State of Ransomware in the U.S.: 2019 Report for Q1 to Q3

[harlan4096]

In the first nine months of 2019, at least 621 government entities, healthcare service providers and school districts, colleges and universities were affected by ransomware. The attacks have caused massive disruption: municipal and emergency services have been interrupted, medical practices have permanently closed, ER patients have been diverted, property transactions halted, the collection of property taxes and water bills delayed, medical procedures canceled, schools closed and data lost.

State, city and county entities

At least 68 state, county and municipal entities have been impacted since the beginning of the year. Incidents include:

* Lake City: In June, Lake City fell victim to a Ryuk attack. The $460,000 ransom demand was covered by an insurance policy subject to a $10,000 deductible. The IT director was fired and is now suing the city. Not all data was recovered.

* Baltimore. In May, Baltimore became the second U.S city to be hit by a strain of ransomware called RobbinHood. The city refused to pay the demand of $76,000. The attack caused widespread disruption to service delivery, with property transactions, and tax and water billing all being delayed. Recovery costs have been estimated at $18.2 million.

* New Bedford: In July, New Bedford received the largest ever publicly disclosed ransom demand – $5.3 million – after its systems were compromised. The city made a counteroffer of $400,000, which was rejected. Recovery costs are estimated at less than $1 million and will be covered by insurance.

Education

There were a total of at least 62 incidents involving school districts and other educational establishments, which potentially impacted operations at up to 1,051 individual schools, colleges and universities.

* Rockville Centre School District: RCSD, a district with seven schools, fell victim to a Ryuk attack in July. The ransom was paid by the school’s insurance carrier, which was able to negotiate a lower ransom payment, reducing the ransom demand from $176,000 to $88,000. RCSD was charged a $10,000 deductible.

* Louisiana public schools: In July, the school districts of three North Louisiana parishes, Sabine, Morehouse and Ouachita, were hit by ransomware. In response, Governor John Bel Edwards declared a state of emergency, which allowed state resources (such as cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services and others) to be made available to the impacted schools.

* Moses Lake School District: In July, Moses Lake School District, which encompasses 16 schools, was affected by a ransomware attack originating from an IP address in Moscow. The district refused to pay the $1 million ransom, instead choosing to rebuild their systems by restoring servers from offline backups that were four to five months old.

Healthcare

The healthcare sector continued to be a popular ransomware target. Cybercriminals understand that healthcare providers are often more inclined to pay the ransom as failure to do so may result in data loss that could potentially put lives at risk. From Q1 to Q3 there were a total of 491 ransomware attacks on healthcare providers, including:

* Park DuValle Community Health Center: In June, a ransomware attack resulted in ParkDuvalle Community Health Center being unable to access medical records, patient contact details and insurance information. For seven weeks, ParkDuvalle’s four clinics were unable to make appointments and staff were forced to resort to using a pen and paper system. ParkDuvalle eventually agreed to pay the $70,000 ransom.

* PerCSoft: In late August, PerCSoft, a cloud management service that provides backup solutions for dental practices in the U.S., was infected with a strain of ransomware called Sodinokibi. Approximately 400 dental offices were unable to access patient information. Several sources claim the ransom was paid, although the total amount was not specified.

* Campbell County Health: In September, Campbell County Health, Wyoming, suffered a ransomware attack that caused widespread disruption. Inpatient admissions were halted, surgeries were canceled and ER patients were redirected to other hospitals. Two other institutions connected to Campbell County Health were also affected by the attack.
...

Continue Reading