When ransomware attacks make headlines, they tend to involve big, well-known companies. But this news is just the tip of the iceberg: Some of the largest entities hit in 2020 were cities, schools, hospitals and small businesses, fueled in part by COVID-19 changes in how people work.
2020 Ransomware Attacks Against Cities (and Municipalities)
Early in 2020, the city of New Orleans was the victim of a ransomware attack that shut down 4,000 computers and strangled the city’s ability to function. The hacker’s ransom request was $7 million.
The city did not pay the ransom. Instead, it invested $4.5 million to remedy the situation. While the city had insurance, it recovered only $3 million. The attack came at the worst time, too, as the city was trying to adjust to COVID-19 quarantine and staff working from home. The city replaced 400 computers, increased its insurance coverage, updated software and developed a disaster plan.
Close to home, the Cooke County ransomware breach in July 2020 impacted 2,000 people when Cooke County Sheriff’s Office data was stolen for both current and past cases.
2020 Ransomware Attacks Against Medical Facilities
According to CNN, the cyber security firm Mandiant discovered cyber attacks that affected patients on the way to the hospital. The criminals targeted U.S. hospitals, forcing them to divert patients to other healthcare providers. Those patients didn’t get the critical care they needed as quickly as they should have.
Patients and staff in the targeted hospitals were also impacted because medical technology used in testing, treatments and other patient care was compromised. This was in mid July 2020, in the midst of the COVID-19 epidemic.
Six hospitals were so severely targeted during 2020 that a red alert was issued to all hospitals and healthcare providers across the U.S.; a joint effort by the Department of Homeland Security (DHS), the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
2020 Ransomware Attacks Against Education
American colleges also suffered ransomware attacks beginning in early 2020. The most notable was the University of California San Francisco, which paid $1.14 million to get a key to decrypt its data. The University of Utah paid $457,059.24 to unlock its files and restore its phones and internet services.
K-12 schools have also been hit, including the Fort Worth Independent School District. School districts in Syracuse, New York, and school districts in Connecticut, Oklahoma, Nevada and New Mexico.
Schools are prime targets because they’re often behind the curve, using older equipment and served by a fairly small IT team with limited cybersecurity experience.
2020 Attacks Against Small and Medium-Sized Businesses
According to National Security Alliance research reported by Inc., almost 50 percent of small businesses have experienced a cyber attack and, of those, 60 percent will go out of business within six months.
Like schools, small businesses are often easy, soft targets. According to a February 2020 study, 43 percent of small businesses had no cyber security defense plan in place. The study also revealed that 60 percent of SMB owners think they’re unlikely to be targeted, while 18.5 percent reported suffering from a cyber attack or data breach in the past year.
Because small businesses are, well, small, attacks on specific businesses rarely hit the news. But the impact of a cyber attack on small businesses can be especially devastating, according to the study. Once breached:
- 25 percent said they spent $10,000 or more to resolve the attack
- 50 percent said it took 24 hours or more to recover from a breach or attack
- 25 percent reported losing business due to the attack
- 40 percent reported losing data
2020 Ransomware Attack Statistics
Sophos, a company that makes antivirus and encryption products used worldwide, released the following statistics in their 2020 State of Ransomware Report:
- 73 percent of ransomware attacks succeed in encrypting data
- 94 percent of organizations get their data back
- 26 percent recover data by paying the ransom
- 56 percent recover data by restoring their backups
- 12 percent recover data through other means
Paying the ransom doubles the total cost of resolving a ransomware attack compared to restoring the data from backups. So not only does paying the ransom reward criminals and encourage more cybercrime, it costs businesses far more in the long run.
In some cases, companies can be fined by the federal government for paying a ransom. So, invest now in prevention and backups so that if you are attacked, you won’t even have to consider paying the ransom.
Preventing Ransomware Losses in 2021 Starts with a Disaster Recovery Plan
Of the thousands of ransomware attacks in 2020, those who worked with a managed service provider (MSP) such as Aeko, recovered their data for less money and less headache than paying the ransomware demand. This is possible with disaster recovery planning that includes:
- First, backup, backup, backup! Your IT team or managed service provider can help you figure out how often to back up and what type of secure backup solutions are best for your business and your budget.
- Install next generation endpoint protection. This replaces a legacy antivirus product because it monitors for suspicious behavior like encrypting files or changing permissions. Some even include ransomware protection insurance of up to $1 million if they can’t undo the damage.
- Train your team (that means everyone and often). Make sure your employees know how to spot suspicious emails, texts, social posts and other ways cyber criminals try to trick them into providing access to your network. Review with them the latest trends in malicious attacks. Do this on a regular, scheduled basis. The hackers are constantly coming up with new ways to harm your data. Be proactive and stay ahead of them. Some managed service providers, including Aeko, provide comprehensive cyber security expertise as part of their IT support and can help train your team.
- Install a firewall or third-party device that protects against ransomware and provides complete endpoint protection. That means you can control cyber security at the device level and make sure every device on your network is protected. And yes, an MSP can help with this, too.
- Run cyber attack simulations. This is one item on your checklist that is very hard to complete without a large IT team or outsourced support. These simulations identify weak areas where re-education or additional training is needed before people fall for a real attack and expose the company to a data breach.
- Lastly, backup, backup, backup.
2021 Ransomware Response Checklist
Know what to do if you are hit with a ransomware attack! Get this free, easy-to-follow checklist to post and share with your team.