Ransomware attacks are reaching record levels according to one research firm, crippling businesses and causing issues across the world.
Chainalysis, who specializes in supply chain analysis, said payments in 2023 connected to ransomware attacks exceeded $1.1 billion.
A second study found that ransomware attacks against hospitals, like the one thought to have impacted Lurie Children’s hospital, are also on the rise.
“People don’t realize just how common these attacks are,” said Brett Callow, a threat analyst at Emsisoft. “It really is quite worrying.”
Emsisoft’s State of Ransomware in the U.S. report found that 46 hospital systems were impacted last year, up from 25 the year before.
“Ransomware operators are nothing if not predictable,” said Callow. “If they find a particular sector, a particular type of target has a good investment for them, they will attack that target over and over again.”
Hospital ransomware attacks can also be dangerous. A study called Hacked to Pieces, by researchers at the University of Minnesota, found that ransomware attacks can affect patient outcomes.
“Ransomware attacks increase the in-hospital mortality rate for patients already admitted to ransomware-attacked hospitals on the date of attack discovery,” the report said. “Mortality effects are most pronounced for patients at hospitals experiencing particularly severe ransomware attacks and for Black patients.”
The study found that from 2016 to 2021, between 42 and 67 Medicare patients died as a result of attacks at the hospitals they studied.
Another growing target of cybercriminals: grade schools. Emsisoft found that there were 108 attacks against K-12 school districts last year. There were only 45 in 2022. Callow said the districts may not be wealthy, but they do tend to carry cyber insurance which will pay ransom demands.
The only way to stop the attacks, the experts say, is to stop paying.
“What we are doing is funding our enemies and they are getting better and better,” said Peter Nicoletti of Checkpoint Security.
Callow agreed with that assessment.
“Ransomware attacks happen for one reason and one reason only and that is they are very, very profitable for the people responsible for the attacks,” he said.
Lurie Children’s hospital is open for business, but most of its phone and computer systems remain offline almost two weeks after a confirmed cyberattack. It is working with the FBI but has yet to publicly disclose how it is addressing it’s “cybersecurity matter.”