If you always thought that Ransomeware only affected personal files on the consumer computer, then you have it all wrong. Imagine a Ransomware taking over a hospital computer, and it locks down access to patients’ data? It has happened for real, and the hospital had to redirect Emergency patients to other hospitals. Emsisoft has released an updated report on the state of Ransomware and how it impacted the United States in 2019.
How has Ransomware impacted the US in 2019
In 2019 alone, Ransomware has attacked at least 966 government agencies, educational establishments, and healthcare providers. It resulted in a loss of $7.5 billion in terms of recreating the data, restoring backups, loss in working hours, and loss of customers. The figure of 966 includes 113 state and municipal governments and agencies, 764 healthcare providers, and 89 universities, colleges and school districts
764 Healthcare Providers. It is Huge.
While everything else can be restored, but if anything impacts healthcare, it could be a matter of death and life for someone. Imagine surgery had to be delayed because the tests and other data which were available online had been blocked or wholly lost because of the Ransomware. Here are the complete details:
- 911 services were interrupted.
- Dispatch centers had to rely on printed maps and paper logs to keep track of emergency responders in the field.
- Police were locked out of background check systems and unable to access details about criminal histories or active warrants.
- Surveillance systems went offline.
- Badge scanners and building access systems ceased to work.
- Jail doors could not be remotely opened.
- Schools could not access data about students’ medications or allergies.
Its time that Government, Healthcare sectors start taking Ransomeware seriously. 2020 cannot be different, and it may only get worse. Not only it is a good idea to take real-time back, but if they are using Windows, its time to enable Controlled Folder access.
Why did it happen?
Ransomware incidents increased sharply in 2019 due to organizations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses. Combined, these factors created a near-perfect storm. In previous years, organizations with substandard security often escaped unpunished; in 2019, far more were made to pay the price, both figuratively and literally, says Emsisoft.
They are not acting responsibly. That’s how I would put it. Since it will cost money, and if I can find a loophole in the law, I would choose to skip it, so save some extra bucks. Honestly, Viruses and Malwares are easy to handle, but not Ransomeware. They can even corrupt backup files if they are not protected.
According to a report issued by the State Auditor of Mississippi in October 2019 stated these were the reasons.
- Disregard for cybersecurity in State government
- No security policy plan or disaster recovery plan in place
- No place for performing legally mandated risk assessments
- Sensitive information is not encrypted.
- Most of the respondents did not comply fully with the Enterprise Security Program.
Remember, Security is not simple. Either you protect entirely it, or you don’t. A loophole in the security will leave you unnoticed for an extended period. Imagine a Ransomeware which keeps locking your backup copy in the background. You only get to know when you need it, and you have no option because you never checked the backup or tested it.
What is even surprising that governments are failing to implement necessary and well-established best practices. In the US, a lot of data is online, including healthcare. They must be aware that they will always be a target, and backup might not work all the time.
The total cost because of the Ransomware attack in terms of money was estimated at $8.1 million, and 287 days to recover.