Manufacturing, Education, and Healthcare Industries hit hardest
The year 2020 was a difficult one for the world. While things like the COVID-19 pandemic, business shutdowns, and a lack of toilet paper may rush into your mind, those in IT and cybersecurity are thinking about the surge of ransomware attacks reported over years past.
The COVID-19 pandemic created a slew of technology and cybersecurity challenges as businesses, government agencies, and other organizations were forced into employing a remote workforce with little to no notice. From schools taking learning online to companies of all sizes sending employees home to work with no initial control over cybersecurity, everyone became a prime target for cybercriminals looking to score big.
According to an article by Security Boulevard, there were a total of 199.7 million ransomware attacks globally in the third quarter of 2020 alone. That’s an increase of 40 percent!
By examining these ransomware attacks, we can learn what to watch for in the coming year and implement methods for protecting ourselves whether employees are back in the office or continuing to work remotely.
What is Ransomware?
Ransomware is a malicious software that threatens an organization by denying access to its own data. Ransomware is typically installed through a phishing email and email attachments. Once ransomware infiltrates a system or network, it encrypts data and the attacker demands a ransom with the promise of restoring access once the ransom is paid. Sometimes bad actors keep their word and sometimes they don’t, which makes paying the ransom to regain access even riskier.
Without access to their data, many businesses fall apart. Work comes to a screeching halt and nothing can be accomplished until the situation is rectified. This means a loss of time and money which could cost the organization in question a loss of reputation and future business. The total losses, over time, could even lead a company to fail altogether.
The Manufacturing Industry
In June 2020, ransomware attacks exploded across all industries, according to Security Intelligence. The same source reported IBM Security X-Force responded to an increased number of ransomware attacks in 2020 with “ransom demands of more than $40 million.” The organization also reported manufacturing companies were hardest hit by ransomware in 2020. Nearly a quarter of all IBM Security E-Force ransomware incident responses were attacks on manufacturing companies.
In January 2020 a United States Department of Defense contractor, Virginia-based Electronic Warfare Associates, had systems infected with the Ryuk ransomware. ZDNet reported the company’s data on its web servers were encrypted as a result of the attack. The company, which provides electronic warfare products and services to the government and commercial markets in cyber defense, radar security, information management, and more, was forced to take down its impacted web servers.
In March, TechCrunch reported Visser, a parts manufacturer for Tesla and SpaceX, also experienced a ransomware attack. Based in Denver, Colorado, Visser crafts parts for several industries including aeronautics and automotive. The company issued a statement explaining access to or theft of data had occurred as a result of the cybersecurity incident which was caused by the DopplePaymer ransomware. According to TechCrunch, this is “a new kind of file-encrypting malware which first exfiltrates the company’s data.”
A California-based defense contractor, CPI, was also knocked offline in 2020 due to a ransomware attack as were the North American branches of EVRAZ, one of the world’s largest steel manufacturers and mining operations. Kimchuk, a medical and military contractor, was also hit with ransomware that stole data and stopped production temporarily. The company refused to pay the ransom and hackers began publishing part of data it stole from Kimchuk as a result including the company’s payroll records, broker approvals, and purchase orders. The list goes on.
The educational industry was also hit hard in 2020 when it came to ransomware attacks. Cybercriminals were able to encrypt about .02 percent of data stored by the University of Utah’s College of Social and Behavioral Sciences before the university’s information security officer detected the attack, according to an article by The Salt Lake Tribune.
The ransomware attack led to a hack of servers on July 19 which made the data “temporarily inaccessible.” The university issued a statement that it paid $457,059.24 to an “unknown entity” and “careful consideration” was given in paying the funds “as a proactive and preventative step to ensure information was not released on the internet” including employee and student information.
Institutions of higher learning were not alone in being targeted. Local school districts also found themselves being victimized as well. For example, the Athens Independent School District in East Texas discovered the district’s entire network had been encrypted just days before school was due to resume on Aug. 3, 2020. The hackers encrypted everything from student assignments to teacher communications, freezing the district from doing anything. A $50,000 ransom was demanded and the start of school was delayed by an entire week while the district struggled to regain control, according to an article by Pew Trusts.
Pew reported at least 16 school districts across the U.S. experienced ransomware attacks between the end of July and beginning of August from Hartford Public Schools in Connecticut to Ponca City Public School in Oklahoma, often leading to school closures and delays.
“Attackers are finding schools and universities to be an even more attractive target for ransomware attacks, especially as they begin classes virtually or are experimenting with hybrid environments due to COVID-19,” according to the piece by Security Intelligence. “A cluster of universities attacked in May and June of 2020 has expanded to additional academic institutions in August and September, with universities paying ransoms ranging from $400,000 to over $1 million in the hope that sensitive information on faculty, students, and research is not publicly released.”
2020 also saw increased ransomware attacks against the healthcare industry, which was already struggling with the COVID-19 pandemic. Such attacks were focused on stealing medical and research data in addition to other information. This included attacks that attempted to take research information surrounding the development of the COVID-19 vaccine itself as well as it’s disbursement to hospitals, according to a piece on LinkedIn.
On Oct. 28, 2020, the United States Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), issued an alert regarding ransomware activity targeting the healthcare and public health sectors. The advisory warned healthcare organizations about the “tactics, techniques, and procedures used by cybercriminals” to infect systems with ransomware, especially Ryuk and Conti, for financial gain.
The same day, Reuters reported dozens of hospitals had been hit with ransomware attacks from Oregon and California to New York. This led at least one hospital to function completely on paper as they were unable to transfer patients to the nearest facility an hour away. The government had previously warned hospitals to ensure “backup systems were in order, disconnect systems from the internet where possible, and avoid using personal email accounts,” according to the Reuters piece.
MIT Technology Review reported at least six U.S. hospitals had been targeted which led to an interruption in healthcare during the pandemic. The St. Lawrence Health System in New York, Sonoma Valley Hospital in California, and Sky Lakes Medical Center in Oregon all reported to having been hit by ransomware. Reuters reported ransomware attacks had jumped 50 percent in the previous three months and attacks against American hospitals had risen a shocking 71 percent between September and October 2020 according to the MIT blog. Government officials have warned organizations within the healthcare industry to take additional precautions against ransomware as future “attacks could potentially threaten patients’ lives.”
How to Battle Ransomware
There are many preventative measures your organization can take to stop ransomware before it gets a foot in your door regardless of industry. Start with the following tips:
Don’t Click It Until You Check: Never open suspicious emails or those from unknown sources. This is just as true for links within the emails or attachments. If a known source sends you an unexpected email with links or attachments you weren’t expecting, call them directly to ask if they emailed you before clicking on them. They may have been hacked.
Employ Scanning and Filtering Software: When it comes to email, use scanning and filtering software will aid in preventing ransomware attacks. Such software reduces the odds of ransomware even making it to the inbox of your employees in the first place.
Back It Up: Ensure you have backed up all data in an external hard drive that’s not connected to your computer. You can also back up data in the cloud so that you don’t get stuck paying a ransom should you get hacked.
Avoid Sharing Personal Information: Whether you receive a call, text, or email requesting personal information such as logins, passwords, or financial information, do not respond without verifying the source of the request first. The request may be coming from a cybercriminal.
Train Staff: Provide ongoing, regular training regarding cybersecurity threats such as ransomware to every employee. Such training should occur during onboarding and at least every six months thereafter. This will arm your employees with knowledge to help protect your organization and further reduce the odds of a ransomware attack.
By examining the threats that spiked over the course of the last year such as ransomware, we can all prepare ourselves with better cybersecurity in 2021. For more information about protecting your organization or business from ransomware and cybersecurity best practices, contact Dox Electronics now at (585) 473-7766. The initial consultation is free and there is no obligation.