Recap of the Largest Ransomware Attacks in 2024
Hackers focused their efforts on ransomware in 2024, leading to a surge in ransom demands. “With nearly 439 million dollars paid out globally just in the first half of 2024 to ransomware operators, this number is expected to double by the end of the year.”
Preventing ransomware starts with monitoring all critical enterprise hosts, applications, devices, and databases for suspicious activity. Leveraging managed detection and response (MDR) services from ForeNova empowered the enterprise with a partner who is an expert in recognizing very early signs of ransomware and leveraging automated incident response to contain the attack before lateral propagation.
Interested in learning more about ForeNova’s NovaMDR service?
Click here to schedule a demo of this incredible service.
What Were the Top Ransomware Attacks in 2024 Globally?
Global financial institutions, national healthcare providers, and local manufacturers became ransomware victims in 2024. Hackers also exploited DeFi and smart contract platform vulnerabilities using email phishing to embed ransomware within the hosts, impacting the blockchain security model.
Another significant contribution to the rise in ransomware in 2024 continued with hackers adopting more adversarial artificial intelligence (AI) and machine learning (ML). Hackers leveraged AI to create well-crafted email phishing attacks, resulting in credential theft, malware embedding on host machines, and data exfiltration.
In 2024, there continued to be many ransomware attacks globally, with the average ransom amount per incident and total payout rising significantly.
1. VOSSKO – German Food Processing
VOSSKO was targeted with ransomware that encrypted its internal systems and databases. Although some operational processes were disrupted, the impacted operational technology systems and production were restored.
Following the incident, the internal IT team and several external experts collaborated to address the situation. Shortly after, the police and State Criminal Police Office, IT specialists, and forensic scientists also participated in the attack investigation.
2. Japan Port of Nagoya
“The ransomware attack on Japan’s busiest port encrypted vital data, disrupting operations and severely impacting cargo handling and customs processes, leading to shipment delays and a ripple effect in international trade.”
This port also suffered a similar cyberattack in 2013.
3. CDK – North American Car Dealerships
“CDK Global, a primary software provider for North American car dealerships, was hit by a BlackSuit ransomware attack, forcing dealerships to revert to manual processes for sales.“
This ransomware attack impacted registrations and transactions, along with disclosing customer information, including addresses, social security numbers, and financial data. The attack cost dealers across the country millions in lost car sales, along with countless lawsuits from dealerships against CDK.
Ultimately, CDK Global paid a $25 million ransom in cryptocurrency to gain access to their files.
4. Indonesia National Data Center
“The Brain Cipher ransomware group attacked Indonesia’s National Data Center, disrupting essential government services, including airport immigration processing.”
The incident encrypted sensitive data and halted operations, revealing the vulnerability of national infrastructure to advanced cyber threats. Indonesia, like other developing nations, continues to be a target of global hackers. These developing nations continue to struggle to upgrade their national and local computer systems with updated cybersecurity tools.
5. Latitude Financial Services – Australia
“Attackers stole 14 million records from Latitude Financial, including sensitive data.”
The company refused to pay the ransom, following Australian policies, believing it wouldn’t guarantee data recovery and could lead to more attacks. They focused on system restoration, customer outreach, and improving cybersecurity. Latitude did recover their data without having to pay the ransom.
6. Global Non-Profit Organization Easter Seals Supporting Orphans
A non-profit, Easter Seals, supporting orphans, was hit by ransomware, encrypting sensitive files like children’s photos and medical records. The attackers initially demanded a crippling ransom but reduced it upon realizing the organization’s non-profit status.
7. UK Military
“Cybercriminals breached the UK Ministry of Defence’s payroll system, compromising the sensitive personal information of 270,000 current and former military personnel.” Like attacks against the United States security clearance database system, UK military personnel’s home addresses, ID numbers, and other information became disclosed in this breach.
What Countries Faced the Most Impactful Ransomware Attacks in 2024?
Ransomware is a global cybersecurity problem. Several countries continue to report increases in ransomware attacks. Here is a breakdown of what countries faced the most ransomware attacks in 2024.
“In 2024, Europe experienced a 64% YoY increase in ransomware attacks, followed by Africa at 18%, while North America remains the hardest hit with 59%.”
Germany
“The BSI report highlights critical trends in Germany’s cybersecurity. Between mid-2023 and mid-2024, an average of 309,000 new malware variants were found daily, a 26% rise from the prior year.”
France
In 2024, 74% of organizations in France faced a cyberattack, down 11% from the prior year. In 2023, 97% of those affected restored their encrypted data.
Italy
According to data from Disline, based on the Clusit 2024 report, Italy experienced many ransomware attacks in 2024. There were 310 severe attacks, representing an increase of 65% compared to 2022, accounting for 11% of global attacks.
Key points about ransomware attacks in Italy in 2024:
- The overall number of severe attacks: 310
- Percentage of global attacks: 11%
- The increase compared to 2022: 65%
Africa
Ransomware and digital extortion are on the rise, with over half of African member countries reporting attacks against their critical infrastructure.
“1 out of every 15 organizations in Africa experienced a ransomware attempt weekly during the first quarter of 2023. This is even higher than the global weekly average.”
African member countries have taken positive steps to enhance their resilience to ransomware attacks. However, persistent challenges remain, notably in reporting attacks and paying ransoms.
What Sectors Were Impacted the Most by Ransomware in 2024?
Ransomware impacts every industry worldwide. Here are the top five industries affected the most by ransomware.
1. Government
In 2024, government agencies were the top target for ransomware attacks, often due to threats from nation-states or the sensitive data they handle. As providers of essential services for communities and governments, disruptions in this sector can significantly impact public safety and national security.
2. Healthcare
“In 2024, healthcare organizations faced over 240 attacks and often paid 111% of the ransom demanded.”
This sector saw an increase in attacks from 60% to 67% even with the industry spending close to $125 billion from 2020 to 2025 on cybersecurity defensive tools.
3. Education
“The education sector has experienced a significant rise in ransomware attacks, with a 70% surge in 2023.” In 2024, it remains a top target, totaling 195 attacks, which includes a 105% increase against K-12 and higher education.
4. Manufacturing
Manufacturing faced over 160 attacks, with 67% able to negotiate ransom payments down. However, 74% of these attacks involved data encryption.
5. Energy
The energy sector is essential to national infrastructure, making it a high-value target that has faced 35 attacks, accounting for 67% of all ransomware incidents since 2023.
What Impact Did Ransomware-as-a-Service (RaaS) Have in 2024?
Like IT outsourcing, hackers will use Ransomware-as-a-Service (RaaS) providers to help execute their attacks. They will pay for these services using cryptocurrency. Many RaaS were behind many of the top attacks in 2024. LockBit, Darkside, REvil, Ryuk, and Hive are some of the top RaaS gangs globally. They were responsible for the U.S. Colonial Pipeline attack, JBS USA, Microsoft, and the attack on the Costa Rican Government.
The Future of Ransomware in 2025
The geopolitical landscape of 2024 continues to be shaped by the armed conflicts between Russia and Ukraine and Israel and Hamas. Cybercriminals are exploiting these situations, causing significant international repercussions. These conflicts have turned cyberspace into a battlefield, merging cyber tactics with traditional military actions, heightening tensions, and expanding the damage.
The Russia-Ukraine war has utilized hybrid techniques, with both sides employing hacktivism and cyberattacks to shape geopolitical outcomes. Pro-Russian and pro-Ukrainian groups have targeted governments, businesses, and individuals supporting their adversaries.
What is the Role of MDR in Addressing the Rise in RaaS Coming in 2025?
Global, regional, and local organizations have much in common regardless of industry. They all become ransomware victims, partially due to a lack of qualified cybersecurity engineering talent. MDR providers like ForeNova deliver several security operations (SecOps) service offerings to help these organizations with several critical functions:
- 24×7 continuous monitoring
- Automated incident response with 3rd party integration
- Monitoring endpoint devices
- Assisting with compliance reporting
- Futureproofing with continuous investment in new tools and capabilities
Another challenge for these organizations is accessing sustainable budgets to handle cyberattack growth. MDR offerings are cost-effective and relieve numerous capital expenditures through their services model.
Why ForeNova?
Experience across industries and global threats, including ransomware, phishing, and credential theft. NovaMDR by ForeNova provides services across the European Union (EU) and other geolocations.
Interested in learning more about NovaMDR? Click here to schedule an initial consultation today!