Up to 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit with ransomware in the US alone during 2022, demonstrating how ransomware attacks remain a significant cyber threat to the public sector and civil society.
The figures on the number of government, education and healthcare sector organizations hit by ransomware attacks have been detailed by cybersecurity researchers at security company Emsisoft, who analysed disclosure statements, press reports, and information posted to the dark web.
But the figures suggest that the true impact of ransomware is likely much higher because the data is largely based on publicly available reports — and many victims of ransomware attacks don’t disclose the incidents publicly.
In total, 105 state and municipal government agencies disclosed that they were affected by ransomware attacks encrypting files and servers during 2022, an increase from 2021 where there were 77 reported attacks on government.
Researchers suggest that much of the rise in reported ransomware attacks against local governments can be linked to a single incident in Miller County, Arkansas, where one compromised mainframe resulted in malware being spread to endpoints in 55 different counties.
Data was stolen by cyber criminals in just over a quarter of the reported incidents — although Emsisoft notes that if the incident in Arkansas is disregarded, over half the attacks involved data being stolen.
Ransomware cyber criminals steal data in a technique known as double extortion, where they’ll threaten to release stolen information if a ransom isn’t paid.
Also: The real cost of ransomware is even bigger than we realised
Of the local government agencies hit with ransomware in 2022, only one organization is known to have paid a ransom, which amounted to $500,000. The largest ransom demand made by attackers against a government entity demanded $5 million — which wasn’t paid.
Education remains a key target for cyber criminal ransomware groups, with 89 education sector organizations reporting ransomware attacks during 2022 — one more than the 88 hit in 2021.
However, the number of schools affected by attackers almost doubled in a year. In 2021, ransomware reached a combined total of 1,043 schools, while the number hit in 2022 was 1,981.
In total, 45 school districts were reported to have fallen victim to ransomware attacks, while 44 colleges and universities were also hit with ransomware attacks. Data was stolen in 65% of incidents against education in 2022, compared with 50% the previous year. According to Emsisoft, at least three victims paid a ransom demand for a decryption key, with one known to have cost $400,000.
Hospitals have long been a target for ransomware attacks because many cyber criminals view them as an easy target due to an unfortunate combination: hospitals need their systems to be operating to treat patients but many hospital networks still rely on old, often unsupported software.
The attacks continued in 2022, with 25 incidents against hospitals and multi-hospital health systems, impacting patient care at up to 290 hospitals, with data, including protected health information, stolen in 68% of the reported incidents.
Ransomware attacks against hospitals can cause significant disruption for patients, who have their surgeries and appointments rescheduled, while ambulances have to be redirected to other hospitals — and the impact of a ransomware attack against a hospital can have long-term consequences.
“While the immediate disruption to critical services presents the most obvious risk to patients, outcomes may also be affected in the longer term as the effects of delayed procedures or treatments may not be apparent until weeks, months, or even years after the event,” said the Emsisoft blog post.
Also: Ransomware: Why it’s still a big threat, and where the gangs are going next
Overall, the number of reported ransomware attacks during 2022 remained similar to the number of reported incidents in 2021.
However, the figures only account for the public sector as the private sector doesn’t have the same obligations to publicly disclose incidents, so it’s difficult to get a real picture about the full extent of ransomware attacks and the disruption they cause.
“This means that more organizations will have been disrupted by ransomware than indicated by the numbers in this report,” said researchers.
While ransomware remains a significant cyber threat, there are actions that organizations can take to help them avoid falling victim to attacks or to reduce the impact of an incident.
This includes applying security patches and updates as soon as possible to prevent cyber criminals exploiting known vulnerabilities and delivering ransomware to the network.
User accounts should also be secured with multi-factor authentication, so that in the event of usernames and passwords being stolen, it’s harder for attackers to abuse the stolen credentials to gain access to a network.
Organizations should also ensure that backups are regularly kept up to date and that they’re stored offline, so even in the event of a ransomware attack, it’s possible to restore the network without giving into criminal ransom demands.
MORE ON CYBERSECURITY