Ransomware Continues to Ravage U.S. Government, Education
According to a report from cybersecurity solutions firm Emsisoft, ransomware attacks against government, education, and healthcare sector organizations were similar to 2021’s numbers — a year riddled with high-profile cyberattacks that led to government initiatives against the threat. In 2022, 105 local governments, 44 universities and colleges, 45 school districts operating 1,981 schools, and 25 healthcare providers operating 290 hospitals reported ransomware incidents, Emsisoft said. Threat actors stole data in over a quarter of incidents against local governments. According to public reports, Quincy, MA., was the only local government to pay a ransom last year of $500,000. The highest demanded ransom was $5 million from What Ridge, CO, though the outcome regarding its payment is unknown. While the number of education organizations hit by ransomware was similar in 2021, there was a more significant discrepancy in the number of affected schools. “In 2021, the impacted districts had 1,043 schools between them but, in 2022, this almost doubled to 1,981 schools,” the report states. With over 1,300 schools and 500,000 students, the Los Angeles United School District (LAUSD) faced the most significant ransomware incident in 2022. Threat actors stole data in 58 of the 89 incidents — around 65 percent — compared to 50 percent from the year before. Furthermore, at least three victim organizations paid a ransom last year.
Incidents Against Healthcare Providers
Ransomware incidents against healthcare sector organizations carry additional concerns. As Emsisoft points out, the most significant worry in such incidents is the impact on medical services. “While the immediate disruption to critical services presents the most obvious risk to patients, outcomes may also be affected in the longer term as the effects of delayed procedures or treatments may not be apparent until weeks, months, or even years after the event.” In October last year, the FBI issued a security advisory regarding the Daixin Team ransomware group that was actively targeting U.S. healthcare organizations. The Russian-speaking FIN12 ransomware group also reportedly targeted the sector. Emsisoft said it could not track incidents across the healthcare sector in 2022 “due to the volume of incidents and unclear disclosures.” Therefore, the company limited its tracking to hospitals. Emsisoft noted 25 incidents affecting patient care at approximately 290 hospitals. CommonSpirit Health faced the most significant incident of the year, which exposed the personal information of 623,774 patients.
Limitations of the Report
While the number of incidents is seemingly high, Emsisoft researchers also noted that their findings were based on disclosure statements, press reports, the dark web, and third-party information feeds. Unreported incidents would certainly push numbers higher. Researchers also noted that an increase in the number of incidents does not necessarily point to the success or failure of the U.S. government’s initiatives. For example, organizations could prioritize preventing lateral movement or threat escalation. However, Emsisoft stressed that no decrease in incidents should garner attention. “The fact that there seems not to have been any decrease in the number of incidents is concerning,” Emsisoft’s blog post reads. “Counter-ransomware initiatives have included executive orders, international summits, increased efforts to disrupt the ransomware ecosystem, and the creation by Congress of an interagency body, the Joint Ransomware Task Force (JRTF), to unify and strengthen efforts. Yet, despite these initiatives, ransomware appears to be no less of a problem,” it adds. If you found this article interesting, you can read Mandiant’s forecast for the 2023 cybersecurity landscape. Small business owners looking for a primer on cybersecurity can head over to our beginner’s guide. The best way to protect yourself online is by staying alert to the various threats. If you’re curious about the world of organized cybercrime, check out our article on ransomware-as-a-service (RaaS).