{"id":93287,"date":"2024-10-29T12:12:26","date_gmt":"2024-10-29T04:12:26","guid":{"rendered":"https:\/\/version-2.com.sg\/?p=92733"},"modified":"2024-10-29T12:50:21","modified_gmt":"2024-10-29T04:50:21","slug":"recent-ransomware-attacks-in-2024","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2024\/10\/recent-ransomware-attacks-in-2024\/","title":{"rendered":"Recent Ransomware Attacks in 2024"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

After several notorious ransomware gangs were knocked out by law enforcement in 2023, ransomware attacks are on the rise again and soaring to all-time highs in 2024. Many gangs quickly reorganized and reformed, with leaders launching new platforms and expanding their web of bad actors.\u00a0<\/p>

Ransomware attacks are bigger and bolder than ever this year, but even as attackers focus on new targets, small- and medium-sized enterprises (SMEs) remain under threat<\/a>. With security breaches and ransom prices surging, it\u2019s critical to stay on top of the latest attack tactics, gangs, and news. Let\u2019s see who\u2019s behind the most damaging ransomware attacks this year, and how you can protect your network, customers, and co-workers.\u00a0<\/p>

Recent Ransomware Attacks In 2024<\/h2>

This year ransomware is on pace to cause over $40 billion in losses for organizations in the U.S. Ransoms, lost productivity, and system outages all factor in the equation. And large-scale breaches involving ransomware<\/a> are not a phenomenon of 2024 at all. But even worse, people\u2019s lives are increasingly put at risk by malicious attackers. These are some of the most alarming attacks of 2024.<\/p>

September 2024<\/h3>

NHS London: <\/strong>Qilin ransom gang unleashed an attack that compromised the data of almost 1 million National Heathcare System patients in London hospitals. The attackers published personal information about patients with sensitive medical conditions like cancer and sexually transmitted diseases.<\/p>

Stillwater Mining Company: <\/strong>In September, Stillwater company officials discovered the personal information of over 7,000 employees had been stolen using RansomHub RaaS (Ransomware as a Service). The attack first happened over the summer, but it took Stillwater months to catch on to the breach.<\/p>

Kawasaki Motors Europe:<\/strong> RansomHub was also behind a major attack on Kawasaki\u2019s European offices. Kawasaki swiftly shut its servers down to isolate the issue and perform recovery operations. RansomHub claims to have stolen almost 500 GB of data.<\/p>

August 2024<\/h3>

City of Columbus, OH:<\/strong> Rhysida ransom group stole a massive 3TB of data from the City of Columbus, including sensitive employee records and data. After the city refused to meet Rhysida\u2019s ransom price all the data was dumped onto the dark web.<\/p>

Sumter County, FL Sheriff: <\/strong>Rhysida hit another government target, breaching the Sheriff\u2019s Office systems and potentially compromising 150,000 citizens. Passports, SSNs, and other data was stolen. Rhysida demanded a payment of 7 bitcoin (worth almost half a million dollars).<\/p>

Keytronic: <\/strong>Electronics manufacturing firm Keytronics reported losing over $17 million due to a ransomware attack by Black Basta, that disrupted production and office operations at its facilities in the U.S. and Mexico.<\/p>

July 2024<\/h3>

Disney: <\/strong>NullBulge Group stole 1TB of data from Disney\u2019s internal Slack platform and leaked it online. The breach included unreleased Disney projects, concepts, artwork, and code. The hackers asserted they were acting in the name of \u201cartists\u2019 rights.\u201d<\/p>

AT&T: <\/strong>Hacker group ShinyHunters stole metadata from all call logs and texts made by AT&T customers over a six-month period in 2022.<\/p>

Rite Aid Pharmacy:<\/strong> Over 2.2 million patients were compromised by RansomHub attackers that posed as Rite Aid employees to steal their data. RansomHub threatened to leak personal information, ID numbers, and driver\u2019s license information obtained from Rite Aid.\u00a0<\/p>

June 2024<\/h3>

Panera Bread:<\/strong> An attack by an unknown group interrupted service on Panera\u2019s website, app, phone systems, and POS systems. Thousands of employee social security numbers and other personal information was also stolen in a major data breach. Internal sources indicate Panera succumbed to the attackers\u2019 demands, paying an undisclosed ransom.<\/p>

Pandabuy: <\/strong>Giant Chinese shopping platform Pandabuy paid a ransom to prevent stolen customer data from being leaked \u2014 but then the hackers immediately demanded another ransom. The ongoing conflict resulted in 3 million rows of customer data being leaked onto BreachForums.<\/p>

Cleveland, OH: <\/strong>An unknown hacking group forced Cleveland City Hall to temporarily shut down due to a ransomware attack that debilitated city computer systems.<\/p>

CDK Global:<\/strong> BlackSuit ransomware caused a major IT outage that wreaked havoc on thousands of car dealerships in North America. CDK struggled to restore services to the dealers effectively or in a timely manner, forcing them to pay the ransom so auto dealers could get back online.<\/p>

May 2024<\/h3>

Wichita, KS:<\/strong> Several government services were shut down to prevent a malware attack from spreading across its entire network. LockBit was responsible for the attack that disrupted payment systems and brought flight operations to a halt at the Wichita airport.<\/p>

Ascension Health: <\/strong>An \u201chonest mistake\u201d led to a disruption of clinical operations at one of the largest Catholic health providers in the U.S. Black Basta was behind an attack that launched after an employee mistakenly downloaded a malicious file.<\/p>

Ohio Lottery:<\/strong> 500,000 people were affected by an attack on the Ohio State Lottery. Hacker group DragonForce took credit, and said they gained access to employee and player data including contact information, birthdates, winnings, and social security numbers.<\/p>

Ticketmaster:<\/strong> ShinyHunters stole credit card details, contact and personal information from over 550 million Ticketmaster\/Live Nation customers. The group put the data up for sale on the dark web, priced at half a million dollars.<\/p>

Aril 2024<\/h3>

Omni Hotels: <\/strong>Daixin ransomware launched an attack that took down Omni Hotels\u2019 network nationwide and impacted reservations, hotel room locks, and POS systems. Daixin posted screenshots of sensitive stolen data from over 3.5 million Omni guests.<\/p>

Group Health Cooperative (Wisconsin): <\/strong>A BlackSuit data breach stole personal and medical documents from more than 500,000 patients. Systems were shut down for several hours as internal IT teams worked to contain the attack.\u00a0<\/p>

United Nations Development Programme: <\/strong>UN systems were breached by 8Base, disrupting UN operations in Copenhagen. During the attack 8Base claimed to steal massive amounts of confidential information, including accounting records, contracts, invoices, and other official documents.<\/p>

UnitedHealth Group: <\/strong>BlackCat ransom group, also known as ALPHV, stole 6TB of sensitive patient data. United Health stated the breach caused more than $800 million in financial damages \u2014 in addition to meeting BlackCat\u2019s demands for a $22 million ransom.<\/p>

March 2024<\/h3>

Duvel Brewery: <\/strong>Beer production was brought to a halt at one of Belgium\u2019s largest breweries after a ransomware attack by Stormous.<\/p>

Crinetics Pharmaceuticals: <\/strong>Internal IT teams uncovered suspicious activity in an employee account \u2014 but by the time they had isolated the threat, LockBit posted that they\u2019d breached Crinetics systems and stolen major amounts of data. LockBit demanded a $4 million ransom.<\/p>

MarineMax: <\/strong>Rhysida ransomware struck the world\u2019s largest luxury yacht dealer, stealing financial information and company records as well as information from a database of the world\u2019s wealthiest customers. Rhysida put the data up for sale for the price of 15 bitcoin.<\/p>

February 2024<\/h3>

Lurie Children\u2019s Hospital: <\/strong>The Chicago children\u2019s hospital had to take IT systems offline and was forced to delay care for many of its patients. Rhysida set a price of $3.7 million for 600GB of data that may include as many as 200,000 patients. After Lurie refused to meet the price, the data was leaked online.<\/p>

California SEIU 1000:<\/strong> A union that represents 100,000 California workers suffered network outages after an attack by LockBit. The ransomware gang stole employee SSNs, financial documents, and salary information.<\/p>

Trans-Northern Pipelines: <\/strong>The Canadian petroleum pipeline operator was hit by a ALPHV ransomware attack. Trans-Northern said their security teams quickly isolated the incident without major issues, but ALPHV claims to have stolen almost 190GB of company data and documents.<\/p>

January 2024<\/h3>

Fulton County, GA: <\/strong>A LockBit attack crippled Fulton County government systems for weeks, causing problems for utilities, court, and tax networks. Everything from marriage licenses to police operations were affected, and many offices had to resort back to using paper forms during the outage. LockBit claimed they gained access to \u201cconfidential documents\u201d and threatened to leak them.<\/p>

loanDepot:<\/strong> An unknown group disrupted payment systems that disrupted mortgage payments for millions of loanDepot customers. The hackers also stole the data of over 16 million customers, potentially including bank account information.\u00a0<\/p>

Bucks County, PA:<\/strong> Hackers knocked out 911 terminals inside fire, police, and emergency vehicles in a Pennsylvania county home to 650,000 residents. The National Guard was brought in to assist with emergencies as the county attempted to resolve the issue.<\/p>

Schneider Energy: <\/strong>Cactus ransomware stole terabytes of company data in a breach. The attack compromised over 2,000 enterprise clients including Walmart, PepsiCo, Hilton, and DuPont. It\u2019s unknown whether ransom demands were met.\u00a0<\/p>

Notable Ransomware Groups<\/strong><\/h2>

Even after coordinated federal and international crackdowns, ransomware gangs are as powerful as ever. Groups that were previously broken up emerged under new criminal organizations, and newer gangs rose to prominence in some of the highest-profile attacks of the year. These are a few of the most dangerous names in ransomware.\u00a0<\/p>

LockBit <\/strong>is a Russian gang with global reach that roared back with a vengeance in 2024 after suffering a defeat when law enforcement took down its platform. LockBit provides RaaS (Ransomware as a Service) and has been the most deployed ransomware since 2022. Because of LockBit\u2019s popularity, attacks can vary greatly in tactics and techniques.<\/p>

ALPHV\/BlackCat <\/strong>was formed after a gang known as BlackMatter\u2019s servers were taken down by a sting in 2021. ALPHV makes some of the most technically advanced ransomware out there, capable of evading even the top cybersecurity systems. They\u2019re thought to have the most experienced and tech savvy network of affiliates, and attack both Windows and Linux systems. ALPHV is one of the only ransom gangs to use a \u201ctriple extortion\u201d technique leveraging stolen data, encryption, and denial of service attacks.<\/p>

Rhysida <\/strong>is a fast-rising, aggressive ransomware gang responsible for some of the most damaging attacks in 2024. Rhysida\u2019s malware was initially considered to be novice, but it rapidly became more elaborate and difficult to detect. Rhysida has led the offensive against healthcare systems and government offices.<\/p>

Hunters International<\/strong>, ShinyHunters<\/strong>, 8Base<\/strong>, and BlackSuit<\/strong> are other established ransomware gangs that thrived in 2024. DragonForce<\/strong> and RansomHub<\/strong> are newer names emerging as more formidable threats this year.<\/p>

Latest Ransomware Trends<\/h2>

Several ransomware trends took hold this year, with attackers focusing on bigger targets and demanding bigger payouts to match. Attacks on infrastructure became more common \u2014 attackers went hard after healthcare systems, government offices, and supply chain vendors.<\/p>

Like everyone else, hackers increasingly deployed AI to help them carry out attacks. AI allows malware to adapt in real time to evade security, or can be used to clone voices, email, or other communications to make phishing seem more legit.<\/p>

Ransomware as a Service continued to grow in popularity, as ransomware providers made their platforms more accessible to bad actors with fewer technical skills. Ransomware also got more sophisticated across the board, taking advantage of zero-day vulnerabilities more frequently and utilizing remote access tools to improve the effectiveness of attacks.<\/p>

As always, phishing attacks<\/a> on individual employees were one of the most effective ways for ransomware gangs to exploit systems. Attackers often breached security through individuals in BYOD situations or on SaaS cloud platforms with fewer safeguards.<\/p>

With ransomware becoming more accessible and sophisticated, it\u2019s predicted that attacks will only get more frequent \u2014 and more disruptive \u2014 as we head into 2025.<\/p>

Ransomware Prevention and Protection<\/h3>

Ransomware can be tough to defend against because it can infiltrate an entire network through just one user. The more you can do to protect your users and network, the better chance you\u2019ll have to successfully fend off bad actors.<\/p>

Best Practices for Preventing Ransomware<\/h3>

These are some tried-and-true methods to help prevent a ransomware attack and keep your network running securely.<\/p>