Cybersecurity Snapshots #2 - Ransomware Is Not Only a Headache but Can Also Kill

Cybersecurity Snapshots #2 -

Ransomware Is Not Only a Headache but Can Also Kill

Ransomware is becoming more of a problem among all organizations and needs to be considered a significant concern. Ransomware is very costly for organizations to fix. In May 2019, the city of Baltimore’s IT systems were kept hostage by adversaries because of a ransomware attack. The adversaries demanded 100,000 dollars in bitcoin. The governor of Baltimore did not pay the ransom, and the attack ultimately cost the city more than 18 million dollars.

Researchers believe that the number of ransomware attacks will increase. Researchers especially believe that small businesses are going to be a primary target for cybercriminals because of their fewer investments in their cybersecurity infrastructure. Researchers expect that a new organization will be affected by a ransomware attack every 11 seconds as soon as 2021.

Ransomware attacks on healthcare organizations, especially hospitals, are becoming more prevalent, and this is putting patients’ lives in danger. A new study discovered that the time for a patient suffering a heart attack to get from the emergency room to the electrocardiogram (EKG) room, increased as much as 2.7 minutes after a ransomware attack. The lag in time also remained as high as 2 minutes even after four years after the organization was affected by ransomware. Researchers found that there are as many as 36 additional deaths per 10,000 heart attacks annually at the hospitals that have been affected by ransomware. This year alone, 759 healthcare providers were affected by ransomware attacks.

Unfortunately, since hospitals need most of the information affected by ransomware attacks to operate correctly, usually they pay the ransom demand to the adversaries, for them to restore working order to the network, or to decrypt files. Paying a ransom is a big problem because once an organization pays off the ransomware demand, it usually makes them more appealing to target for other adversaries. There is also no guarantee that if an organization pays off the demands that the adversary unlocks their system. Payment demands are also increasing. The Beazley report indicates that the average amount an organization pays adversaries to decrypt files or unlock systems was 224,871 dollars in the first quarter of 2019 far-surpassing 2018’s total of 116,324 dollars.

Since most ransomware is distributed through, mainly spoofing emails, employees must learn about the proper handling of strange emails. Spoofing emails are emails that an adversary sends to their target posing as someone they might know, for example, a coworker. It is essential for individuals to not click on a suspicious link or document in an email. Email users should always look at the entire email to see if the email looks correct. If one has a question about the legitimacy of an email and it looks like someone, they know sent it, then the individual can ask the person they know if they sent the email. One should also notify the IT department if one receives a suspicious email so that they can reach out to other employees and warn them. Organizations with sensitive information should also keep backup storage of essential files that they have, so that if adversaries encrypt essential files, then they can use the backup files that they have instead of having to pay the ransom.

The number of ransomware attacks is going to increase in the future, which will cause more organizations to be affected by ransomware. Organizations can now hire companies to conduct a ransomware simulation on their servers. Once completed, the hired company will then give insights into the impact the ransomware attack could have on the organization and help the organization come up with a plan to prevent an attack like that from occurring. Organizations need to take the risk of ransomware attacks seriously. In a new study, 65 percent of surveyed infosec professionals said their organization experienced a ransomware infection in 2019. Out of the organizations' surveyed, 63 percent started taking corrective action with users who repeatedly make mistakes related to phishing emails through the implementation of a consequence model. Once an organization implemented a consequence model, employee awareness improved. Researchers believe that better education of employees and the implementation of a consequence model will decrease the number of suspicious emails that are clicked on, which in return will lessen the number of successful ransomware attacks among organizations.