An unprecedented number of ransomware attacks deployed against government, healthcare and school targets in the U.S., and new attacks that not only lock up but also steal sensitive data, have prompted cybersecurity firm Emsisoft to declare a “crisis.”
An recent attack in Pensacola that “may have resulted in a municipal government’s data falling into the hands of cybercrimals” has also prompted Emsisoft to issue its 2019 “State of Ransomware in the US” report early and hopefully induce an immediate response by governments:
“We believe this development elevates the ransomware threat to crisis level and that governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”
The report describes an, “unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.”
Affected organizations include:
- 103 federal, state and municipal governments and agencies.
- 759 healthcare providers.
- 86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.
In a ransomware attack, hackers typically deploy malicious software via infected links embedded in “phishing” emails.
Sometimes these emails are spammed out randomly. In other cases, an employee working at a targeted organization is carefully profiled and sent a customized email designed to trick that individual into clicking an infected link.
In the case of one cryptocurrency exchange, hackers determined that someone working there was an extreme fan of a particular type of dog.
The hackers created fake digital materials claiming that a dog show featuring this breed would shortly be held in the employee’s region. The employee opened the email, clicked on a link it contained, and infected the entire exchange’s computer systems. The exchange was later robbed of cryptocurrencies.
In most cases, an organization’s systems are rendered unusable by ransomware and a ransom of cryptocurrencies is demanded in exchange for restoring systems or data.
In May, twenty-one civic agencies in Baltimore were disabled by a ransomware attack.
When Boston legal aid offices were disabled by Russian “Ryuk” ransomware earlier this year, trials had to be postponed, including a trial involving a child victim.
According to Emsisoft, the attacks it has lately witnessed, “put people’s health, safety and lives at risk”:
- Emergency patients had to be redirected to other hospitals.
- Medical records were inaccessible and, in some cases, permanently lost.
- Surgical procedures were canceled, tests were postponed and admissions halted.
- 911 services were interrupted.
- Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field.
- Police were locked out of background check systems and unable to access details about criminal histories or active warrants.
- Surveillance systems went offline.
- Badge scanners and building access systems ceased to work.
- Jail doors could not be remotely opened.
- Schools could not access data about students’ medications or allergies.
Emsisoft further claims that the escalated success of ransomeware attacks in 2019 resulted from “a perfect storm…(involving) existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses.”
Fabian Wosar, CTO of Emsisoft, has issued a sober warning:
“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020. Governments and the health and education sectors must do better.”