If a ransomware attacker knocked on your virtual door, would they find it locked, or could they easily gain entrance into your organization? This is a critical question to consider, given that ransomware attacks have increased up to 500% since the initial onset of COVID in 2019, and their activity is accelerating at a record pace. In fact, earnings are expected to reach over $10 trillion for the year of 2025, making the world of ransomware attacks the third largest “economy” after the United States and China.1
Shortly after the COVID pandemic began, ransomware attackers started seizing opportunities to access data from vulnerable networks in almost every infrastructure imaginable. With such a rapid transition to teleworking and rise of fear in the general public, the stage was set for attackers to relentlessly pursue their victims.
Success Factors
Here are a few factors that have increased their success in smaller venues since 2019:
- Organizations did not have time or resources to adequately train workers to recognize phishing attempts and scams when working from home. Security protocols that protected them in a central physical location were not in place for remote workstations.
- Widespread panic found much of the general public desperate for answers and “quick to click” on scams disguised as deals on technology, COVID-related info or supplies, or promised financial assistance.
- Mobile devices are typically more vulnerable and have become much more widely used during the pandemic. These attacks have also somewhat blurred the lines between private and public attacks.
Lacking adequate preparation, large scale infrastructures like healthcare systems and research laboratories have also become ransomware victims. Unfortunately, for many healthcare organizations, cybersecurity gets pushed to the back burner as their primary focus is providing critical patient care. In 2020 alone, over 600 hospitals, clinics, and other healthcare organizations fell prey to nearly 100 ransomware attacks, costing nearly $21 billion.2
Attacks on Healthcare
Though the expense of putting proper security measures in place comes in the form of time and money, ignoring it can have more than disastrous consequences. A 2020 attack on the University of Vermont Medical Center is a great example. Though the attackers were not paid a ransom, the incident resulted in a complete system shutdown to protect their data, while also rendering electronic health records and payroll inaccessible. This shutdown saw patient schedules being confused and cancer patients having to go elsewhere for radiation treatments. In this particular case, no ransom was paid, but the financial hit was enormous as the medical center accumulated an estimated $50 million dollars in lost revenue.3
Patient care was definitely compromised during the weeks that it took to restore the thousands of computers that had been affected at UVM. Historically, ransomware attacks like this on healthcare systems were simply considered white-collar financial crimes, but they’ve now evolved to the point of being categorized as terrorist attacks. Such attacks have the ability to cause hospitals to shut down, losing access to active medical records and potentially contributing to patient deaths.
With the average ransomware payment being an estimated $200,000 per event, it has great potential to bankrupt smaller companies. Sadly, attackers often extort and extract organizational data as an accompanying demand with the monetary payment. So not only do companies lose financially, they are also forced to surrender private information that can be sold or otherwise exploited indefinitely.
Limit Your Risk
Here are a few steps you can take to reduce your risk of a ransomware attack:
- Properly and regularly back up your systems
- Adequately train all staff on recognizing cybersecurity threats
- Perform regular internal risk assessments
- Invest in establishing proper safety protocols
- Update and maximize use of firewalls and other internal protections
Attackers are more sophisticated and relentless in their activity than they were just two years ago. With ransomware attacks escalating so quickly, organizations cannot afford to delay putting proper security measures in place to protect themselves. Whether you’re a large healthcare organization or a smaller company, it’s well worth the time, energy, and finances it takes to secure your systems. We encourage you to take steps to ensure your company’s security, even if ransomware hackers should target you for their next attack. Contact us for a consultation regarding your organization’s specific needs.
