2024 shattered records yet again, with ransomware emerging as one of the most pervasive and damaging cyber threats of the year. File-locking malware not only caused widespread disruptions, including paralyzing online services and sparking prolonged outages, but it also fueled an unprecedented wave of data theft. Hundreds of millions of people had their sensitive information exposed, often with lifelong consequences.
While governments celebrated some rare victories, such as disrupting the notorious LockBit gang and seizing the Radar ransomware operation, these attacks grew both in frequency and sophistication. Data theft and extortion tactics escalated, leaving organizations and individuals reeling. Here, we revisit some of the most notable ransomware incidents of 2024, month by month.
January: A Chilling Start
LoanDepot
Mortgage and loan giant LoanDepot kicked off the year with a ransomware attack that encrypted critical data. Customers were left unable to access account information or make payments, forcing the company to shut down key systems. Weeks later, LoanDepot disclosed that over 16 million individuals had their personal data compromised, marking a grim beginning to the year.
Fulton County
The infamous LockBit ransomware gang targeted Fulton County, Georgia’s largest county with over one million residents. The attack disrupted county-wide operations for weeks, crippling phone lines, court systems, and tax platforms. Although LockBit initially claimed responsibility and leaked sensitive data, these claims were mysteriously removed from its dark web site. Experts speculated that the gang’s subsequent server seizure by U.S. and U.K. law enforcement likely erased the stolen data—a rare setback for ransomware operators.
Southern Water
In the U.K., Southern Water revealed a ransomware attack that exposed the personal data of more than 470,000 customers. The Russia-linked Black Basta group claimed responsibility, adding this incident to its growing list of high-profile attacks, which included a 2023 hack on outsourcing giant Capita. This breach underscored the vulnerabilities of critical infrastructure providers.
February: Healthcare in the Crosshairs
Change Healthcare
One of the largest data breaches in U.S. history unfolded when Change Healthcare, owned by UnitedHealth, fell victim to the ALPHV ransomware gang. The attackers reportedly exfiltrated sensitive medical data affecting “millions” of Americans. Change Healthcare paid a staggering $22 million ransom, only to face further extortion demands from an ALPHV contractor. By October, UnitedHealth confirmed that at least 100 million people were impacted, with leaked data including medical records and other highly sensitive health information.
March: Hotels Hit Hard
Omni Hotels & Resorts
Luxury hotel chain Omni Hotels faced a significant ransomware attack in March, causing system outages and disrupting services like Wi-Fi and phone lines across its properties. The Daixin gang later claimed to have stolen 3.5 million customer records. This breach highlighted the hospitality sector’s growing vulnerability to cyberattacks.
June: Banking and Healthcare Under Siege
Evolve Bank
Banking-as-a-service giant Evolve Bank suffered a major ransomware attack in June, with fallout extending to fintech startups like Wise and Mercury that relied on its services. The LockBit gang claimed responsibility, leaking personal data of at least 7.6 million individuals, including Social Security numbers and bank account details.
Synnovis
A ransomware attack on NHS pathology services provider Synnovis forced the NHS to declare a critical incident. Emergency patients were diverted, surgeries were canceled, and a national appeal for “O” blood-type donors was issued due to delays in matching blood to patients. The Qilin ransomware gang claimed to have exfiltrated 400 gigabytes of sensitive data, making it one of the year’s most disruptive cyberattacks.
July: Municipal Mayhem
City of Columbus, Ohio
A ransomware attack on Columbus, Ohio, exposed the personal data of 500,000 residents, including Social Security numbers and government IDs. Rhysida, the cybercrime gang behind last year’s British Library breach, claimed to have stolen 6.5 terabytes of data, emphasizing the growing risk to local governments.
September: Transport Turmoil
Transport for London (TfL)
TfL experienced weeks of disruption following a ransomware attack on its corporate network. While public transit services remained operational, the Clop ransomware gang’s attack compromised banking data of 5,000 customers and necessitated the manual reset of login credentials for all 30,000 employees—a painstaking and costly effort.
October: Corporate Giants Targeted
Casio
Japanese electronics giant Casio became the latest victim of ransomware, with attackers crippling systems and stealing sensitive company data, including employee and contractor records. The Underground ransomware gang claimed responsibility, leaving Casio grappling with weeks of delays in product shipments and customer service disruptions.
November: Supply Chain Chaos
Blue Yonder
A ransomware attack on supply chain software provider Blue Yonder disrupted major retailers like Morrisons and Sainsbury’s in the U.K. and Starbucks in the U.S. The Clop ransomware gang and a newer group called Termite claimed responsibility, alleging the theft of 680 gigabytes of sensitive data. The attack underscored the cascading effects ransomware can have on interconnected industries.
December: Healthcare on the Brink
NHS Hospitals
The NHS faced another crisis as Alder Hey Children’s Hospital Trust and Wirral University Teaching Hospital were hit by ransomware. Patient records, donor reports, and other sensitive data were compromised. The Russia-linked Inc Ransom gang claimed responsibility, deepening concerns about the resilience of healthcare systems.
Artivion
Medical device manufacturer Artivion confirmed a ransomware attack that encrypted critical data and forced systems offline. The company, specializing in cardiac implantable tissues, faced significant operational disruptions, rounding out a year fraught with healthcare-targeted attacks.
2024’s ransomware timeline paints a stark picture: attackers are growing bolder, targeting critical sectors like healthcare, finance, and public infrastructure. Despite occasional victories against ransomware gangs, the sheer scale and sophistication of these attacks demand urgent action. Governments, businesses, and individuals must prioritize cybersecurity to navigate this escalating threat landscape.
