Ransomware made major headlines in 2024, from the massive Change Healthcare attack to the creative takedown of the notorious LockBit ransomware-as-a-service gang.
Ransomware in 2024 was defined by several key moments, from an attack against a healthcare software giant to the takedown of a leading ransomware-as-a-service gang.
The ransomware-related event that reached furthest outside the tech sphere was the attack against healthcare payment management provider Change Healthcare at the hands of the Alphv/BlackCat ransomware group. The attack, which began on Feb. 21, was significant enough that it affected the ability for pharmacies and hospitals to issue prescriptions over a matter of days. The scale went much wider; parent company UnitedHealth Group CEO Andrew Witty estimated that one-third of Americans were impacted as a result of the attack.
Another significant moment came in the form of Operation Cronos, an international law enforcement operation led by the U.K.'s National Cyber Security Center dedicated to the disruption and dismantlement of prolific RaaS group LockBit. In addition to typical disruption activities -- seizing servers, obtaining decryption keys and making a number of arrests -- Operation Cronos published a rebranded version of LockBit's dark web leak site with press releases, leaked information and, eventually, the identity of the alleged ring leader, known as LockBitSupp.
Ransomware in 2024 was also marked by aggressive threat actors willing to target any potential victim organization or individual to get a payout. This is a far cry from the early days of the COVID-19 pandemic when threat actors like Maze ransomware pledged to not attack healthcare organizations. Even if these pledges never held much water, it's a striking contrast to the ransomware landscape today, wherein gangs such as Akira aggressively target healthcare.
SearchSecurity editors Rob Wright, Alex Culafi and Arielle Waldman look back on ransomware in 2024 on this episode of the Risk & Repeat podcast.