch, where she covers the cybersecurity beat. She has spent more than a decade in the technology industry, writing for titles including Forbes, TechRadar and WIRED.
You can contact Carly securely on Signal at +441536 853956 or via email at carly.page@techcrunch.com.
Bench shuts down, leaving thousands of businesses without access to accounting and tax docs
Why DeepSeek’s new AI model thinks it’s ChatGPT
Want a cheap EV? Hertz is handing out discounts to renters
OpenAI lays out its for-profit transition plans
DeepSeek’s new AI model appears to be one of the best ‘open’ challengers yet
Microsoft and OpenAI have a financial definition of AGI: Report
What is Bluesky? Everything to know about the X competitor
Subscribe for the industry’s biggest tech news
Every weekday and Sunday, you can get the best of TechCrunch’s coverage.
TechCrunch's AI experts cover the latest news in the fast-moving field.
Every Monday, gets you up to speed on the latest advances in aerospace.
Startups are the core of TechCrunch, so get our best coverage delivered weekly.
By submitting your email, you agree to our Terms and Privacy Notice.
© 2024 Yahoo.
