2019: The Year Ransomware Feasted on the US Public Sector | News & Opinion

652329 ransomware photo credit should read rob engelaar afp getty images - 2019: The Year Ransomware Feasted on the US Public Sector | News & Opinion

(Photo credit should read Rob Engelaar/AFP/Getty Images)

2019 is going down as the year ransomware wreaked havoc on the public sector.

In the US, the attacks impacted at least 103 US government agencies largely at the state and municipal levels, according to antivirus provider Emsisoft, a leading provider of ransomware decryption tools.

On Thursday, the company published a report detailing the ongoing ransomware epidemic, which has transitioned from targeting consumer PCs to preying on poorly-secured computers at large organizations, particularly from the public sector.

The attacks have been grabbing the headlines over the past year for shutting down IT services at city governments, schools and health providers. Just today, the City of New Orleans reported getting hit with a possible ransomware attack that’s prompted the city to order a shut down of municipal IT systems.

Emsisoft tried to tally up the scale of the problem in the US by pulling from press reports and the company’s data to count how many victims have been hit. Suffice it to say, the situation is bad. In addition to the government agencies, US-based ransomware attacks hit 86 universities, colleges and school districts this year. During the same period, 759 healthcare providers in the country were also victimized in the assaults.

The scale of the attacks indicates the hackers may have caused billions in damages. That’s because it can cost an organization thousands to millions of dollars to recover from a ransomware incident, Emsisoft said in the report.

“Given that ransomware attacks against governments, healthcare providers and educational institutions have indeed been proven to work, these sectors are likely to continue to be heavily targeted in 2020,” the company went on to warn.

Governments, schools and health providers are notorious for spending little on IT security due to their limited budgets. As a result, their computer systems can become easy targets for hackers. The intrusions can occur over an unpatched vulnerability in a remote login system, for example. Or the hacker will trick an employee into opening an email attachment that actually contains malware.

When it comes to ransomware, the attacks can unfold by secretly infecting not just one computer system, but whole fleets of machines to encrypt all the files on board. The hackers will then offer to free the encrypted data, but only if the victim pays up.

The antivirus provider Kaspersky Lab has also been tracking the ransomware attacks, and has found that they can end up demanding between $5,000 to as much as $5 million from victims when they target a municipal organization.

Unfortunately, addressing the problem won’t be easy. “The cybersecurity budgeting of municipalities is often more focused on insurance and emergency response than on proactive defense measures. This results in cases where the only possible solution is to pay the criminals and facilitate their activities,” Kaspersky Lab said in a report on Wednesday. “What’s more, the data stored in municipal networks is often vital for the functioning of everyday processes.”

To change the status quo, the public sector will need to prioritize IT security while refraining from paying the ransom demands, as doing so only incentives the hackers to strike again. Government agencies, schools and health care providers should also invest in creating backups too.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha loading...

Compare Products