Winners and Losers in the Latest Ransomware War

on October 11, 2017

It really is not hyperbolic to say that we are at war with cybercriminals, with the ransomware arena being the worst and most active front. Who is winning, who’s losing? It’s not a pretty picture. As you will see below, there aren’t many winners, so let’s start with the losing side:

Losers

Police Departments: According to NBC News, police departments in at least seven states have been hit by ransomware in the past couple of years. Just last year, five sheriff and police departments in Maine were victims of ransomware viruses.

Why police?

Because police computer systems are notoriously old, slow, and outdated, often running Windows Vista, XL, and even DOS. Even worse: They are a treasure trove of valuable, confidential data, things like rape and violent crime reports, investigations, access to national data bases and more.

According to NBC, Lincoln County Maine’s Sheriff Todd Brackett didn’t want to pay the ransom. But, after two days, did. “We are cops,” he said. “We generally don’t pay ransoms.”

Until they do.

Educational Institutions: In late 2016, Los Angeles Valley College lost control of its computer network to a ransomware infestation. Solution? The Los Angeles Community College District paid $28,000 in bitcoin to the hackers, with the money coming from a cybersecurity insurance policy.

Colleges and universities are especially susceptible to ransomware due to the open nature and complex systems of a university environment.

How vulnerable are they? According to BitSight, educational institutions are in fact the most common victims of ransomware attacks, with roughly 1 in 10 such institutions having been a victim of a malware attack.

Hospitals: Famously, Hollywood Presbyterian Hospital paid out $17,000 to hackers in 2016, but they are not alone. Similar attacks have recently been launched on the New Jersey Spine Center, Urgent Care Clinic of Oxford, and the Marin Healthcare District.

According to Wired, “If you have patients, you are going to panic way quicker than if you are selling sheet metal.” Indeed, “hospitals are the perfect mark for this kind of extortion because they provide critical care. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.”

Winners

The Bad Guys: It is almost impossible to overstate just how successful cybercriminals have been with their extortion-based ransomware scheme:

  • Ransomware attacks are up by 300% over last year
  • Ransomware infects more than 30,000 devices a month
  • Average ransoms more than doubled to almost $700 last year, over $1 billion total
  • Less than half of victims recover all of their data

Computer security companies: What can a small business, hospital, police department, or other organization do in the face of this sophisticated computer assault? Their best bet is to backup regularly to the cloud, and rely on security software.

Now.

© 2017 The Strauss Group, Inc.