Top 10 ransomware attacks of 2024

11 Feb 2022

The threat of ransomware has become a primary cause of worry, threatening organizations of their data, operations, and gravely impacting their reputation.

 

In 2024, ransomware has threatened industries, with ransomware attacks severely impacting healthcare, manufacturing, financial, technological, and educational sectors.

 

In 2025, cybercriminals will leverage AI and ML to amplify their terror through undetectable tactics and improved performance. Businesses will have to proactively secure their most precious information assets and take measures for early detection and response to threats.

 

Let us explore some of the most prominent ransomware attacks throughout 2024-2025, but first, let us look at some facts that reflect the negative impact of ransomware on businesses

 

(source – security intelligence, Malwarebytes and Threatlabz).

 

  • The highest ransom paid was paid to the Devils angels ransomware group amounting to $75 million!
  • There was a 67% rise in ransomware attacks in UK and 63% rise in ransomware attacks in the US
  • The average ransom demanded in 2024 was $2.73 million
  • 22.1% of all the ransomware attacks were carried out by Lockbit ransomware
Ransomware group  Number of victims  Top industries targeted by ransomware attack 
LockBit  988  Manufacturing 
BlackCat  410  Healthcare 
8Base  352  Technology 
Play  345  Education 
Clop  291  Financial Services 

Top ransomware attacks of 2024

10. LoanDepot

 

About the victim:

loandepot cyber attack

 

LoanDepot is one of the largest lenders based in California. It offers various services and fix rate and adjustable rate mortgage products.

 

Was there a data breach at loanDepot?

 

The attack exposed the sensitive personal information of over 16 million people. It included names, addresses, phone numbers, dates of birth, etc.

 

The attackers asked for 6 million for a decryptor and sold the data upon the failure of negotiations. The attack forced the company to take its systems offline, delaying online services for its mortgage customers.

 

When it happened

January 2024

 

What did it cost

Records exposed – 16924071

 

Delay of online services for mortgage customers

 

9. Change Healthcare

 

About the victim:

change healthcare cyber attack update

 

Change Healthcare is a payment and revenue cycle management solutions provider for the U.S. healthcare system. The company serves as one of the largest financial and administrative information exchanges.

 

What happened

Russian ransomware gang named ALPHV/BlackCat attacked Change Healthcare in February 2024, causing a massive negative impact on its operations and the healthcare facilities and pharmacies connected to it. Healthcare providers and pharmacies faced a challenge processing insurance and prescriptions. It caused one of the largest data exposures in history!

 

When it happened

February 2024

 

What did it cost

Records exposed – 100 million people

 

Disruption in operations in multiple healthcare facilities and pharmacies

 

8. Ascension Healthcare

 

About the victim:

Ascension Healthcare cyberattack

 

Ascension Healthcare is a US-based healthcare services provider with more than 140 hospitals and 13+ senior living facilities.

 

How did the Ascension cyber attack happen?

Hackers stole the personal and healthcare information of more than 5.6 million patients. The attack caused widespread disruption of services across the hospital system.

 

When it happened

May 2024

 

What did it cost

Records exposed – 5.6 Million Patients

Disruption in services across hospital systems in the US

 

7. Evolve Bank and Trust

 

About the victim:

evolve bank and trust data breach

 

Evolve is a financial services provider offering banking, payment, and other services. It is a leading personal banking provider in Arkansas and Tennessee.

 

Did Evolve bank and Trust get hacked?

The ransomware gang LockBit stole the personal data of over 76 million people, including their names, social security numbers, and contact information.

 

When it happened

May 2024

 

What did it cost

Records exposed – 7640112

 

6. Ticketmaster

 

About the victim:

Ticketmaster Data Breach

 

California based ticket sales and distribution company that operates in multiple countries globally.

 

Have Ticketmaster been hacked?

A hacking group named Shiny Hunters breached Ticketmaster’s defenses and stole data belonging to over 500 million people. The attack exposed 1.3 terabytes of data, including email, names, and payment information. 

 

The group obtained 193 million ticket barcodes (worth $22.6 billion!), 440 email addresses, and 680 million order details.

 

When it happened

May 2024

 

How much money did MGM lose from the cyber attack?

Records exposed – 560000000

Ransom demanded – $8 million

 

5. Indonesia National Data Center

 

About the victim:

Indonesia National Data Center cyber attack

 

The Indonesian National Data Center is responsible for providing multiple services to citizens, including – checkpoint/immigration, resident permit, services, and passport services.

 

What happened

The hackers used BrainCipher, a LockBit 3 variant, to carry out the attack. The ransomware attack disrupted the services of more than 200 government agencies regionally and nationally. It delayed immigration services, causing long-term unavailability of automated kiosks.

 

When it happened

June 2024

 

Did ICBC pay ransom?

Disruption of services across 200 government agencies

 

4. NHS London

 

About the victim:

NHS London Cyberattack

 

Originally known as Viapath, NHS is a chain of healthcare organizations that resulted from a partnership between NHS trusts and SYNLAB UK & Ireland.

 

Has there been a cyber-attack on NHS?

The ransomware attack by a Russian group named Qilin had a considerable negative impact on patient care and pathological services. It impacted seven hospitals, forcing them to cancel 1134 preparations and 2194 outpatient appointments.  Their hospitals were forced to cancel hundreds of surgical operations and appointments because of the ransomware attack. Over 400GB of confidential data was leaked to the dark web.

 

When it happened

June 2024

 

Did Boeing pay the ransom?

Records exposed- 300000000 patient interaction information

400 GB of confidential data leaked to the dark web

Ransom demanded – $50,000,000

 

3. City of Columbus

 

About the victim

The City of Columbus is a public services organization that provides citizens of Ohio services, from payment of utilities and employment services to waste recycling.

 

What happened

A ransomware gang attacked Ohio’s public services and stole 6.5 TB of personal and financial information, including video camera feeds and other sensitive information. The attackers also published 45% of stolen data.

 

When it happened

July 2024

 

What did it cost

Records exposed – 500000

 

2. Japanese Port Nagoya

 

About the victim

The Nagoya port is the largest and busiest port in Japan, with more than two million containers handled every year. It is also a reliant port for Toyota one of the biggest automobile manufacturers.

 

The attackers encrypted vital port operational data.

 

What happened

Attackers targeted the port’s central system that controlled the port’s terminals – Nagoya Port Unified Terminal System (NUTS) by exploiting its vulnerabilities. They encrypted the port’s operational and other sensitive information.

 

When it happened

April 2024

 

What did it cost

Records exposed – 34000000

Widespread delay in logistics

Massive financial loss for the port

 

1. Starbucks

 

About the victim

BlueYonder was a supply chain management software provider for Starbucks, Sainsbury’s, Best Buy, Kimberly-Clark, Morrisons, and Walgreens.

 

What happened

The attack on Blue Yonder severely impacted the businesses that used its supply chain services in the US and the UK. It caused a significant outage of the backend processes at Starbucks, forcing the company to fall back to pen and paper for its payroll and employee scheduling.

 

When it happened

November 2024

 

What did it cost

Records exposed – 680 GB

Disruption of payroll and employee scheduling processes

Get in Touch With us

Complete Visibility, Continuous Monitoring & Advanced Threat Protection with AI-backed Incident Remediation.

LEARN MORE