WhatsNew2Day – Latest News And Breaking Headlines
A new report documents the disturbing rise in ransomware attacks on critical services in the US, as cybersecurity experts increasingly call for an international ban on victims making extortion payments to hackers.
While major ransomware attacks on private companies like MGM Resorts grabbed headlines in 2023, an increasing number of schools, hospitals and local governments were also affected by hackers.
In total, 2,207 US hospitals, schools, and governments were directly affected by ransomware throughout the year. according to a Tuesday report from cybersecurity firm Emsisoft.
Citing research from the University of Minnesota School of Public Health, the report estimated that errors and delays from ransomware attacks on U.S. health systems are likely killing about one person per month.
Ransomware gangs operate by infiltrating victim organizations and encrypting their IT infrastructure, demanding payments that can run into tens of millions of dollars in exchange for encryption keys to restore access.
The University of Kansas-St. Health System Francis Campus in Topeka is one of the hospitals that had to divert ambulances in November due to a ransomware attack
Victims often quietly pay hackers to avoid service interruptions and negative headlines.
But a growing chorus of experts is calling for new laws to ban such ransom payments, saying it is the only way to end the attacks.
“Current anti-ransomware strategies amount to little more than creating obstacles and killing moles,” said Brett Callow, threat analyst at Emsisoft.
And he added: “The reality is that we are not going to defend our way out of this situation, and we are not going to get out of it through the police either.”
‘As long as ransomware payments remain legal, cybercriminals will do whatever it takes to collect them.
‘The only solution is to financially discourage attacks by completely prohibiting payment of claims. “At this point, a ban is the only approach that is likely to work.”
In 2023, high-profile ransomware victims included a November attack on Ardent Health Services, a 30-hospital health system, which caused hospitals in three states to divert ambulances.
According to Emsisoft, a total of 46 hospital systems, comprising 141 hospitals, were affected by ransomware attacks last year. At least 32 of the 46 systems suffered information theft, including protected health information.
The attacks are almost certainly costing lives due to disruptions in care, although the exact death toll is difficult to accurately measure.
The University of Minnesota School of Public Health study found that, from 2016 to 2021, ransomware attacks killed an estimated range of 42 to 67 Medicare patients, or about one per month.
“The longer the ransomware problem remains unsolved, the more people will die from it,” the Emsisoft report states.
School systems were also attacked by ransomware last year, with notable victims including Minneapolis Public Schools, as seen above.
Government entities are also falling victim to ransomware at an alarming rate; The cities of Dallas (above), Modesto and Oakland were attacked last year.
School systems were also attacked by ransomware last year, with notable victims including Minneapolis Public Schools.
That attack disrupted learning at several Minneapolis schools and resulted in nearly 200,000 stolen files being published online, including highly sensitive information such as reports of campus sexual assaults and cases of teacher abuse.
Emsisoft estimates that at least 108 K-12 districts were affected by ransomware in 2023, more than double the 45 that were affected in 2022.
The affected districts had a total of 1,899 schools between them and at least 77 of the 107 suffered data theft.
The report also estimates that at least 72 post-secondary schools were affected by ransomware last year, up from 44 in 2022, and that at least 60 of the 72 had data stolen.
The University of Hawaii, Southern Arkansas University and Stanford were among the higher education institutions affected last year.
Government entities are also falling victim to ransomware at an alarming rate; The cities of Dallas, Modesto and Oakland were attacked last year.
San Bernardino County in California admitted it paid a $1.1 million ransom to end a ransomware attack, while another victim, the government of Lowell, Massachusetts, spent $1 million on credit protection for employees whose data was leaked.
At least 95 government entities were affected in 2023, and at least 60 were confirmed to have suffered data theft.
While the number of government attacks has decreased slightly from the 106 attacks recorded in 2022, Emsisoft notes that this is due to a service provider breach in 2022 that affected 55 governments in Arkansas simultaneously, increasing the number of that anus.
The company noted that accurately tracking ransomware attacks is notoriously difficult, especially because victims often hide the fact that they have been attacked or describe the attack in obscure terms such as a “encryption event.”
“The only viable mechanism by which governments can rapidly reduce ransomware volumes is to ban ransom payments,” the report maintains.
‘Ransomware is a for-profit enterprise. If it stops being profitable, most attacks will quickly stop.”