By Esther George and the Zyber Global Research Team
From Financial Loss to Human Impact
Between 2023 and 2024, the world witnessed an alarming escalation in cybercrime and state-backed cyberattacks, with ransomware, phishing, and data breaches causing billions in losses and disrupting vital services. Ransomware-as-a-Service groups like LockBit dominated the threat landscape, targeting both large enterprises and smaller, less defended organizations.
At the same time, sophisticated nation state actors from China, Russia, North Korea, and Iran launched aggressive campaigns that blurred the lines between espionage and criminal activity. These developments marked a turning point where cyber operations increasingly became instruments of both geopolitical conflict and financial crime.
As Part 2 explores, the consequences of this new era have been particularly devastating for critical sectors like healthcare, infrastructure, and finance, where the stakes are not just financial but potentially life and death.
Healthcare: A Sector Under Siege
Ransomware and data breaches are battering healthcare systems worldwide, with grave consequences for patient care. As UN experts have warned, attacks on hospitals and clinics can be “issues of life and death,” threatening patient safety and global health security. Healthcare’s vast troves of sensitive data make it an irresistible target. In the past two years, incident reports show a sharp spike in attacks on the health sector, from ransomware encrypting hospital networks to stealthy exfiltration of patient records. For example, in 2024 over 14 million people were affected by malware driven breaches in U.S. healthcare, and 91% of malware-related health sector breaches involved ransomware.
Notorious groups like LockBit and BlackCat (ALPHV) have repeatedly hit hospitals, clinics, and medical suppliers. LockBit claimed attacks on medical-device makers and eye clinics, while BlackCat struck Change Healthcare (a major U.S. claims processor), extracting a ransom and triggering a second extortion demand from a copycat gang. These incidents illustrate a disturbing logic, the more a disruption endangers lives or privacy, the higher the ransom criminal’s demand.
The systemic impact of healthcare cyberattacks is severe. When Change Healthcare was breached in early 2024, it crippled billing and payment flows for thousands of providers. Doctors’ offices and pharmacies suddenly could not submit claims or receive payments, choking off cash flow. A Federal Reserve analysis noted that more than half of doctors resorted to using personal funds to cover practice expenses during the outage. Small clinics and independent pharmacies which often operate on thin margins were hardest hit, with credit analysts warning of lasting financial strain. Emergency measures were required: CMS advanced over $3.2 billion to providers and UnitedHealth (Change Healthcare’s parent) lent another $6.5 billion, but even $9.7 billion in aid covered only a fraction of normal claims. In short, an attack on one critical healthcare processor became a broader crisis for the entire sector.
Governments and regulators have raced to respond. In the U.S. agencies allowed providers to submit paper claims or switch clearinghouses and expedited payments to blunt the crisis. Congress has also weighed new rules, in March 2024 Senator Mark Warner introduced a bill to link Medicare advance payments to rigorous cybersecurity requirements. The Department of Health and Human Services opened a probe into HIPAA compliance at Change Healthcare, and class-action lawsuits are consolidating.
Internationally, the World Health Organization has sounded the alarm, declaring that healthcare ransomware is a “direct and systemic risk to global public health and security”. In short, virtually every stakeholder, from hospital IT staff to public health officials now views cyber resilience as critical as medical care itself.
Critical Infrastructure Disruption
Beyond healthcare, critical infrastructure is under relentless cyberattack. Ransomware gangs and hacktivists alike have zeroed in on transportation, energy, utilities and other lifeline services. Europol and industry reports note that ransomware groups now “go after international companies, public organisations, critical infrastructure and essential services.”. The war in Ukraine has only sharpened this trend. Pro-Russian hacktivists have launched waves of DDoS attacks and malware campaigns against European power grids and communications networks.
In mid-2024, security analysts reported that Russia-linked actors breached a hydroelectric plant in France and struck renewable energy firms in Germany and Denmark. Months of conflict have inundated Europe’s energy systems with thousands of probing attacks, prompting top utility executives to warn that the hackers “are becoming better by the day”.
Transportation networks have also been disrupted. In November 2024, the Moscow subway’s website and mobile app were disabled, seemingly in retaliation for a cyberattack on Ukraine’s national railways. A ransom message appeared on the Moscow Metro site, purportedly from Ukraine’s railway operator, mirroring the demands seen in that earlier attack. Although officials blamed “maintenance,” the incident underscored how the Ukraine conflict has spilled into cyberspace, each side striking at transit systems.
Meanwhile, threats to local utilities continue. In February 2024, UK water supplier Southern Water disclosed a £4.5 million hit from a ransomware breach (attributed to the Black Basta group). Although operations were not halted, the breach and similar attacks on hospitals, airports and ports demonstrate how intruders are probing the supply chain of essential services. Such disruptions can have cascading effects far beyond the hacked target. A hit to a water treatment plant or power grid can paralyze households and businesses alike, interference with a metro or port delays commerce and critical commutes. Security analysts emphasize that “malicious activity in cyberspace is on the rise” across every sector.
Financial Systems and the Crypto Threat
Financial institutions too have felt the sting of cyberattacks, both as targets and as enablers of crime. Ransomware operators treat the finance sector as a high-value target, knowing that banks and payment networks handle trillions of dollars. In 2023, ransomware payments hit a record $1.25 billion worldwide, breaching healthcare, banks and even SWIFT networks. Many of those ransoms were paid in cryptocurrency, which offers speed and some anonymity to crooks. Experts estimate that $22.2 billion in illicit funds were laundered via crypto last year from narcotics to sanction evasion to ransomware proceeds. Chainalysis reports that a large portion of that includes stolen or extorted cryptocurrency. In practice, cybercrime and financial crime have merged, ransomware-as-a-service (RaaS) groups recruit affiliates to breach networks and demand cryptocurrency payoffs, then funnel the coins through mixers or bogus exchanges to hide their trail.
After the 2023 peak, ransomware payouts fell roughly 35% in 2024 to about $813 million. Observers attribute this decline partly to improved defences and collaboration, more victims have reliable backups, and international police actions have disrupted major gangs. In the past year authorities seized millions in cryptocurrency and arrested key operators. Nevertheless, financial systems remain at risk. Beyond ransomware payments, hackers probe banks and exchanges directly. Cryptocurrency platforms themselves are frequent targets, 2024 saw multiple exchange heists and exploits of DeFi protocols, underscoring that money itself whether digital or fiat is a prime target.
Regulators worldwide have begun tightening oversight of crypto, recognizing it as a conduit for money laundering and ransom payments. Meanwhile, the cross-border nature of crypto has prompted calls for unified international rules. The U.N. Secretary-General has observed that cyber enabled attacks on finance and critical sectors pose broad risks to peace and stability, stressing that countries need to enforce the “rule of law” online as well as off.
Lessons and Mitigation Strategies
This wave of attacks has underscored a simple truth: fundamental cyber hygiene and cooperation save lives and money. Patching, multifactor authentication (MFA), regular backups, and employee training form the bedrock of effective cyber defence. Organizations should promptly apply security patches and updates to close vulnerabilities and use MFA to protect critical accounts. Maintaining frequent offline and offsite backups of essential data ensures rapid recovery after incidents. Simultaneously, continuous cybersecurity training and awareness programs empower staff to recognize phishing and other social-engineering threats.
- Proactive cyber hygiene: Ensure up-to-date patching, enforce MFA, and establish strict access controls.
- Reliable backups & recovery: Implement frequent, redundant data backups and test restoration procedures regularly.
- Employee training: Conduct ongoing security awareness programs, phishing simulations, and clear reporting protocols.
Effective cyber defence hinges on collaboration. Governments and private entities must actively share threat intelligence and participate in joint exercises to detect and respond to cross-border attacks faster. Global coordination efforts through CERTs, ISACs, NATO, and the UN etc are essential to disrupting cybercrime networks and building collective resilience.
At the same time, regulatory frameworks are evolving. Nations are tightening breach notification laws and enforcing stricter rules for critical sectors. Initiatives like the EU’s NIS2 directive reflect a global trend toward embedding cybersecurity into broader national security strategies. Organizations should stay aligned with these developments.
Looking ahead, long-term investment in innovation, skilled personnel, and resilient infrastructure is vital. Security budgets must go beyond compliance to support advanced technologies like AI driven threat detection and quantum resistant encryption. As AI and other emerging technologies reshape the threat landscape, defenders must anticipate and prepare for future risks through proactive planning, simulation, and international cooperation.
Conclusion: Securing the Digital Frontier Together
Cybercrime is no longer confined to backdoors and data breaches it is a force disrupting hospitals, financial systems, critical infrastructure, and global stability. As threats evolve in scale and sophistication, so must our collective response. Whether through ransomware, crypto exploitation, or nation-state tactics, the digital battlefield is now everyone's concern.
Defending against these threats requires more than isolated technical fixes. It demands shared intelligence, international cooperation, stronger regulation, and long-term investment in resilience. The future of cybersecurity depends on unity of purpose from governments and industry leaders to frontline defenders. The time to act is now before the next wave of attacks tests our resolve and readiness once again.
Sources:
Ransomware Attacks on Healthcare Sector ‘Pose a Direct and Systemic Risk to Global Public Health and Security’, Executive Tells Security Council
https://press.un.org/en/2024/sc15891.doc.htm
New Healthcare Threat Research Reveals Breaches and Ransomware Still a Problem in the Sector
The Cyberattack on Change Healthcare: Lessons for Financial Stability
https://www.financialresearch.gov/briefs/files/OFRBrief-24-05-change-healthcare-cyberattack.pdf
CMS Statement on Continued Action to Respond to the Cyberattack on Change Healthcare - https://www.cms.gov/newsroom/press-releases/cms-statement-continued-action-respond-cyberattack-change-healthcare
Understanding the Change Healthcare Breach and Its Impact on Security Compliance - https://hyperproof.io/resource/understanding-the-change-healthcare-breach/
Europol Spotlight: Cyber - Attacks: The Apex of Crime-As-A-Service
Could Cyberattacks ‘Turn the Lights Off’ in Europe?
https://www.knowbe4.com/hubfs/Europe-Energy-Report-UK-EN.pdf#
Moscow subway app and website disrupted in possible retaliation for Ukraine railway hack - https://therecord.media/moscow-subway-system-disruption-ukraine-hack-message
Southern Water reports £4.5M cost from ransomware attack
Amid Growing Cybersecurity Threats, Rule of Law in Digital Sphere Critical to Ensure New Technologies Are Used for Common Good, Secretary-General Tells Security Council
Ransomware payments plunge after law enforcement actions
https://www.axios.com/2025/02/07/chainalysis-ransomware-payments-hackers
Technology has changed money-laundering
https://www.economist.com/culture/2024/06/20/technology-has-changed-money-laundering
Digital Breakthroughs Must Serve Betterment of People, Planet, Speakers Tell Security Council during Day-Long Debate on Evolving Cyberspace Threats
https://press.un.org/en/2024/sc15738.doc.htm#
#StopRansomware: RansomHub Ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a#
300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide
https://thehackernews.com/2025/05/300-servers-and-35m-seized-as-europol.html#