Ransomware can be as disruptive to your day as a flood, earthquake, fire, or another natural disaster. It has the potential to devastate businesses, close hospitals, and close schools. And if you're unlucky enough to be affected, it can completely devastate your finances.
However, as with natural apocalyptic events, there are patterns in misfortune, and it is possible to draw patterns and identify high-risk areas. You can avoid disaster entirely with some forethought.
What is Ransomware?
Criminals are after your money, and draining your bank account is problematic. By encrypting vital files on compromised computers, criminals persuade victims to hand over their money voluntarily. Companies that are unable to perform business and are losing money every day, they are not functioning and will frequently pay criminals to decrypt their machines and enable them to continue trading. Criminals typically gain access to devices through either lax security processes or social engineering attacks.
Engaging in any criminal enterprise is a risky business, and cybercriminals prefer to target targets that will net them the most money while exposing them to the least amount of risk. It makes more sense to hit fewer large targets rather than many small ones. And it's understandable that they'd rather target businesses that are more likely to pay than call law enforcement.
Between 2018 and January 2023, there were 2,122 ransomware attacks in the United States, as per Comparitech research. That's a lot, and even more is likely to have gone unreported. Even if this figure is taken at face value, it equates to more than one ransomware attack per day. Each ransom was worth an astounding $2.3 million on average.
Naturally, because businesses have more money than private individuals, schools, or government agencies, they are regarded as the biggest jackpot for hackers. And because they're constantly making money, every pause costs them more. The largest ransom known to have been paid during this time period was a whopping $60 million paid in 2022 by Intrado, a communications company with interests in cloud collaboration, 911 operations, enterprise communications, and digital media, among other things.
In fact, nine of the top ten ransoms were paid by corporations, including Kia Motors, Garmin, and EDP Renewables. The education sector is prominent, with Broward County Public Schools paying the second-largest ransom of $40 million in 2021. The notorious Conti group, which has been linked to hundreds of other attacks, carried out the attack.
Hospitals and other medical care facilities are prime targets for ransomware attacks because when hospital computers go down, patients don't get the care they require, and people die. Ransoms from the healthcare sector tend to be lower, with an average payout of around $700,000, possibly because the criminals have some conscience about people dying as a direct result of their actions.
Government facilities are also frequently targeted, with state and regional facilities particularly vulnerable. Local government agencies have limited IT security resources and frequently use outdated software due to their stricter budgets, making them easier targets. However, this also means that they pay significantly less than businesses with a median revenue of half a million dollars.
Where do most attacks take place?
Ransomware attacks occur wherever criminals believe they can make a quick buck, and attacks are concentrated in areas with a high concentration of wealth and businesses with a high turnover.
In the United States, this includes the east coast, which includes Washington, DC, Maryland, Delaware, and New York; the north-west coast, which includes California and Seattle; and major regional hubs like Chicago, Illinois. The majority of these attacks target businesses, but that doesn't mean the rest of the country is safe. Attacks on healthcare and government are far more common in poorer states. Again, this is most likely due to reduced IT budgets.
Between 2018 and January 2023, no US state was immune to ransomware attacks, though some were either less appealing or more resilient to criminals. Wyoming had the fewest reported attacks, with one ransomware incident at Carbon Power and Light and two healthcare facility attacks.
Ransomware is frightening, but just like designing flood defences or forest fires, there are steps you can take to avoid becoming a victim. Here are some of the best recommendations:
- Take regular backups and store them securely
- Employ a good antivirus
- Train your staff
- Keep your systems updated
Ransomware is terrible, but at least you know that if you pay the ransom, your system will be restored to normal working order and you can resume business as usual... right? This isn't always true. What appears to be ransomware is sometimes fake ransomware: your files have been encrypted, but the criminals who have encrypted them will never decrypt them.
