US Bombarded With Ransomware

In 2019, the US was hit by an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.  The impacted organisations included:
 
 
• 103 federal, state and municipal governments and agencies.
• 759 healthcare providers.
• 86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.
 
The incidents were not simply expensive inconveniences; the disruption they caused put people’s health, safety and lives at risk.
 
What was the cost?
Due to the lack of publicly available data, it is not possible to accurately estimate the cost of these incidents. Perhaps the best indication of the potential cost comes from a statement made by the Winnebago County, Illinois' Chief Information Officer, Gus Gentner, in September: “Statistics let us know that the average ransomware incident costs $8.1 million and 287 days to recover.”
 
If that is correct, the combined cost of 2019’s ransomware incidents could be in excess of $7.5 billion. 
 
While we believe this overstates the actual costs, a small school district’s recovery expenses are unlikely to run to seven figures, it nonetheless provides an indication of the enormous financial impact of these incidents. It should be noted that these incidents also had a broader economic impact. For example, in some instances, companies were unable to obtain the necessary permits and documentation to carry out certain work, disrupting and delaying their operations. Estimating these costs is beyond the scope of this report.
 
Why did it happen?
Ransomware incidents increased sharply in 2019 due to organisations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses. Combined, these factors created a near-perfect storm. In previous years, organisations with substandard security often escaped unpunished; in 2019, far more were made to pay the price, both figuratively and literally.
 
A Report issued by the State Auditor of Mississippi in October 2019 stated that: “Among the government offices that replied to the survey, the report shows at least 11 do not have adequate written procedures to prevent or recover from a cyberattack. 
“Another 22 respondents have not executed a third-party risk assessment. Having a third party test the vulnerability of an agency’s server is a requirement under state law....Further, 38% of all respondents indicate sensitive information like health information, tax data, and student information is not being encrypted to protect it from hackers”.
 
According to the auditor's reort there is a “disregard for cybersecurity in state government,” that “many state entities are operating like state and federal cybersecurity laws do not apply to them,” and identified problems including:
 
• Not having a security policy plan or disaster recovery plan in place.
• Not performing legally mandated risk assessments.
• Not encrypting sensitive information.
 
The report also stated that “Over half of the respondents were less than 75 percent compliant with the Enterprise Security Program.” The program establishes minimum security requirements and compliance is required by law. Only a minority of states conduct statewide audits and, despite the multiple serious deficiencies that Mississippi’s audit identified, it was nonetheless one of the States least affected by ransomware in 2019. 
 
The data show that these governments are under constant or near‐constant cyberattack, yet, on average, they practice cybersecurity poorly. 
 
While nearly half reported experiencing cyberattacks at least daily, one‐third said that they did not know whether they were under attack, and nearly two‐thirds said that they did not know whether their information systems had been breached. 
Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and a lack of adequate funding for it. 
 
The fact that governments are failing to implement basic and well-established best practices, even when legally required to do so, can only be described as grossly negligent, especially as these entities know fully well that they are likely to be targeted in the ongoing campaign of cyberattacks.
 
Conclusion
Like other businesses, criminal enterprises pursue strategies that have been proven to work. On the basis that ransomware attacks against governments, healthcare providers and educational institutions have indeed been proven to work, these sectors are likely to continue to be heavily targeted in 2020.  Additionally, given the financial resources now available to bad actors and the significant profits that can be made, organisations in these sectors should expect that attacks will increase in both sophistication and frequency, possibly with the threat of the release of exfiltrated data being used as additional leverage to extort payment.
 
Payments are the fuel that drive ransomware. The only way to stop ransomware is to make it unprofitable, and that means the public sector must practice better cybersecurity so that ransoms need not be paid.
 
EMSISOFT:       Wiley:       State Of Missisippi:
 
You Might Also Read:
 
Ransom Attack Strikes New Orleans:
 
US City Of Atlanta Suffers An Attack:
 
 
 
« Digital Shock: The 4th Industrial Revolution
Wanted: International Cyber Standards »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

CYBERPOL

CYBERPOL

CYBERPOL's mission is to facilitate the widest possible mutual assistance between all cyber crime law enforcement authorities to help mitigate global cyber threats.

IoT European Research Cluster (IERC)

IoT European Research Cluster (IERC)

IERC brings together EU-funded projects with the aim of defining a common vision for IoT technology and development research challenges.

SecuGen

SecuGen

SecuGen is a leading provider of advanced, optical fingerprint recognition technology, products, tools and platforms for physical and information security.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

DataNumen

DataNumen

The fundamental mission of DataNumen is to recover as much data from inadvertent data disasters as possible.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

SafeBase

SafeBase

Safebase provide the infrastructure for Trust Communication. Our Trust Center enables Security and Sales teams to share and automate access to security, compliance, and privacy information.