In 2024, ransomware attacks surged, leaving devastation in their path. The UK’s NHS was a primary target, facing serious assaults this year, alongside other notable victims.
State-sponsored hacking from nations like China and Russia kept pace, spurred by geopolitical tensions. Long-standing cyber espionage campaigns came to light, revealing the ongoing threats. However, 2024 also marked a turning point. The UK’s National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) took bold steps against cybercriminals. New laws aimed at protecting critical sectors from ransomware showed that authorities were ready to act.
January kicked off with the British Library still reeling from a massive ransomware attack from late 2023. The fallout from this incident could cost the library up to £7 million, far exceeding the original ransom demand of £650,000. In a rare move, library leaders shared their experience, hoping to help others facing similar threats.
Also in January, Cozy Bear, connected to the SolarWinds breach, resurfaced. They infiltrated Microsoft’s systems through a brute-force password attack, targeting high-level accounts. With Microsoft’s close ties to Western governments, these breaches raised serious questions about their security measures.
February brought a significant breakthrough when the LockBit ransomware gang was dismantled in Operation Cronos, a coordinated effort by the NCA. The security community reacted positively but stayed cautious, understanding that one victory doesn’t end the war. Throughout the year, the NCA released valuable insights gathered during the operation and even taunted LockBit’s leader, Dmitry Khoroshev, who had once flaunted his wealth.
In April, the threat intelligence firm Mandiant elevated the Sandworm hacking group to a full-fledged advanced persistent threat (APT) known as APT44. Operated by Russia’s Main Intelligence Directorate, this group is notorious for its bold actions. While primarily serving the Russian state, the lines between state-sponsored hacking and cyber crime blurred as some APTs began facilitating ransomware attacks.
In June, Synnovis, a pathology lab provider serving major London hospitals, fell victim to a Qilin ransomware attack. The incident forced emergency measures in the NHS, leading to canceled appointments and critical shortages in blood supplies. The consequences of this cruel attack still resonate months later.
July saw the first King’s Speech under a Labour government in over a decade, bringing news of a proposed Cyber Security and Resilience Bill. This legislation aims to enforce mandatory cyber incident reporting for operators of critical national infrastructure, hopefully strengthening defenses against future threats.
In September, the UK collaborated with allies to expose a cyber espionage campaign by Unit 29155, a Russian APT that has carried out thousands of operations targeting NATO and EU organizations, particularly in critical sectors like energy and healthcare. This unit’s activities escalated before Russia’s invasion of Ukraine, making its threat significant.
MoneyGram was another high-profile victim in September, suffering a ransomware attack that brought its systems down. Following this breach, the Post Office swiftly terminated its contract with MoneyGram, citing the loss of customer data and security concerns.
By November, a 22-year-old British national named Tyler Robert Buchanan faced charges in the US linked to the Scattered Spider attacks. This group used clever social engineering to breach multiple organizations, including high-profile casinos. Notably, its members were primarily based in the US and the UK, shattering the stereotype that cybercriminals predominantly hail from Russia.
As 2024 drew to a close, hospitals in Liverpool also suffered a wave of attacks, affirming the ongoing threat to healthcare providers. Legacy systems and tight budgets make these institutions attractive targets for ransomware groups, with Alder Hey Children’s Hospital impacted due to vulnerabilities in a shared digital service. This underscored the critical need for timely software updates to protect sensitive data.