US Bombarded With Ransomware

Uploaded on 2019-12-31 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

In 2019, the US was hit by an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.  The impacted organisations included:
 
 
• 103 federal, state and municipal governments and agencies.
• 759 healthcare providers.
• 86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.
 
The incidents were not simply expensive inconveniences; the disruption they caused put people’s health, safety and lives at risk.
 
What was the cost?
Due to the lack of publicly available data, it is not possible to accurately estimate the cost of these incidents. Perhaps the best indication of the potential cost comes from a statement made by the Winnebago County, Illinois' Chief Information Officer, Gus Gentner, in September: “Statistics let us know that the average ransomware incident costs $8.1 million and 287 days to recover.”
 
If that is correct, the combined cost of 2019’s ransomware incidents could be in excess of $7.5 billion. 
 
While we believe this overstates the actual costs, a small school district’s recovery expenses are unlikely to run to seven figures, it nonetheless provides an indication of the enormous financial impact of these incidents. It should be noted that these incidents also had a broader economic impact. For example, in some instances, companies were unable to obtain the necessary permits and documentation to carry out certain work, disrupting and delaying their operations. Estimating these costs is beyond the scope of this report.
 
Why did it happen?
Ransomware incidents increased sharply in 2019 due to organisations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses. Combined, these factors created a near-perfect storm. In previous years, organisations with substandard security often escaped unpunished; in 2019, far more were made to pay the price, both figuratively and literally.
 
A Report issued by the State Auditor of Mississippi in October 2019 stated that: “Among the government offices that replied to the survey, the report shows at least 11 do not have adequate written procedures to prevent or recover from a cyberattack. 
“Another 22 respondents have not executed a third-party risk assessment. Having a third party test the vulnerability of an agency’s server is a requirement under state law....Further, 38% of all respondents indicate sensitive information like health information, tax data, and student information is not being encrypted to protect it from hackers”.
 
According to the auditor's reort there is a “disregard for cybersecurity in state government,” that “many state entities are operating like state and federal cybersecurity laws do not apply to them,” and identified problems including:
 
• Not having a security policy plan or disaster recovery plan in place.
• Not performing legally mandated risk assessments.
• Not encrypting sensitive information.
 
The report also stated that “Over half of the respondents were less than 75 percent compliant with the Enterprise Security Program.” The program establishes minimum security requirements and compliance is required by law. Only a minority of states conduct statewide audits and, despite the multiple serious deficiencies that Mississippi’s audit identified, it was nonetheless one of the States least affected by ransomware in 2019. 
 
The data show that these governments are under constant or near‐constant cyberattack, yet, on average, they practice cybersecurity poorly. 
 
While nearly half reported experiencing cyberattacks at least daily, one‐third said that they did not know whether they were under attack, and nearly two‐thirds said that they did not know whether their information systems had been breached. 
Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and a lack of adequate funding for it. 
 
The fact that governments are failing to implement basic and well-established best practices, even when legally required to do so, can only be described as grossly negligent, especially as these entities know fully well that they are likely to be targeted in the ongoing campaign of cyberattacks.
 
Conclusion
Like other businesses, criminal enterprises pursue strategies that have been proven to work. On the basis that ransomware attacks against governments, healthcare providers and educational institutions have indeed been proven to work, these sectors are likely to continue to be heavily targeted in 2020.  Additionally, given the financial resources now available to bad actors and the significant profits that can be made, organisations in these sectors should expect that attacks will increase in both sophistication and frequency, possibly with the threat of the release of exfiltrated data being used as additional leverage to extort payment.
 
Payments are the fuel that drive ransomware. The only way to stop ransomware is to make it unprofitable, and that means the public sector must practice better cybersecurity so that ransoms need not be paid.
 
EMSISOFT:       Wiley:       State Of Missisippi:
 
You Might Also Read:
 
Ransom Attack Strikes New Orleans:
 
US City Of Atlanta Suffers An Attack:
 
 
 
« Digital Shock: The 4th Industrial Revolution
Wanted: International Cyber Standards »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

National Cybersecurity Preparedness Consortium (NCPC)

National Cybersecurity Preparedness Consortium (NCPC)

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Technology Law Alliance (TLA)

Technology Law Alliance (TLA)

Technology Law Alliance is a specialist IT law firm focussed on the fields of technology, outsourcing and e-commerce.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

Drawbridge

Drawbridge

Drawbridge is a premier provider of cybersecurity software and solutions to the alternative investment industry.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.

Prescott

Prescott

Prescott acts as your guiding light in the preparation for your CMMC assessment and long after by governing your cybersecurity practice.

Leaf IT

Leaf IT

Leaf IT are a pioneering cloud-first MSP, dedicated to helping businesses in the UK and Ireland. We focus on delivering tangible results for our clients through IT transformation.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.