Emsisoft’s latest report reveals that 621 government entities, healthcare service providers, school districts, colleges and universities in the US have been affected by ransomware this year.
At least 621 government entities, healthcare service providers and school districts, colleges and universities in the US have been affected by ransomware so far this year.
The number of attacks are examined in Emsisoft’s State of Ransomware in the US: 2019 Report for Q1 to Q3, which also highlights trends such as the targeting of software commonly used by IT managed service providers (MSPs) and third party service providers where customers can be simultaneously hit. This was the case this August when 22 cities and towns in Texas were impacted.
The anti-malware software company is calling for improved coordination and communication channels between the private sector and law enforcement agencies to help ensure that impacted entities are aware of the availability of potential solutions and workarounds which may help minimise recovery costs.
A positive step taken in this direction includes the DHS Cyber Hunt and Incident Response Teams Act, which was recently passed by the US Senate.
“There is no reason to believe that attacks will become less frequent in the near future,” said Fabian Wosar, chief technology officer at Emsisoft. “Organisations have a very simple choice to make: prepare now or pay later.”
At least 68 state, county and municipal entities have been impacted since the beginning of the year, including:
Emsisoft reports that the healthcare sector continues to be a popular ransomware target and adds that cyber criminals understand that healthcare providers are often more inclined to pay the ransom as failure to do so may result in data loss that could potentially put lives at risk. From Q1 to Q3 there were a total of 491 ransomware attacks on healthcare providers.
“There is no reason to believe that attacks will become less frequent in the near future Organisations have a very simple choice to make: prepare now or pay later”
As well as a rise in targeting multiple customers through software used by MSPs and third party providers, trends highlighted in the report include a rise in ransom demands in 2019 as criminal enterprises seek to maximise their profits, cyber insurance while email and attachments and remote desktop protocol continue to be the attack vectors of choice.
Emsisoft explains that the latter is vulnerable to ransomware via exploitation on unpatched systems, misconfigured security settings and brute force attacks on weak login credentials.
In some cases, Emsisoft says it may be possible to reduce recovery costs.
In its blog, it writes: “For example, we have developed workarounds for two types of ransomware commonly used in attacks on public entities. These workarounds may, in some cases, either completely eliminate the need for a ransom to be paid or enable recovery for significantly less than the amount of the ransom demand.
“Whether all affected entities were aware of these workarounds is not known.”
You might also like: