You are viewing 1 of 2 articles without an email address.


All our articles are free to read, but complete your details for free access to full site!

Already a Member?
Login Join us now

The rising threat and cost of ransomware to cities

Emisoft’s latest report reveals that 621 government entities, healthcare service providers, school districts, colleges and universities in the US have been affected by ransomware this year.

LinkedInTwitterFacebook
2019 has seen a rise in ransom demands as criminal enterprises seek to maximise their profits
2019 has seen a rise in ransom demands as criminal enterprises seek to maximise their profits

At least 621 government entities, healthcare service providers and school districts, colleges and universities in the US have been affected by ransomware so far this year.


The number of attacks are examined in Emisoft’s State of Ransomware in the US: 2019 Report for Q1 to Q3, which also highlights trends such as the targeting of software commonly used by IT managed service providers (MSPs) and third party service providers where customers can be simultaneously hit. This was the case this August when 22 cities and towns in Texas were impacted.

 

Private-public collaboration


The anti-malware software company is calling for improved coordination and communication channels between the private sector and law enforcement agencies to help ensure that impacted entities are aware of the availability of potential solutions and workarounds which may help minimise recovery costs.


A positive step taken in this direction includes the DHS Cyber Hunt and Incident Response Teams Act, which was recently passed by the US Senate.


“There is no reason to believe that attacks will become less frequent in the near future,” said Fabian Wosar, chief technology officer at Emsisoft. “Organisations have a very simple choice to make: prepare now or pay later.”


At least 68 state, county and municipal entities have been impacted since the beginning of the year, including:

  • in May, Baltimore became the second US city to be hit by a strain of ransomware called RobbinHood. The city refused to pay the demand of $76,000. Disruption to service delivery included property transactions, and tax and water billing all being delayed. Recovery costs have been estimated at $18.2 million;
  • in June, Lake City fell victim to a Ryuk attack. The $460,000 ransom demand was covered by an insurance policy subject to a $10,000 deductible. The IT director was fired and is now suing the city. Not all data was recovered;
  • in July, New Bedford received the largest ever publicly disclosed ransom demand – $5.3 million – after its systems were compromised. The city made a counteroffer of $400,000, which was rejected. Recovery costs are estimated at less than $1 million and will be covered by insurance.

 

Emisoft reports that the healthcare sector continues to be a popular ransomware target and adds that cyber criminals understand that healthcare providers are often more inclined to pay the ransom as failure to do so may result in data loss that could potentially put lives at risk. From Q1 to Q3 there were a total of 491 ransomware attacks on healthcare providers.

“There is no reason to believe that attacks will become less frequent in the near future Organisations have a very simple choice to make: prepare now or pay later”

As well as a rise in targeting multiple customers through software used by MSPs and third party providers, trends highlighted in the report include a rise in ransom demands in 2019 as criminal enterprises seek to maximise their profits, cyber insurance while email and attachments and remote desktop protocol continue to be the attack vectors of choice.

 

Emisoft explains that the latter is vulnerable to ransomware via exploitation on unpatched systems, misconfigured security settings and brute force attacks on weak login credentials.

 

In some cases, Emisoft says it may be possible to reduce recovery costs.

 

In its blog, it writes: “For example, we have developed workarounds for two types of ransomware commonly used in attacks on public entities. These workarounds may, in some cases, either completely eliminate the need for a ransom to be paid or enable recovery for significantly less than the amount of the ransom demand.


“Whether all affected entities were aware of these workarounds is not known.”

 

You might also like:

LinkedInTwitterFacebook
Add New Comment
You must be a member if you wish to add a comment - why not join for free - it takes just 60 seconds!