Ransomware attacks have had a big impact on companies and organizations in the United States, and 2020 was in particular a bad year. Ransomware gangs targeted the healthcare sector, education industry, and federal, state, and municipal governing bodies and agencies. There were at least 2,354 attacks on these sectors in 2020, based on the most recent State of Ransomware report by Emisoft, a cybersecurity firm based in New Zealand.
The number of ransomware attacks grew a lot at the end of 2019, and although the attacks declined in the first half of 2020, a big coordinated campaign began in September when attacks significantly increased and occurred in big numbers up to the rest of the year.
In 2020, a minimum of 113 ransomware attacks involved federal, state, and municipal governments and agencies, 560 attacks involved healthcare establishments in 80 individual incidents, and 1,681 attacks on schools, colleges, and universities.
These attacks have resulted in substantial financial damage and in certain cases the life-threatening effects. Healthcare providers had to suspend services, redirect ambulances to other centers. There were 911 services disturbed. Medical procedures were re-scheduled and test results were deferred.
One attack that caused the most damages was on Universal Health Services. The health system operates more than 400 hospitals and healthcare facilities across the United States. The attack had affected the different locations and brought about substantial disruption. Another ransomware attack on the University of Vermont Health Network shut down the systems, which include its EHR system. A number of hospital systems stayed inaccessible for a couple of weeks after the attack. The health system suffered a loss of around $1.5 million a day in terms of extra expenses and lost income while it recovered. According to statistics, on average, the cost of a ransomware incident is $8.1 million in addition to 287 days recovery time.
Ransomware attackers today commonly steal sensitive data prior to file encryption and threatens the victims to publish or sell the stolen information when no ransom is paid. This strategy was first used by the Maze ransomware gang, however, a lot of threat groups have now used the same approach. Emsisoft mentioned that only the Maze ransomware gang exfiltrated information before encrypting files at the beginning of 2020. However, now about 17 more threat groups are doing the same.
In certain cases, paying the ransom does not guarantee the deletion of the stolen data. A number of ransomware gangs, such as Netwalker, Mespinoza and Sodinokibi (REvil) are known to have published stolen records even after getting ransom payment.
Emsisoft states that in the first half of 2020, only one of the 60 ransomware attacks on federal, state, county, and municipal governments and agencies resulted in leaked stolen information; nevertheless, in the second half of 2020, 23 out of the 53 attacks had exposed stolen information on leak websites. No less than 12 healthcare companies attacked with ransomware saw their stolen sensitive information leaked on the internet.
2020 was evidently a bad year, however, there is no assurance that 2021 will be better. Ransomware attacks will probably go on and may get worse. Unless considerable action is taken, 2021 will likely be another profitable year for cybercriminals.