2020’s Worst Ransomware Attacks and Why Backups Should Lead the Protection in 2021

Imagine what would happen if:

• A patient headed for a hospital for trauma or emergency care was diverted to a hospital that possibly did not offer that kind of care.
• An entire city government ‘s computers were shut down and the cybercriminals wanted $7 million to put them back on line.
• Higher and lower educational institutions had their data files encrypted as well as the students’ own personal data and emails. None could be accessed.
• A business hit with ransomware did not pay the ransom and the attacker released sensitive information and trade secrets on the Internet
• A small business paid a ransom and found themselves in facing stiff fines because the payment went to a cybercriminal  in a country that is on the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List (SDN List) which includes countries such as Cuba, Iran, North Korea, and Syria

These “what if” moments were actual results of some of 2020’s worst ransomware attacks; with small businesses, municipalities, schools and health care organizations among the hardest hit. 

We may not have read about these situations because they draw little news interest compared to some mega company like Microsoft being hacked. But, the fact is, these are the everyday victims of ransomware.

Ransomware Attacks Against Small Businesses

Almost half of small businesses have had a cyber attack and, of those, 60 percent have gone out of business within six months, according to National Security Alliance research reported by Inc.

Small businesses are vulnerable because the cyber criminals think of them as easy targets. One study undertaken in February 2020 revealed that 43 percent of small businesses do not have any defense plan to prevent cyber attacks. The owners don’t believe they will be targeted even though statistics prove that 18.5 percent of them have had a breach in the past year.

The impact of a cyber attack on small businesses can be especially devastating, according to the study. 

• 25 percent of the businesses  in the study said they spent $10,000 or more to resolve the attack .
• According to 50 percent of them, it took 24+ hours  to recover from the attack.
• 25 percent of them also said they lost business due to the attack.
• And 40 percent reported losing data.

Ransomware Attacks Against Cities (and Municipalities)

As if the COVID-19 pandemic and natural disasters weren’t enough, the city of New Orleans in early 2020  was the victim of a ransomware attack that disabled  4,000 of their computers. The ransom to get them up and running again was $7 million. 

The attack came at a time when the city was trying to deal with the work and safety complications of COVID-19. The criminals, however, didn’t win. The city did not pay the ransom and invested $4.5 million to get their computers and other technology equipment updated and running. Insurance covered $3 million of that, but it took six months to get back to a semblance of normalcy. The city  also increased its insurance coverage and, most importantly, developed a disaster plan for future incidents. 

Ransomware Attacks Against Education

American colleges also suffered ransomware attacks beginning in early 2020. The University of California San Francisco, paid $1.14 million to get a key to decrypt its data. The University of Utah paid almost a half a million dollars  to unlock its files and restore its phones and internet services. 

Now K-12 schools are being hit. The K-12  districts  of New York (Syracuse), Connecticut, Oklahoma, Nevada and New Mexico have all been attacked. Schools have become increasingly targeted because many of them are using older equipment, serviced by small IT teams with limited cybersecurity experience. 

2020 Ransomware Attacks Against Medical Facilities

In July of 2020, while COVID-19 was running rampant, a cyber security company discovered hospitals received cyber attacks while patients were on the way to the hospital. CNN reported the situation. The attack diverted patients en route to different medical facilities than what they needed.  Those patients didn’t get the critical care as quickly as they should have, though there were no reports of fatal consequences.

Patients in the hospitals were impacted too, as was staff. That’s because the technology used in diagnostics like bloodwork, MRIs, x-rays  and other patient care  services were also targeted in the attack.

In that one attack, six hospitals were so severely targeted and posed such a danger to patients that government agencies issued a red alert to all hospitals, medical staff and facilities. 

Even worse, the first death attributed to ransomware occurred in Germany in late 2020 when a patient was diverted from a hospital that had been hit with ransomware to another hospital and passed away as a result of the delay.

Ransomware Attack Statistics

According to the 2020 State of Ransomware Report by Sophos, a company that makes antivirus and encryption products used worldwide, most ransomware attacks succeed in encrypting data (73 percent). Of those attacked:

• 94 percent get their data back
• 26 percent recover their data by paying the ransom
• 56 percent recover their data by restoring their backups
• 12 percent recover their data through other means

They also reported that paying the ransom is twice as expensive as restoring the data from backups, not to mention there is no guarantee that you will be able to decrypt your data if you pay and there is the threat of OFAC fines. So it is worth the time and money to  invest in prevention and backups so that if you are attacked, you won’t even have to consider paying the ransom.

Start 2021 With a Disaster Recovery Plan to Prevent Ransomware Losses

There were literally thousands of ransomware attacks in 2020. Companies, small and large, municipalities, educational institutions and others who worked with a managed service provider (MSP) such as Intrust, had fewer headaches and less financial loss than those who gave in to the ransom demands.  

An effective disaster recovery plan includes:

• Backup, backup, backup! If you are like most businesses, you will need a few different backup solutions for the different types of data you need to protect. Work with your IT team or managed service provider to develop a disaster recovery plan that works for your business and your budget.
• Train your team now and on a recurring basis. Cybercriminals are crafty. Your team  needs to be proactive and stay ahead of them. Can your employees spot suspicious emails, texts, social posts? If not, they could be tricked into providing access to your network.  Some managed service providers, including Intrust, provide comprehensive cybersecurity expertise as part of their IT support and can help train your team. If you don’t have cybersecurity support, you’ll need to keep up to date on your own. Assign staff to review the latest trends in malicious attacks. Then have them pass on their knowledge to colleagues.
• Install ransomware protections, including a  firewall  and complete endpoint (aka antivirus or antimalware) protection so you can protect each device. This is the best way to make sure each and every device on your network – every computer, tablet, phone, etc. – is protected. This should be covered if you have a managed service provider.
• Run simulations of cyber attacks using emails or texts. These simulations identify if there are weaknesses that need to be addressed by re-training. Simulations are one of the best training tools available, although they might be hard to complete without a large IT team or outsourced support.