Top 10 ransomware attacks of 2024
11 Feb 2022
The threat of ransomware has become a primary cause of worry, threatening organizations of their data, operations, and gravely impacting their reputation.
In 2024, ransomware has threatened industries, with ransomware attacks severely impacting healthcare, manufacturing, financial, technological, and educational sectors.
In 2025, cybercriminals will leverage AI and ML to amplify their terror through undetectable tactics and improved performance. Businesses will have to proactively secure their most precious information assets and take measures for early detection and response to threats.
Let us explore some of the most prominent ransomware attacks throughout 2024-2025, but first, let us look at some facts that reflect the negative impact of ransomware on businesses
(source – security intelligence, Malwarebytes and Threatlabz).
- The highest ransom paid was paid to the Devils angels ransomware group amounting to $75 million!
- There was a 67% rise in ransomware attacks in UK and 63% rise in ransomware attacks in the US
- The average ransom demanded in 2024 was $2.73 million
- 22.1% of all the ransomware attacks were carried out by Lockbit ransomware
| Ransomware group | Number of victims | Top industries targeted by ransomware attack |
| LockBit | 988 | Manufacturing |
| BlackCat | 410 | Healthcare |
| 8Base | 352 | Technology |
| Play | 345 | Education |
| Clop | 291 | Financial Services |
Top ransomware attacks of 2024
10. LoanDepot
About the victim:
loandepot cyber attack
LoanDepot is one of the largest lenders based in California. It offers various services and fix rate and adjustable rate mortgage products.
Was there a data breach at loanDepot?
The attack exposed the sensitive personal information of over 16 million people. It included names, addresses, phone numbers, dates of birth, etc.
The attackers asked for 6 million for a decryptor and sold the data upon the failure of negotiations. The attack forced the company to take its systems offline, delaying online services for its mortgage customers.
When it happened
January 2024
What did it cost
Records exposed – 16924071
Delay of online services for mortgage customers
9. Change Healthcare
About the victim:
change healthcare cyber attack update
Change Healthcare is a payment and revenue cycle management solutions provider for the U.S. healthcare system. The company serves as one of the largest financial and administrative information exchanges.
What happened
Russian ransomware gang named ALPHV/BlackCat attacked Change Healthcare in February 2024, causing a massive negative impact on its operations and the healthcare facilities and pharmacies connected to it. Healthcare providers and pharmacies faced a challenge processing insurance and prescriptions. It caused one of the largest data exposures in history!
When it happened
February 2024
What did it cost
Records exposed – 100 million people
Disruption in operations in multiple healthcare facilities and pharmacies
8. Ascension Healthcare
About the victim:
Ascension Healthcare cyberattack
Ascension Healthcare is a US-based healthcare services provider with more than 140 hospitals and 13+ senior living facilities.
How did the Ascension cyber attack happen?
Hackers stole the personal and healthcare information of more than 5.6 million patients. The attack caused widespread disruption of services across the hospital system.
When it happened
May 2024
What did it cost
Records exposed – 5.6 Million Patients
Disruption in services across hospital systems in the US
7. Evolve Bank and Trust
About the victim:
evolve bank and trust data breach
Evolve is a financial services provider offering banking, payment, and other services. It is a leading personal banking provider in Arkansas and Tennessee.
Did Evolve bank and Trust get hacked?
The ransomware gang LockBit stole the personal data of over 76 million people, including their names, social security numbers, and contact information.
When it happened
May 2024
What did it cost
Records exposed – 7640112
6. Ticketmaster
About the victim:
Ticketmaster Data Breach
California based ticket sales and distribution company that operates in multiple countries globally.
Have Ticketmaster been hacked?
A hacking group named Shiny Hunters breached Ticketmaster’s defenses and stole data belonging to over 500 million people. The attack exposed 1.3 terabytes of data, including email, names, and payment information.
The group obtained 193 million ticket barcodes (worth $22.6 billion!), 440 email addresses, and 680 million order details.
When it happened
May 2024
How much money did MGM lose from the cyber attack?
Records exposed – 560000000
Ransom demanded – $8 million
5. Indonesia National Data Center
About the victim:
Indonesia National Data Center cyber attack
The Indonesian National Data Center is responsible for providing multiple services to citizens, including – checkpoint/immigration, resident permit, services, and passport services.
What happened
The hackers used BrainCipher, a LockBit 3 variant, to carry out the attack. The ransomware attack disrupted the services of more than 200 government agencies regionally and nationally. It delayed immigration services, causing long-term unavailability of automated kiosks.
When it happened
June 2024
Did ICBC pay ransom?
Disruption of services across 200 government agencies
4. NHS London
About the victim:
NHS London Cyberattack
Originally known as Viapath, NHS is a chain of healthcare organizations that resulted from a partnership between NHS trusts and SYNLAB UK & Ireland.
Has there been a cyber-attack on NHS?
The ransomware attack by a Russian group named Qilin had a considerable negative impact on patient care and pathological services. It impacted seven hospitals, forcing them to cancel 1134 preparations and 2194 outpatient appointments. Their hospitals were forced to cancel hundreds of surgical operations and appointments because of the ransomware attack. Over 400GB of confidential data was leaked to the dark web.
When it happened
June 2024
Did Boeing pay the ransom?
Records exposed- 300000000 patient interaction information
400 GB of confidential data leaked to the dark web
Ransom demanded – $50,000,000
3. City of Columbus
About the victim
The City of Columbus is a public services organization that provides citizens of Ohio services, from payment of utilities and employment services to waste recycling.
What happened
A ransomware gang attacked Ohio’s public services and stole 6.5 TB of personal and financial information, including video camera feeds and other sensitive information. The attackers also published 45% of stolen data.
When it happened
July 2024
What did it cost
Records exposed – 500000
2. Japanese Port Nagoya
About the victim
The Nagoya port is the largest and busiest port in Japan, with more than two million containers handled every year. It is also a reliant port for Toyota one of the biggest automobile manufacturers.
The attackers encrypted vital port operational data.
What happened
Attackers targeted the port’s central system that controlled the port’s terminals – Nagoya Port Unified Terminal System (NUTS) by exploiting its vulnerabilities. They encrypted the port’s operational and other sensitive information.
When it happened
April 2024
What did it cost
Records exposed – 34000000
Widespread delay in logistics
Massive financial loss for the port
1. Starbucks
About the victim
BlueYonder was a supply chain management software provider for Starbucks, Sainsbury’s, Best Buy, Kimberly-Clark, Morrisons, and Walgreens.
What happened
The attack on Blue Yonder severely impacted the businesses that used its supply chain services in the US and the UK. It caused a significant outage of the backend processes at Starbucks, forcing the company to fall back to pen and paper for its payroll and employee scheduling.
When it happened
November 2024
What did it cost
Records exposed – 680 GB
Disruption of payroll and employee scheduling processes