Ransomware attacks in 2020 had a huge impact on companies and organizations in America. Ransomware gangs targeted the healthcare and education sectors, the federal, state, and municipal governments and departments. These sectors had no less than 2,354 attacks in 2020 as per the most recent State of Ransomware report of Emsisoft, a cybersecurity company based in New Zealand.
There were more ransomware attacks toward the latter part of 2019. The attacks slowed down at the beginning of 2020, but there was a major synchronized campaign started in September that significantly increased attacks and kept escalating all through the year 2020.
In 2020, federal, state, and municipal governments and departments had at least 113 ransomware attacks. Healthcare facilities had 560 attacks in 80 independent incidents, and schools, universities, and colleges had 1,681 attacks.
These attacks have resulted in considerable financial problems and in certain instances, the attacks had deadly repercussions. Patient services were suspended, ambulances were rerouted to other facilities, 911 services were disrupted, medical consultations were delayed and test results were untimely. It was just luck that there were no ransomware-related deaths reported in the US this past year. It is a must to improve security throughout the public sector.
One of the most horrible attacks was on Universal Health Services. The health system’s over 400 hospitals and healthcare facilities in the U.S. were affected by the attack and suffered extensive disruption. The ransomware attack on the University of Vermont Health Network compelled the shutdown of its systems, which include its EHR system. A number of hospital systems were inaccessible for a number of weeks following the attack. Because of the attack, the health system sustained about $1.5 million a day in extra expenses and lost income until it had its systems restored. According to statistics quoted in the report, a ransomware incident on average costs $8.1 million and it takes 287 days to fully recover.
It has become more and more typical for ransomware attackers to steal sensitive information before file encryption and to issue threats to expose or sell the stolen information if no ransom is paid. This strategy was first used by the Maze ransomware gang at the start of 2020, but now at least 17 other threat groups use the same strategy.
In certain instances, the deletion of the stolen data is not guaranteed despite paying the ransom. Some of the ransomware gangs known for doing this are the Sodinokibi (REvil), Mespinoza and Netwalker.
Emsisoft remarked that in the first six months of 2020, just one attack leaked stolen data from the 60 attacks on federal, state, county, and municipal governments and departments. But in the second six months, 23 of 53 attacks had leaked stolen data. There were 12 attacked healthcare organizations that had their stolen sensitive data leaked over the internet.
2020 was obviously a terrible year. 2021 may not be any better. Most likely, ransomware attacks will continue and even escalate. Therefore, significant action is necessary or else cybercriminals will be very successful again in 2021.