The year 2024 marked a catastrophic milestone in cybersecurity, defined by record-breaking ransomware attacks that crippled essential services and exposed the sensitive data of hundreds of millions globally. While law enforcement achieved rare tactical victories—such as the disruption of the LockBit gang and the takedown of the Radar operation—extortion groups responded with unprecedented frequency and technical sophistication.
January: Infrastructure and Data Under Siege
LoanDepot
The year began with a massive blow to the financial sector. Mortgage giant LoanDepot suffered a ransomware attack that forced a total shutdown of internal systems. The breach exposed the personal data of over 16 million individuals, leaving customers unable to access accounts or process payments for weeks.
Fulton County
In Georgia, the LockBit gang targeted Fulton County, paralyzing courts, tax systems, and government communication lines. Despite the hackers leaking confidential documents, security experts suggest that much of the stolen data was likely lost when U.S. and U.K. authorities seized LockBit’s servers shortly after the attack.
Southern Water
The U.K. utility provider confirmed a data theft incident involving the Black Basta ransomware group. The breach compromised the personal information of over 470,000 customers, underscoring the vulnerability of critical infrastructure.
February: The Largest Healthcare Breach in History
Change Healthcare
The attack on UnitedHealth-owned Change Healthcare remains the most significant medical data breach in U.S. history. The ALPHV gang reportedly received a $22 million ransom payment, only for the group to vanish and leave the contractor to demand further payment. By October, UnitedHealth confirmed that at least 100 million people had their sensitive medical and health records exposed.
March: Hospitality Disrupted
Omni Hotels
Omni Hotels & Resorts faced widespread outages after an intrusion by the Daixin gang. The breach impacted approximately 3.5 million customer records, forcing the chain to take systems offline to contain the threat.
June: Banking and Healthcare Emergencies
Evolve Bank
The banking-as-a-service provider Evolve Bank was targeted by LockBit, impacting numerous fintech partners like Wise and Mercury. The breach resulted in the theft of Social Security numbers and bank account details for at least 7.6 million people.
Synnovis
A ransomware attack on Synnovis caused a national healthcare crisis in the U.K. The Qilin gang leaked 400 gigabytes of data, involving 300 million patient interactions. The fallout forced the NHS to cancel surgeries and issue urgent appeals for blood donors.
July: Municipal Systems Compromised
Columbus, Ohio
The Rhysida gang, known for its previous attack on the British Library, stole 6.5 terabytes of data from the city of Columbus. The breach exposed the Social Security numbers, bank details, and identification documents of roughly 500,000 residents.
September: Transit Authority Lockdown
Transport for London
The Russia-linked Clop gang targeted Transport for London’s corporate network. While transit operations remained functional, 5,000 customers had banking data stolen, and the authority was forced to manually reset credentials for 30,000 employees.
October: Corporate Espionage
Casio
Electronic manufacturer Casio confirmed that the Underground ransomware group rendered its systems unusable, causing massive logistics delays. The breach included sensitive HR files, invoices, and the personal information of employees and business partners.
November: Supply Chain Contagion
Blue Yonder
A ransomware attack on supply chain software provider Blue Yonder rippled across the retail sector, affecting giants like Morrisons, Sainsbury’s, and Starbucks. The Clop and Termite gangs claimed to have exfiltrated 680 gigabytes of corporate documentation and email lists.
December: Continued Healthcare Targeting
NHS Hospitals
The year closed with further attacks on the NHS. The Inc Ransom gang claimed to have compromised Alder Hey Children’s Hospital and Wirral University Teaching Hospital, exfiltrating patient records and donor reports.
Artivion
Medical device manufacturer Artivion confirmed a cybersecurity incident involving the encryption and acquisition of data. The company preemptively took systems offline to mitigate the breach, ending a year defined by relentless ransomware activity.