Just How Widespread Is Ransomware Epidemic?Report: Over 600 Attacks in First Nine Months of Year
More than 600 ransomware attacks pummeled local governments, schools districts and healthcare providers across the U.S. in the first three quarters of this year, according to a study by security firm Emsisoft. Meanwhile, the FBI this week issued a fresh warning about the threat.
The U.S healthcare sector has been the most frequent target for ransomware attacks, with over 490 attacks in the first three quarters, the report finds. Plus, that tally don't include several recent incidents (see: Latest US Healthcare Ransomware Attacks Have Harsh Impact).
Approximately 68 state, county and municipal government entities were targeted by ransomware in the first eight months of the year, the study estimates. In addition, over 60 incidents targeted education districts and institutions, the report found.
For the study, Emisoft only looked at healthcare, government and education sectors. The security firm, however, estimates the overall number of affected organizations in all sectors to be much higher, noting that many businesses don't report these attacks.
Meanwhile, on Wednesday, the FBI's Internet Crime Complaint Center issued a warning about ransomware and requested affected organizations contact law enforcement agencies before paying a ransom.
There is no guarantee that attackers will provide the decryption keys to retrieve the encrypted files once a ransom is paid, the FBI warns. And paying a ransom can only embolden these cybercriminals, it stresses.
"Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to law enforcement. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks," the FBI states.
Fabian Wosar, the CTO of Emsisoft, tells Information Security Media Group: "Payment is the fuel that drives ransomware attacks, and attacks will only cease when ransomware becomes unprofitable. Organizations need to bolster their security and insulate their backups so that they do not need to choose between paying ransoms and data loss."
The overall financial impact of ransomware attacks is difficult to calculate, the Emsisoft report notes.
An audit of Baltimore's response to a ransomware attack estimated that it had cost the city at least $18 million since May. And New Bedford, Massachusetts, spent $1 million on its recovery effort after the mayor refused to pay cybercriminals a $5.3 million ransom.
Over the last several months, school districts have become frequent targets, with districts in Louisiana and Arizona among those targeted (see: Louisiana Declares Emergency After Malware Attacks).
Over the last year, researchers have noted that attackers have taken advantage of weak email security to help spread ransomware. In most cases, phishing emails are used to plant the malware in a network after someone clicks a malicious link. Some cybercriminals are using the Remote Desktop Protocol feature in Windows to gain administrative control and then help the ransomware spread once the initial attack is underway, Wosar says (see: Remote Desktop Protocol: Securing Access ).
A lack of back-up data can slow down the recovery process, Wosar says.
"It's critically important that organizations actually have back-ups," Wosar says. "While this may seem like a no-brainer, it is something that not all organizations do. For example, it has recently emerged that Baltimore lost critical data because data was stored on user systems and the city did not have a process for backing up those systems."
The Emsisoft report warns that attackers are increasingly targeting managed service providers and using those platforms as a way to spread ransomware. Evidence of this was seen in Texas over the summer when 22 local communities were hit in a coordinated attack (see: Texas Says 22 Local Government Agencies Hit by Ransomware).
Last week, the U.S. Senate passed a bill that would create cyber incident response and threat hunting teams at the Department of Homeland Security to assist victims of ransomware and other cyberattacks (see: Bill Calling for DHS Cyber Incident Mitigation Teams Advances).
"The legislation certainly appears to be a step in the right direction," Wosar says. "Whether it will prove to be effective remains to be seen and will likely depend on the manner in which it is implemented."
Managing Editor Scott Ferguson contributed to this report.