US Bombarded With Ransomware

In 2019, the US was hit by an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.  The impacted organisations included:
 
 
• 103 federal, state and municipal governments and agencies.
• 759 healthcare providers.
• 86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.
 
The incidents were not simply expensive inconveniences; the disruption they caused put people’s health, safety and lives at risk.
 
What was the cost?
Due to the lack of publicly available data, it is not possible to accurately estimate the cost of these incidents. Perhaps the best indication of the potential cost comes from a statement made by the Winnebago County, Illinois' Chief Information Officer, Gus Gentner, in September: “Statistics let us know that the average ransomware incident costs $8.1 million and 287 days to recover.”
 
If that is correct, the combined cost of 2019’s ransomware incidents could be in excess of $7.5 billion. 
 
While we believe this overstates the actual costs, a small school district’s recovery expenses are unlikely to run to seven figures, it nonetheless provides an indication of the enormous financial impact of these incidents. It should be noted that these incidents also had a broader economic impact. For example, in some instances, companies were unable to obtain the necessary permits and documentation to carry out certain work, disrupting and delaying their operations. Estimating these costs is beyond the scope of this report.
 
Why did it happen?
Ransomware incidents increased sharply in 2019 due to organisations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses. Combined, these factors created a near-perfect storm. In previous years, organisations with substandard security often escaped unpunished; in 2019, far more were made to pay the price, both figuratively and literally.
 
A Report issued by the State Auditor of Mississippi in October 2019 stated that: “Among the government offices that replied to the survey, the report shows at least 11 do not have adequate written procedures to prevent or recover from a cyberattack. 
“Another 22 respondents have not executed a third-party risk assessment. Having a third party test the vulnerability of an agency’s server is a requirement under state law....Further, 38% of all respondents indicate sensitive information like health information, tax data, and student information is not being encrypted to protect it from hackers”.
 
According to the auditor's reort there is a “disregard for cybersecurity in state government,” that “many state entities are operating like state and federal cybersecurity laws do not apply to them,” and identified problems including:
 
• Not having a security policy plan or disaster recovery plan in place.
• Not performing legally mandated risk assessments.
• Not encrypting sensitive information.
 
The report also stated that “Over half of the respondents were less than 75 percent compliant with the Enterprise Security Program.” The program establishes minimum security requirements and compliance is required by law. Only a minority of states conduct statewide audits and, despite the multiple serious deficiencies that Mississippi’s audit identified, it was nonetheless one of the States least affected by ransomware in 2019. 
 
The data show that these governments are under constant or near‐constant cyberattack, yet, on average, they practice cybersecurity poorly. 
 
While nearly half reported experiencing cyberattacks at least daily, one‐third said that they did not know whether they were under attack, and nearly two‐thirds said that they did not know whether their information systems had been breached. 
Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and a lack of adequate funding for it. 
 
The fact that governments are failing to implement basic and well-established best practices, even when legally required to do so, can only be described as grossly negligent, especially as these entities know fully well that they are likely to be targeted in the ongoing campaign of cyberattacks.
 
Conclusion
Like other businesses, criminal enterprises pursue strategies that have been proven to work. On the basis that ransomware attacks against governments, healthcare providers and educational institutions have indeed been proven to work, these sectors are likely to continue to be heavily targeted in 2020.  Additionally, given the financial resources now available to bad actors and the significant profits that can be made, organisations in these sectors should expect that attacks will increase in both sophistication and frequency, possibly with the threat of the release of exfiltrated data being used as additional leverage to extort payment.
 
Payments are the fuel that drive ransomware. The only way to stop ransomware is to make it unprofitable, and that means the public sector must practice better cybersecurity so that ransoms need not be paid.
 
EMSISOFT:       Wiley:       State Of Missisippi:
 
You Might Also Read:
 
Ransom Attack Strikes New Orleans:
 
US City Of Atlanta Suffers An Attack:
 
 
 
« Digital Shock: The 4th Industrial Revolution
Wanted: International Cyber Standards »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

iStorage

iStorage

iStorage is the leading global provider of PIN Activated, hardware encrypted, portable data storage solutions.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

BLOCKO

BLOCKO

BLOCKO is a blockchain specialized technology company that has experienced and achieved the largest amount of business in South Korea.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

Marlabs

Marlabs

Marlabs is a Digital Technology Solutions company that helps companies adopt digital transformation using a comprehensive framework including Digital Automation, Enterprise Analytics and Security.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

DRT Cyber

DRT Cyber

DRT Cyber deploys technology solutions to support the functions of cybersecurity, privacy, and risk management.

Maverits

Maverits

At Maverits, we are on a mission to reshape the cybersecurity landscape. We offer a wide range of services, including Threat Intelligence, Incident Response, Consulting & Training.