Ransomware Attacks Increase and Demand Bigger Payouts

An increasing number of cities, hospitals and businesses are being attacked by ransomware, by which bad actors shut down the victim’s computer network until a ransom is paid. Up until now, these attacks have been hard to measure since many of those impacted quietly paid the ransom without notifying any authorities. Security firm Emsisoft just reported a 41 percent increase in ransomware attacks between 2018 and 2019, with 205,280 businesses and other groups submitting evidence of such intrusions in 2019.

The New York Times reports that, according to data from security firm Coveware, “the average payment to release files spiked to $84,116 in the last quarter of 2019, more than double what it was the previous quarter.” That figure jumped to $190,946 in the last month of 2019, “with several organizations facing ransom demands in the millions of dollars.”

According to security experts, these numbers don’t reflect “the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down.” “Anything of value that is smart and connected can be compromised and held for ransom,” said McAfee chief technology officer Steve Grobman. “If critical infrastructure systems are held for ransom, what is our policy going to be for dealing with those?”

A few years ago, ransomware attacks were largely targeted against individuals but that’s changed. The Coast Guard, for example, reported that, in December, a cargo transfer facility (in an unidentified location) shut down for 30+ hours after attackers took control of “the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations.”

New Orleans was “one of dozens of cities hit by ransomware over the last year,” which are “still conducting many operations on paper,” NYT adds.

Although public sector organizations accounted for only about 10 percent of all victims, according to Coveware, “cities appeared to be high on the target list because they are among the only victims who have to report the attacks.” One month after Travelex, the company that supplies currency to banks, was targeted by a ransomware dubbed Sodinokibi or REvil, “Barclays and several other banks are still unable to make foreign currency conversions for customers.”

The BBC stated that the hijackers in this case demanded $6 million. But even smaller companies are targeted, such as the 10-person, two-doctor medical office Brookside ENT and Hearing Services in Battle Creek, Michigan. One of those doctors, William Scalf, noted he was “suddenly retired” when he was unable to recover medical files via a $6,500 ransom demand.

The FBI stated that an online portal received 1,493 ransomware reports in 2018, but noted it is likely “artificially low,” lacking reports from other sources including field offices. “What we find most concerning is that it causes not just direct costs, but also indirect costs of lost operations,” said FBI cybersection chief Herbert Stapleton. “We certainly view it as one of the most serious cybercriminal problems we face right now.”