The Ever-Growing Threat
You cannot turn on the news without hearing about it, and you cannot show up to work without being warned about it. Ransomware has dominated the public conversation on cyber security, and hackers have spent the year exploiting companies for billions with the tactic. Email has become the number one attack vector, and ransomware has become any employees worst enemy.
If you are not familiar, ransomware is malicious software variations that spread across your computer’s network to encrypt your system holding all documents and sensitive material hostage in exchange for a ransom payment. Usually requesting payment via Bitcoin to remain anonymous in hopes to avoid legal prosecution. Hackers use ransomware Trojans on all types of victims, and often more experienced hackers look for large payouts from more respected targets.
In 2018, there was quite the spike in ransomware attacks with an estimated $8 billion in revenue for the attackers. That’s an astounding number. What is even more incredible, in 2019 the damages caused by ransomware has more than tripled the previous year. It is believed that in the healthcare industry alone, there will be more than $5 billion dollars in loss due to ransomware. Why such a jump in the amount of damage over a short period of time? Easy, hackers realized the proper niche to target. With sophisticated engineering techniques and a little knowledge on a company’s employee directory, an experienced hacker has little-to-no trouble infiltrating an unsecured organization’s infrastructure with a simple malicious email. The niche targets have led hackers to schools and universities, state and local governments, and healthcare verticals.
A Successful Strategy
In 2019 alone, over 70 local and state governments were hit with successful ransomware attacks. Whether it be the City of Atlanta having a total loss of $2.6 million instead of the $50,000 ransom, or the City of Baltimore paying over $18.2 million instead of the original $100,000 ransom requests, it is safe to say hackers won big in 2019 when it comes to US governments. It is believed that over 2/3 of all ransomware attacks in 2019 targeted US local and state governments.
Government entities were not the only ones taking massive loses this year. Over 100 schools and universities were hit with ransomware, with Ryuk being the most common malicious Trojan used. That is more than 9 times that of the previous year, where only 11 ransomware incidents had occurred on educational institutions. This niche being a particularly good target due to low budgets on security, and high amounts of sensitive data stored on students and staff. Connecticut alone, had seven school districts impacted by ransomware, making them the state with the highest number of successful attacks on schools. In September, the US Senate passed the DHS Cyber Hunt and Incident Response Teams Act, which put together response teams that will assist public and private entities in defending themselves against cyber-threats.
Healthcare organizations have remained the primary focus for hackers when launching malicious campaigns, and ransomware strikes the sector more than any other. The sensitive data is a gold mine for any hacker, making it obvious why hospitals and healthcare facilities are targeted so often. Not only does it cost these facilities billions of dollars, it cripples everyday operations. In some cases, like DCH Medical Center in Alabama, the scheduling and booking systems were shut down causing surgeries and appointments to be canceled. This could be extremely detrimental to a patient’s health, in some cases could be life-threatening.
Starting the New Decade
Soon it will be the start of a new decade; 2020 is just a few days away. The pattern of ransomware attacks does not seem to be slowing down, quite the opposite … it is exploding. Expect the next year to be another year of steady growth with new strains of ransomware exploiting companies all over the globe. Cyber security spending for organizations will continue to rise higher than the 14 billion spent in 2019. With new regulations and laws being put in place, responsibility for properly protecting and securing data will be vital.