Skip to main content
The year 2023 witnessed some of the biggest ransomware attacks, affecting Fortune 500 companies, schools, hospitals, and government organizations. These incidents not only caused massive disruptions but also led to substantial financial losses and confidential data breaches. Read on to learn more about the biggest attacks, what happened, and how to stay safe in 2024.
1. Yum Brands
When: January 2023
What happened: Yum Brands, the parent company of KFC, Pizza Hut, and Taco Bell, experienced a major ransomware attack resulting in the temporary closure of 300 restaurants in the UK.
The attack leaked personally identifiable information (PII) of employees and forced Yum Brands to take its systems offline as a containment measure. The company disclosed that the compromised data included personal information such as names, driver’s license numbers, ID numbers, and other confidential details.
The incident incurred significant expenses related to response and remediation, and the company is facing lawsuits from employees.
2. Royal Mail
When: January 2023
What happened: Royal Mail, a major postal service in the UK, was targeted by a ransomware attack that severely impacted international deliveries.
The attackers managed to breach a distribution center. They then threatened to leak confidential staff data and demanded a $80 million ransom.
It’s not clear whether the company paid, but recovery reportedly incurred costs of over $12 million and they suffered 6 weeks of disruption.
3. US Marshals Service
When: February 2023
What happened: The US Marshals Service experienced a data breach that leaked personally identifiable information (PII) of fugitives, staff, and third parties.
The attackers infiltrated a standalone system used by the USMS. The leakware attack included data exfiltration, a common tactic used by ransomware gangs to leverage stolen data for ransom demands.
The USMS managed to implement a workaround to maintain the continuity of its investigations. Nonetheless, they had to report the incident to Congress as it compromised law enforcement data.
4. City of Dallas
When: April 2023
What happened: The City of Dallas experienced a ransomware attack that disrupted city services and jeopardized the personal information of thousands of individuals.
The attack affected various services, including the Dallas Police Department, Dallas Public Library, water bill services, Dallas Animal Services, Development Services, Public Works, Permitting, and Zoning applications, among others.
The Police Department had to revert to manual processes for dispatching, potentially impacting response times and accuracy of emergency services.
5. MOVEit
When: May 2023
What happened: The MOVEit cyberattack in 2023 stands as one of the largest in recent history, with over 2,000 organizations victimized and an estimated impact on 60 million individuals.
The attack was orchestrated by the Clop ransomware group, exploiting a critical vulnerability in MOVEit Transfer, a managed file transfer software.
The attack resulted in the theft of sensitive data from numerous organizations, including BBC, Aer Lingus, British Airways, and government agencies.
The financial toll of the attack is estimated to be around $9.93 billion. Despite rapid response and patching efforts by MOVEit, the attack’s scale and complexity made it challenging to fully contain the breach.
6. Johnson Controls
When: September 2023
What happened: Johnson Controls International was the target of a serious attack with hackers demanding a $51 million ransom and threatening to release contract data from the Department of Homeland Security.
The Dark Angels Team, a cybercrime gang, claimed responsibility, compromising the network infrastructure, exfiltrating critical data, encrypting files, and deleting backups.
The attack disrupted Johnson Controls’ operations, impacting subsidiaries like Simplex and Ruskin. The company responded by activating its incident response plan and working with cybersecurity experts and insurers.
7. Ontario Hospitals
When: October 2023
What happened: Five hospitals in Southwestern Ontario, along with their shared IT provider TransForm Shared Service Organization, were hit by a ransomware attack.
The attack led to significant outages of online services, including electronic patient records and email systems. The attackers published sensitive data on the dark web, including information on 5.6 million patient visits, employee information, COVID-19 vaccine records, and other personal details.
After consulting with cybersecurity experts, the hospitals decided not to pay the ransom. Despite support from law enforcement agencies, local police, INTERPOL, and the FBI, it took weeks to restore operations and resume normal patient treatment.
8. Motel One
When: October 2023
What happened: Motel One, a well-known budget hotel chain, was targeted by ransomware. Attackers managed to access customer data, including addresses and details of 150 credit cards.
The incident appeared on the dark web leak site of the ALPHV ransomware gang. The group claimed to have stolen several terabytes of data from Motel One, including customer information and internal documents. Despite the breach, Motel One insisted that its business operations were never at risk due to the incident.
9. ICBC
When: November 2023
What happened: ICBC, the world’s largest bank, was hit by a major attack that disrupted business operations and U.S. treasury markets. The Chinese bank ended up temporarily owing the Bank of New York Mellon $9 billion.
The LockBit group exploited Citrix vulnerabilities, known as Citrix Bleed, to launch the attack. Despite the vulnerabilities being disclosed by Citrix a month before the attack, some assets remained unpatched, leaving them vulnerable to exploitation. The attack bypassed authentication controls, giving the attackers extensive access to the bank’s systems.
While it hasn’t been officially confirmed, it’s widely believed that ICBC paid the ransom to restore operations.
10. Trellance
When: November 2023
What happened: Trellance, an organization that provides IT services to credit unions, fell victim to a ransomware attack. This attack specifically targeted Ongoing Operations, a company recently acquired by Trellance.
The attack affected around 60 credit unions across the United States. These credit unions experienced significant operational disruptions, leading to prolonged service outages.
This incident is a good example of how supply chain attacks constitute a major risk, as cybercriminals increasingly target vulnerabilities in third-party software, hardware, and services.
Protect Your Organization in 2024 and Beyond
In 2024, businesses need to ensure they are prepared for the increasing complexity and sophistication of cyber threats.
ProLion provides critical protection at the storage level. By identifying and mitigating threats before they escalate, ProLion safeguards vital business data, ensuring a vital last line of defense often missed in conventional cybersecurity strategies.
Is your organization ready for 2024? Learn more about ransomware protection now or take our cyber resilience assessment to see how well-prepared you are.
