Login

***harlan4096*** · 24 September 20, 09:42

Quote:

The ransomware crisis

At the end of 2019, we stated the ransomware threat had reached a crisis level. Since then, the situation has only worsened, with attacks on healthcare and other public and private sector organization continuing and escalating during the course of the pandemic. Even a ventilator manufacturer was attacked.

Compounding the problem is the fact that more and more groups have started to steal data and using the threat of releasing it as additional leverage to extort payment. Data is now stolen in about 1 in 4 attacks, resulting in very sensitive information falling into the hands of cybercriminals and subsequently being posted online.

Additionally, the average demand has increased significantly and now stands at somewhere between $150,000 and $250,000 USD, with multi-million dollar demands becoming increasingly commonplace. The highest demand publicly reported is $42 million; the highest demand not to be publicly reported is said to be in excess of $1 billion. For context, the average demand in 2018 was a little over $5,000. As a result of this increase, cybercriminals are better resourced and more motivated than ever.

We estimate that more than $25 billion will be paid in ransom demands during 2020, with an economic toll on the global economy of almost $170 billion – and these are extremely conservative estimates.

So far this year, at least 219 organizations in the US government, education and healthcare sectors – including multiple hospitals – have fallen victim to ransomware attacks and, in an increasing number of those incidents, sensitive data is being stolen and published online. Globally, there have been more than 170,000 successful attacks in 2020.

The impact of these attacks was significant.
Personal information was exposed.

Protected health information was exposed.

Intellectual property was lost.

Data was stolen from companies in the US Defense Industrial Base sector, including a contractor that supports the Minuteman III nuclear deterrent.

Companies were forced into insolvency.

Healthcare providers and other organizations were hit with class-action lawsuits.

Sensitive information relating to child abuse cases and veterans’ PTSD claims was posted online.

Sensitive information relating to ongoing police investigations was posted online.

Prosecutions were dropped due to evidence being lost.

Emergency patients were turned away from hospitals, medical records were inaccessible and in some cases permanently lost, surgical procedures were canceled, tests postponed and 911 services interrupted.

In short, these incidents represent a risk to national security, to election security, to companies’ intellectual property and financial security, to individuals’ personal information and to their health, safety and wellbeing.

The first ransomware-related fatality

Further underscoring the risks associated with these incidents, there now appears to have been a ransomware-related fatality. A hospital in Germany was unable to accept new patients after an attack and, as a result, a woman with a life-threatening condition was redirected to another hospital 20 miles away and died as a result of the delay in receiving treatment. Such a tragedy was entirely foreseeable. In fact, we specifically mentioned the possibility in a 2019 report.

Quote:
“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020. Governments and the health and education sectors must do better. ” — Fabian Wosar, CTO, Emsisoft.

This will not be the last fatality. Unless governments make legislative changes, it is inevitable that more lives will be lost.
...

Login
Username/Email:
Password:	Lost Password?
	Remember me