An Overview of Ransomware Attacks in 2019
Ransomware has cost companies an average of $84,116 per ransom in the last quarter of 2019, according to data from Coveware. These figures do not even begin to account for the costs of reputational damage to the companies, network remediation, and other operational expenses incurred as a result of the attacks.
How ransomware attacks are executed depends entirely on the individual software, but there is a common thread among each of them – they’re as damaging for governments, hospitals, universities, and other organizations as they are lucrative for the cybercriminals that use them.
“Ransomware” is a catch-all term for malicious software programs that infect computers and threaten to cause data breaches and other data loss disasters should the victims not pay a ransom. Popular ransomware programs include REvil (aka Sodinokibi), Snatch, and Maze, among hundreds of others.
With the rising prevalence of cyber criminals offering ransomware as a service, the CurrentWare team has opted to bring awareness to the potential damage these programs can cause to unprepared organizations by providing an overview of notable ransomware attacks in 2019.
Multiple Attacks in the State of Maryland (USA)
In 2019, the state of Maryland in the USA fell victim to two ransomware attacks – one in the city of Baltimore, and another at the police department for the city of Salisbury.
These devastating ransomware attacks have influenced state lawmakers to propose a law that would make the possession of ransomware a criminal offense regardless of proven criminal intent, with exceptions provided for cybersecurity researchers studying the malware for legitimate research purposes.
The Salisbury Police Department’s (SPD) attack occurred through attackers gaining access to their systems via a longtime third-party software vendor. The likely loss of trust between the SPD and its software vendor has the potential to have a notable impact on their business relationship.
In terms of more significant impacts, fortunately for the SPD, they had a system backup that prevented their data from being lost, and there was no evidence that any data was stolen or downloaded from their compromised system. They also had procedures in place to address the downtime associated with the temporary technical downtime, opting to rely on a paper-based system to continue responding to calls.
As for the city of Baltimore, their 2019 ransomware attack has had a much more significant impact. Reports have claimed they were forced to pay a 6 million US dollar ransom as a result of the attack, which had to come from the city’s existing budget for critical information technology infrastructure. The ransomware attack has prompted the city of Baltimore to consider purchasing insurance to cover the costs of future hacks.
Norsk Hydro (Norway)
Norsk Hydro, an aluminum supplier in Norway’s capital of Oslo, suffered a ransomware breach in March of 2019.
The financial impact of the cyberattack is estimated to have peaked at the equivalent of US$71 million. Fortunately Norsk Hydro was in a position that they were not forced to fund the cybercriminals responsible – they offered to forgo the ransom payment in favor of recruiting the cybersecurity team at Microsoft to restore their operations.
Eurofins Ransomware (UK)
Eurofins Scientific is the largest police forensics services firm in the UK; they provide a range of analytical testing services to clients across various industries.
The June 2019 ransomware attack forced Eurofins to shut down many of their servers and systems to limit the spread of the ransomware within their network. The ransomware attack had led to a backlog of 20,000 forensic samples, causing significant delays in their day-to-day operations.
Why is Ransomware so Devastating?
Ransomware attacks against companies that store and process sensitive data such as personally identifiable information (PII), trade secrets, and crime scene evidence are particularly devastated when ransomware strikes. These sorts of organizations have an added pressure to pay the ransom to recover their data following an attack should they not have secured backups prepared.
In addition to the financial and organizational productivity impacts that ransomware attacks can have, these programs may also cause copies of the data stored in the systems they infect to be copied and sold for additional profit for the cybercriminals. These data breaches can lead to further incidents including blackmail and identity theft, creating a serious concern for both organizations and the people that are left to trust them to have essential services fulfilled.
How Can I Protect Against Ransomware?
Ransomware is often spread through phishing emails that contain malicious attachments, or through “drive-by downloading” where malicious files are unknowingly downloaded to a user’s machine from an infected website.
There are key steps organizations can take to proactively mitigate the chances of a ransomware infection, including:
- Maintaining secure backups of their data that are separate from the internet, reducing the pressure to pay ransoms that encourage cybercriminals to use ransomware
- Use internet filtering software to restrict internet access to unsafe websites that may be used to transmit ransomware and block downloads from the internet to proactively prevent ransomware that is transmitted through phishing scams.
- Protect endpoint devices such as computers by using endpoint security software with USB access control features. Endpoint security software helps to prevent negligent users from becoming insider threats after unknowingly infecting their organization’s endpoints with a compromised USB device.
