The 5 Biggest Ransomware Attacks of 2024

In 2024, we saw a huge spike in ransomware attacks, with cybercriminals going after high-value targets and causing major disruptions. On average, the ransom demands in the first half of the year shot up to more than $5.2 million, showing just how costly these attacks have become.

The number of attacks also increased quite a lot. For instance, the total number of disclosed attacks for July and August was 131, marking a 35% increase compared to the same period in 2023. By mid-year, total ransomware payments had surged to $459.8 million.

In this article, we’ll dive into the five biggest ransomware attacks of 2024, looking at their impact and the damage they caused.

On February 21, 2024, BlackCat/ALPHV launched a massive ransomware attack on Change Healthcare, a division of UnitedHealth Group, affecting over 100 million people. This incident became the largest healthcare breach in American history to date.

The attackers initially gained access by exploiting a Citrix portal account that didn’t have multi-factor authentication. Once inside, they spent nine days moving around undetected and stealing data before unleashing ransomware. This attack disrupted over one hundred applications across various healthcare services.

Even though UnitedHealth Group paid a $22 million ransom in cryptocurrency to try to resolve the situation, things got worse when the RansomHub group attempted another extortion. The overall financial impact was huge, with direct damages totaling over $800 million and costs expected to surpass $2.457 billion.

In June 2024, the BlackSuit ransomware group hit CDK Global, a well-established software provider for auto dealers with a serious attack. This caused disruptions for thousands of dealerships across North America, showing just how damaging ransomware can be to large-scale operations and important supply chains.

The attackers demanded 387 Bitcoin, which was about $25 million at the time, but the funds were never recovered.

The collective losses for the affected dealerships were estimated to be around $1 billion, making this one of the most expensive ransomware attacks of the year.

In September 2024, the RansomHub ransomware group leaked 487 gigabytes of data allegedly stolen from Kawasaki Motors Europe (KME). Kawasaki initially disclosed the attack themselves, claiming it had not been successful.

However, despite Kawasaki’s preventive measures, including temporarily isolating servers and initiating a “cleansing process,” RansomHub went ahead with the data release. The leaked information included business documents, financial information, banking records, dealership details, and internal communications.

Exposed files were organized in directories titled “Dealer Lists,” “Financing Kawasaki,” “COVID,” and “Trading Terms,” with timestamps showing activity as recent as early September.

In late November 2024, Starbucks faced a disruption when its third-party vendor, Blue Yonder, became the target of a ransomware attack. This incident, attributed to the Termite ransomware group on December 9, 2024, severely impacted the company’s internal systems, particularly those responsible for employee scheduling and payroll, across 11,000+ stores in North America.

The attack left Starbucks’ digital processes for managing staff schedules and payroll completely nonfunctional, forcing store managers to temporarily switch to manual processes. Shift planning and tracking work hours had to be done the old-fashioned way—pen and paper became the tools of the moment.

In response, Starbucks provided clear guidance to store leaders and managers on how to navigate the manual systems to ensure employees were paid accurately and on time. These interim solutions were key in keeping operations running and supporting staff during the recovery phase.

In June 2024, the Qilin ransomware group targeted NHS London, compromising the data of nearly one million National Healthcare System (NHS) patients. The attack severely impacted major London hospitals, including King’s College Hospital, Guy’s and St Thomas’, the Royal Brompton, and Evelina London Children’s Hospital.

The incident led to the cancellation of over eight hundred planned operations and seven hundred outpatient appointments in the first week alone. The attackers exploited vulnerabilities in Synnovis, an NHS supply chain provider of laboratory services.

They not only encrypted vital information but also stole sensitive patient data, including details about individuals with cancer and sexually transmitted diseases. The attack caused disruptions to blood transfusions and test results, forcing staff to resort to paper-based methods and slowing down operations considerably.

In 2024, ransomware groups made it clear that no sector is safe from these types of threats. A massive 78% of organizations that were attacked in 2023 found themselves targeted again in 2024, with 63% of them facing even higher ransom demands the second time around.

BlackFog  takes a new approach to preventing ransomware by stopping threats at their source—unlike most tools, which only detect threats after they’ve already infiltrated your network. Rather than having teams monitor and respond to events, BlackFog provides fully automated 24/7 protection from cyberattacks in real-time.

Don’t let a breach throw your business off course. Protect your operations with BlackFog’s advanced ADX technology and enjoy both security and peace of mind. Want to learn more? Explore the details now.