Over 1000 schools and colleges, 700 hospitals and 100 government agencies suffered ransomware infections in 2019

2019 was, without a doubt, the year of ransomware in the US. While these infections occur continuously, as for the second half of the year a major wave of attacks began and, according to multiple information security firms, it impacted over 1000 organizations, including government agencies, educational institutions and medical services companies. The financial impact of these incidents also increased, as it is estimated that by the end of the year this wave of ransomware will have resulted in losses of up to $7.5 billion USD.

According to the annual report on ransomware attacks elaborated by security firm Emsisoft, organizations affected by these infections include:

  • 103 federal, state and municipal government organizations
  • 759 health care providers
  • 86 universities, colleges and school districts, equivalent to more than 1,200 schools affected

The danger of ransomware incidents has also increased, as they no longer only represent economic losses, but compromise systems fundamental to the operation of the affected institutions, putting at risk the physical integrity of thousands of people. Among the main affections caused by these cyberattacks are:

  • Multiple failures at some hospital facilities that forced emergency transfers of some patients
  • Impossibility to access thousands of medical records. In some cases this information was permanently lost
  • Delay in some surgeries
  • Massive disruption of emergency services (911) in some areas
  • Dropping of multiple systems used by law enforcement agencies across the U.S.
  • Failures in surveillance systems
  • Ownership transactions were halted
  • Unable to issue utility bills
  • Subsidies to nonprofits were delayed by months
  • Websites were disconnected
  • Online payment portals were inaccessible
  • Email and phone systems stopped working
  • Driver’s licenses could not be issued or renewed
  • Payments to sellers were delayed
  • Schools closed
  • Multiple academic records were lost
  • Tax payment deadlines had to be extended

Emsisoft information security experts mention that it is difficult to integrate such a report due to the limited amount of publicly available information, although it is possible to estimate the costs from each individual event. From this information, Emsisoft mentions that, on average, a ransomware incident generates losses of almost $8 million USD for the affected organization, plus it takes nearly 300 days to complete the recovery process.

Possible causes of increased attacks

There are multiple reasons to explain this increase, although the main one, according to security firms, are the bad practices that still exist in organizations that, in conjunction with the evolution of the methods employed by hackers, render any employee prey easy of attack.

The problem is accentuated among state and municipal organizations, as cybersecurity issues are not yet part of a governance strategy at that level of organization, so local governments often find themselves completely unprotected against these threats. The main problems detected by Emsisoft are:

  • The absence of a cybersecurity incident recovery policy or plan
  • Lack of regular safety assessments
  • Limited or no use of encryption as a measure of protection of confidential information

Significantly, only a few states across the US conduct security audits at an acceptable level, while in the most severe cases, local administrations lack the most basic security measures. An example of this is the Baltimore government, which, according to computer security experts, lacked a backup system; so much of the information compromised by the ransomware was completely lost.

What can be done about it?

There is no definitive solution against these incidents, so comprehensive plans are required to reduce exposure to encryption malware and other similar security risks.  According to information security specialists from the International Institute of Cyber Security (IICS), possible measures to reduce the risks of infection include:

  • Improve security standards: Most organizations affected by ransomware attacks have serious security flaws. Compliance with a standard would ensure the presence of at least the most basic security measures
  • Correct guidance: One of the main challenges for organizations outside this topic is the correct interpretation of cybersecurity. For this, it is vital to have a role model and make as few mistakes as possible when implementing a cybersecurity plan
  • Strict legislation for these cases: There are many cases where organizations choose to negotiate with hackers to avoid further setbacks. However, cybersecurity specialists believe this practice incentivizes criminal activities, so stricter legislative controls are needed to determine when to pay hackers is a truly viable option