2019 Year in Review for Ransomware

Laura BednarCybersecurity and Vulnerabilities, Digital Forensics InformationLeave a Comment

2019 Ransomware Year in Review

As evidence shows, 2019 was a busy year for cyber criminals. Across the country, ransomware attacks are rising. Most recently, schools, hospitals, and local governments have fallen victim to ransomware attacks. State governments have been largely affected by widespread attacks, with nearly 1,000 reports documented in cities nationwide. In some cases, damage rates have surpassed cities’ insurance coverage rates and forced them to declare a state of emergency.

Contact Us Now

What is ransomware?

Ransomware is malicious software that denies access to a computer database until a ransom payment is made. If a payment is not made in full or when requested, the attacker can severely impair an operating database or shut it down completely. This type of computer attack can affect individuals and businesses.

How ransomware infects systems

Normally, ransomware requires the action of a third party to launch. This typically involves the end user opening an email, infected attachment, or malicious link. A ransomware attack follows five standard steps. This includes:

  • System compromise
  • Malware seizes control
  • Victim notification
  • Ransom paid
  • Access restored

First, the operating system is compromised in some capacity. In most cases, the end user must take an action to infect the operating system with malware. After the end user takes action, the malware encrypts data and denies access to certain users. Then, the end user is notified of the attack, the payment requested, and instructions for paying the attackers. After receiving payment, the attackers return use of operating systems to the end user. Payment does not always ensure data will be returned, and makes victims vulnerable to attacks in the future because they have already payed once.

Ransomware 2019 Year in Review

Counting ransomware attacks

Each year, the number of ransom attacks rises. Recent reports show the damage done so far in 2019:

  • 948 documented ransom attacks
  • 759 attacks in the healthcare industry
  • 103 attacks on government entities
  • 86 attacks in the educational sector
  • 23 attacks on agencies in Texas
  • 4 attacks on major US cities

Emergency response services, emergency care, confiscated medical records, and interruption of surveillance equipment are just a few examples of the damage that malware attacks have caused. City operations have been impacted too, including breaches of tax payment systems and driver’s license renewals. In some cases, cyber criminals have prevented access to vital data by city officials. As a result, city operations can be brought to a standstill for days or longer.

Vulnerable industries

Although anyone can fall victim to a ransom attack, certain industries are more vulnerable than others. In the US, the following industries report the highest rates of ransom attacks:

  • Government (27%)
  • Manufacturing (20%)
  • Healthcare (14%)
  • Retail (6%)
  • Education (5%)

Of all industry-related attacks, incidents involving manufacturing companies are on the rise. Experts attribute this trend to the fact that the software used to carry out attacks on the manufacturing sector continually evolves. In the first half of 2019, the rate of malware attacks rose 200% over the second part of 2018. Within the manufacturing sector, most of these attacks targeted chemical and pharmaceutical companies. In the healthcare industry, hospitals and medical facilities that store large volumes of patient records are commonly targeted by cyber criminals.

The cost of ransomware attacks

In 2018, a single malware attack resulted in approximately $2.6 million in damages. Of all malware attacks, ransomware attacks were the most expensive, costing up to $646,000 apiece. That is a 21% rise from the previous year. In 2019, the global estimate for ransom attacks is $5.2 trillion. Earlier this year, an attack on the city of Baltimore alone cost $18.2 million including delayed or suspended operating costs and data recovery.

Stopping malware attacks

Stopping a malware attack before it happens is the best way to protect data and prevent significant financial losses. Using multi-step identification factors and refraining from opening suspicious-looking emails and attachments is a good start. If you have been victimized in a ransomware attack, don’t hesitate to contact Secure Forensics. Using state-of-the-art technology, we can ID a ransomware attack, bring it to an end, and determine what information was compromised. Call our forensic examiners at 1-800-288-1407 to learn how they can help.