Top 10 ransomware attacks (2024 edition)

Home » Blog » Top 10 ransomware attacks (2024 edition)

Top 10 ransomware attacks (2023-2024)

What is ransomware?

It is a form of external attack where the cybercriminal uses malware or engages in any other form of cyber attack to steal vital company information or lock up their network control and demands a ransom amount in exchange. The information stolen can be either personal, financial, or other sensitive information. 

Why is it worrying organizations globally?

The biggest concern surrounding ransomware attacks is the inability of organizations to recover data and sensitive information that is lost and isn’t restored/unlocked despite the payment of ransom to perpetrators. Over 70% of companies have ended up paying ransom to recover their sensitive data and restore their networks to function back to normal. 

Biggest ransomware ever paid

Ransomware payments can be highly damaging monetarily to businesses. One of the highest-demanded ransoms was by a ransomware group Evil Corp to CNA Financial in 2021 of around $60 million!

The sector paying the most ransomware

Among all the sectors, the manufacturing sector had the highest average ransom payment of $20,36,189 compared to $8,12,360 in other sectors. 

2022 has been a year with many ransomware attacks with over 2.3 billion attacks worldwide. 

Let us take a look at some of the deadliest ransomware attacks that shook the world.


About the victim: Yum Brands Ransomware Attack

Yum Brands is the parent company behind some of the top food companies in the world including the KFC, Pizza Hut and Taco Bell.  

What happened

The company was targeted by a ransomware attack which impacted around 300 restaurants in the UK, forcing closure of many of its units and compromising personal data of many of its customers and employees.  

When it happened

January 2023

What did it cost

  • Compromise of personal data of employees in the US  
  • Impact on operations across 300 restaurants 

9. U.S. Marshals Service

About the victim: U.S. Marshals Service Ransomware Attack

The US Marshals Service is a federal law enforcement agency that was established to execute federal enforcement operations including the locating, arresting and transfer of federal fugitives and management of criminal assets.  

What happened

The government agency fell victim to a massive cyber attack that disrupted USMS’ system which was used to conduct most of its digital operations. The attackers gained access to sensitive PII information of staff, fugitives, and third parties.   

When it happened

February 2023 

What did it cost

  • Loss of sensitive PII data of law enforcement staff, fugitives and third parties 
  • Disruption of USMS’ investigative operations  

8. GoAnywhere MFT 

About the victim: GoAnywhere MFT Data Breach

More than 130 organizations including Proctor & Gamble, Community Health Systems (U.S), and Hatch Bank  

What happened

Organizations using Forta’s GoAnywhere MFT (Managed File Transfer) software were attacked by Cl0p ransomware group through exploitation of zero-day vulnerabilities and their information assets worth millions were stolen. 

When it happened

February 2023 

What did it cost

  • 1200 assets hosted on GoAnywhere MFT servers 
  • Information assets of big companies were stollen including those of Hitachi Energy. P&G, Crown resorts, Community Health care services 

7. MOVEit

About the victim: MOVEit vulnerability

2000+ organizations including government agencies, BBC, British Airways, US Department of Energy and Shell 

What happened

Hackers from Clop group exploited the vulnerability in MOVEit a file transfer software. stealing information asset of 60 million victims across 2000 organizations exposed 

When it happened

May 2023

What did it cost

  • Information of more than 60million victims 
  • Damages worth $9.93 billion 

6. MGM Resorts International

About the victim

MGM Resorts International is a United States based hospitality and entertainment company that is known for its unique real estate and hospitality operating the largest casino in the country.  

What happened

MGM was attacked by a ransomware group called Scattered Spider that used a ransomware-as-a-service by BlackCat that caused a disruption in multiple services and operations including non-functioning of machines at the casino, leading to major losses due to damages for the company.  

When it happened

September 2023 

How much money did MGM lose from the cyber attack?

  • Theft of credentials and sensitive personal data  of previous customers (before 2019) that includes their contact information, driving license number and social security numbers.  
  • Estimated loss from damages caused by the attack is $100 million  

5. ICBC Bank

About the victim: ICBC ransomware attack

Industrial and Commercial Bank of China (ICBC) is China’s largest bank.  Since its establishment in 1984, it has been known to have built its reputation for its qualitative services.  

Who hacked ICBC bank?

The bank’s US financial services division was hit by a ransomware attack leading to disruption to its major operations. The attack was carried out by LockBit, one of the most dangerous ransomware groups in the world. The attack not only caused disruption in the services of the bank but also trades in US Treasury market. The bank was forced to payout the ransom to recover their locked information assets.  

When it happened

November 2023

Did ICBC pay ransom?

  • The bank had to lend $9 billion to pay ransom and settle trades  
  • Massive disruption in the bank’s services affecting  


About the victim Cyber Attack

Boeing is a global aerospace company that is known for its commercial jetliners and defense space and security systems.  

What happened

Boeing was targeted by one of the world’s most dangerous ransomware groups LockBit that targeted its distributions and parts businesses. The attackers stole sensitive data of customers, employees and other information which they threatened to publish in case Boeing didn’t pay the ransom that was demanded.  

When it happened

November 2023 

Did Boeing pay the ransom?

  • 50GB of sensitive information stolen including training material, list of technical suppliers of the company, and sales reports.  
  • Experts speculate that Boeing had an undisclosed negotiation with LockBit  

3. UnitedHealth subsidiary Change Healthcare

About the victim

Change is a UnitedHealthcare Services subsidiary that processes healthcare transactions worth $15 billion containing patient records of one third of the patients in the US.  

What happened

A ransomware group known as BlackCat/ ALPHV hacked into UnitedHealth’s servers and gained access to their systems, disrupted their operations, and stole and encrypted most of their sensitive healthcare, personal and financial information. Due to massive disruption in operations UnitedHealthcare had to pay a ransom to get their systems back running and recover their encrypted data.  

When it happened

February 2024 

What did it cost

  • UnitedHealthcare paid a ransom of $22million 
  • Massive disruption in operations across hospitals and pharmacies across the United States 
  • Financial damages faced by 94% of hospitals and 60% of them facing revenue loss  
  • 74% reported patient care set back 
  • United Healthcare reported projected loss of $870 million for Q1 of 2024 and total up to $1.6 billion for the year 


About the victim: omni hotels cyberattack

Omni Hotels is a renowned hotel chain group based in United States it operates around 51 properties across United States and Canada with a workforce of more than 14000 people.  

What happened

Omni Hotels was targeted by a ransomware group called Daixin which has stolen their customer records from 2017 onwards. The attack has caused outages in services like reservation, point-of-sale  systems and impacted electronic door locks across multiple properties and loss of data of customers including their names, email addresses, postal addresses and also information about the hotel loyalty programs. 

When it happened

April 2024

What did it cost

  • Massive disruption in operations across different properties 
  • Estimated loss of 3.5 million records including personal information of their customers 


About the victim

The city government of Wichita, Kansas, United States  

What happened

The city government of Wichita became a victim to a ransomware attack that caused a massive disruption in its multitude of operations, affecting its services at large leaving residents unable to access its online services like viewing their records, court details and make payments.  The attackers have locked out information assets containing sensitive data of residents.  

When it happened

May 2024 

What did it cost

  • A disruption of services impacting more than 4,00,000 residents of Wichita 
  • Loss of sensitive personal data 

Do you want to learn more about ransomware recovery and prevention? Here is our blog on it: Ransomware Prevention or Recovery

We have seen some of the most dangerous ransomware attacks of 2022. Now let us take a look at some tips to protect ourselves individually from ransomware attacks. 

Some tips to defend against ransomware attacks

  • Update all the Operating systems regularly.
  • Create a regular backup of all of your systems and store them on cloud or an offline device.
  • Periodically update and patch all of your systems and software.
  • Plan and execute cybersecurity awareness training programs for all employees.
  • Ensure that there is a 24/7 SOC team empowered with EDR and SIEM for early detection and hunting of threats.
  • For better protection, it is essential to have some other form of email protection in place since most attacks start with a phishing email.
  • Run comprehensive cybersecurity assessments regularly through penetration testing for preemptive detection of anomalies and vulnerabilities within your IT infrastructure.
  • Integrate threat intelligence in your cybersecurity framework with firewall monitoring through SIEM for early detection of malicious activities and connections.
  • Restrict users connected to your network to install software, apply the principle of “least privilege”.
  •  Watch out for emails from unknown senders.
  • Avoid the usage of USBs and PMDs (portable media devices)
  • Encourage employees to download from trusted websites only.
  • Avoid the use of public WiFi networks.
  • Install anti-malware software.
  • Create a backup of all the sensitive data.

Wrapping it up

Ransomware attacks can cause a cascading effect on an organization’s operations and data security. This year has seen a huge rise in ransomware attacks with the evolution of attack methodologies and strategies deployed by threat actors. It has become even more important to have expertise in place that can improve your organization’s cybersecurity posture and protect it from even the most sophisticated cyber attacks. 

SharkStriker is a cybersecurity company with SOC running 24/7/365 across the globe. We possess the right amount of resources and expertise to tackle the most immediate cybersecurity needs of organizations. We blend human expertise with cutting-edge technology to deliver seamless cybersecurity services. 

All of our solutions integrate easily with most of the organization’s IT infrastructure, allowing us to cater to even the most sophisticated bottlenecks such as ransomware attacks with lightning-speed threat detection and response. 

We have a team of expert pen-testers, incident responders, and cybersecurity experts who are seasoned in the deployment of effective incident response plans, reconfigurations, patches, and rules to augment your organization’s cybersecurity readiness. 

Partner with us to experience the next-gen cybersecurity.


Complete Visibility, Continuous Monitoring
& Advanced Threat Protection with
AI-backed Incident Remediation.

Read More >

Latest Post