As the digital age progresses, the shadow of cyber threats looms larger than ever before over institutions that form the backbone of our society, such as large corporations, healthcare facilities and hospitals, and government agencies. Among these threats, Information Technology (IT) ransom attacks have surged over the past several years, becoming a formidable challenge to operational security and data integrity. These cyberattacks not only compromise sensitive information and lock users out of key operational systems, but also demand hefty ransoms for data release or re-establishment of control, putting immense pressure on the victims to comply immediately and pay up.
IT ransom attacks often involve a group of people or an entity that generates malicious software that encrypts files or takes control of a victim’s system, rendering them inaccessible to the authorized user. The attackers then demand a ransom, typically in untraceable cryptocurrency, or large cash sums for the decryption key or release over control of the system. This form of cyber extortion has evolved over time, with attackers not just encrypting data but also stealing it, threatening to release it publicly unless an additional ransom is paid, a tactic known as “double extortion.”
Large corporations are prime targets for these attacks due to their vast resources and the critical nature of their data. The Colonial Pipeline ransomware attack of 2021 was an attack carried out by a “cyber terrorist group” known as DarkSide on a major fuel pipeline in the United States. The group used sophisticated ransomware to specifically target western infrastructure, bypass security measures, and shut down the pipeline, leading to widespread fuel shortages. The company conceded to a ransom payment of nearly five million dollars. This incident highlights the potential for ransomware to disrupt national infrastructure and economies.
Hospitals and healthcare systems are particularly vulnerable, given the critical nature of their services, and the sensitivity of patient data and dependency on databases. According to Medcity News, A Russian hacking group took control of the Cedars Sini Medical Center, Michigan Medicine, and 17 other prominent American hospital websites, blocking user access; it is believed that the attack was retaliation for ongoing United States support in the ongoing Ukraine conflict. In August 2023, another attack aimed at several southern California hospitals hijacked their data networks and completely compromised patient data, cancelled thousands of appointments, and locked all users out of the systems. The hijackers demanded millions in ransom to release control of these systems and forced several of the hospitals to revert back to using paper documents, bringing operations to a near standstill. Initially, prominent I.T. companies and specialists from the F.B.I. were brought in to investigate the incident with the goal of locating the persons responsible and regaining control of the hijacked systems. However, after weeks passed with no success on either locating the suspects or recovering the system, the victims were forced to pay over two million dollars in ransom money to regain control of their data and systems.
Ransom attacks against U.S. Government branches have been marked by a diverse array of tactics, significant financial losses, and complex international ties. Between 2018 and December 2023, there were 423 ransomware attacks, affecting potentially more than 250 million people and costing an estimated $860.3 million in downtime alone. The Denver Post reported in September of 2022, a ransomware attack against the city of Wheat Ridge by a “foreign agent” – most likely from eastern Europe demanding $5,000,000 and the City of Riviera Beach, which paid $594,000 in ransom, along with $900,000 on new hardware designed at combatting ransom attacks by identifying and preventing incursions before they access a system.
The rate of ransomware attacks in state and local government sectors increased from 58% to 69% year over year, with a significant rise in the rate of data encryption in these attacks. Sophos News highlighted in their Sophos 2023 report, the high percentage of “double dip” attacks in the state and local government sector, where not only data is encrypted, but also stolen, making these entities particularly vulnerable.
In response to the growing threat, entities across all sectors are bolstering their cyber defenses. This includes adopting advanced encryption, conducting regular security audits, training employees in cybersecurity awareness, and developing incident response strategies. Moreover, there is a growing emphasis on the importance of backups and the use of specialized cyber security firms to develop and maintain a dedicated defense plan that is continuously adapting to stay ahead of the threats. As cybercriminals continue to innovate, the collective response from corporations, healthcare institutions, and government agencies must evolve correspondingly, prioritizing the protection of critical data and infrastructure to safeguard the public and preserve trust in these fundamental institutions.