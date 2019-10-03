Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Nearly 70 US Government Organizations Hit by Ransomware Since January

Ransomware gangs, intent on stealing American dollars, have struck at least 621 targets in the US government, education, and healthcare sectors since January. 

report into stateside ransomware attacks, released on October 1 by antivirus company Emisoft, which is an associate partner in Europol’s No More Ransom Project, paints a picture of a nation in a serious cyber-predicament. 

At least 68 state, county, and municipal entities have been impacted by this particular type of attack since the beginning of the year. In just one attack on Baltimore, MD, carried out in May using the ransomware RobbinHood, recovery costs are estimated to have been $18.2 million. 

A Ryuk attack on Lake City, FL, in June led to insurers forking over a $460,000 ransom minus a $10,000 deductible, and only part of the data affected was recovered. 

So far this year, there have been at least 62 ransomware incidents involving school districts and other educational establishments, which potentially impacted operations at up to 1,051 individual schools, colleges, and universities.

The healthcare sector has suffered just under 500 attacks since this year's ball drop in Times Square heralded the start of 2019.

Fabian Wosar, Emisoft CTO, told Infosecurity Magazine: "When we look at absolute numbers in all areas—business, government, and home users—ransomware is on the decline. However, this is mostly due to the fact that ransomware gangs focus on business and government targets these days instead of the large-scale spray-and-pray attacks against home users that were dominant just a few years ago. So, while the pressure on home users went down dramatically, it skyrocketed for those other areas."

Describing the biggest ransomware payout he had come across, Wosar said: "The biggest confirmed payout I have seen was $700,000, but I cannot disclose specific details about that case."

How an organization decides to deal with a ransomware attack has a major bearing on whether it will be re-targeted at a later date. 

Wosar told Infosecurity Magazine: "What definitely will make you a big target is if you got ransomed and paid. During a lot of these attacks we have seen ransomware groups leave behind backdoors that allow them to access the systems again in the future. Given this backdoor access and your willingness to pay for your data, you become a prime target for a second attack later down the line."

Sharing his predictions on how ransomware attacks will evolve, Wosar said: "I believe that attacks on organizations with outsourced infrastructure and IT will become increasingly common. The tools used by MSPs and other service providers act as a gateway to their clients’ systems and, as we saw in the Texas and PercSoft incidents, enable multiple organizations to be ransomed in one fell swoop."

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Two-Thirds of Firms Have Suffered ERP Data Breaches

2
News

Publishers Targeted by GhostCat Malware

3
News

Hearing Aid Giant Warns of $95m in Ransomware Losses

4
News

Airbus Suppliers Hit in State-Sponsored Attack

5
News

America Launches New Cybersecurity Directorate

6
Blog

FBI: Israel Used StingRays to Spy on the US

1
News

FDA Issues Cybersecurity Warning for Medical Devices

2
News

Nearly 70 US Government Organizations Hit by Ransomware Since January

3
News

NiceHash Co-Founder, Wanted in the US, Arrested in Germany

4
News

Security Serious Awards: Infosecurity Magazine, Canon Europe and Cordery Among Winners

5
Blog

Signal From Noise: How to Win Customers and Influence CISOs

6
Blog

Security by Sector: Two in Five Real Estate Pros Say Industry is Unprepared for Cyber-Attacks

1
Webinar

Mitigating the Spear-Phishing Attack Threat

2
Webinar

Identifying and Defending Against Advanced and Automated Attacks

3
Webinar

Common IAM Fears and How to Overcome Them

4
Webinar

The Persistence of Ransomware, New Variants & Better Tactics to Defend & Defeat

5
Webinar

Mobile Access: Best Practices for a Modern Security Approach

6
Webinar

The Key to Successful Cybersecurity Projects: Asset Management - Asking the Right Questions

1
Interview

Interview: Matt Davey, COO, 1Password

2
Opinion

The CFO’s Perspective: Steps to Quantifying Cyber Risk

3
News

#44CON: GPS Trackers Hacked to Make Premium Rate Calls

4
News Feature

Infosecurity Magazine Online Summit 2019: A Preview

5
Blog

Security by Sector: Charity Workers Least Likely to Receive Email Security Training

6
Opinion

Debunking Five Myths about Zero Trust