Ransomware attacks on the rise — and small towns are in the crosshairs
- There were more than 70 ransomware attacks in the first half of 2019 — and more than 50 of them targeted cities.
- "We are definitely seeing more, and we see them because attackers see that they're successful," said one cybersecurity professional.
- The rise in attacks has led to a rise in cyber insurance products that are more profitable than many other insurance types.
An upstate New York school district delayed the start of the school year on Wednesday after a ransomware attack hampered its operations. The Orange County school district joins an unhappy parade of municipalities that have fallen victim to hackers.
Two Long Island school districts were hit by ransomware earlier this summer. Last month, nearly two dozen cities in Texas fell victim to what has been called a "coordinated" attack.
In the first half of the year, more than 50 cities or towns were the victims of ransomware attacks this year, according to a recent report from Barracuda, a cybersecurity firm. Indeed, two-thirds of more than 70 ransomware attacks tracked in the U.S. focused on local or state governments, according to the report.
"Local, county, and state governments have all been targets, including schools, libraries, courts, and other entities," it found.
Smaller locations are at particular risk. Nearly half of the municipalities attacked had between 15,000 and 50,000 residents. A quarter had fewer than 15,000 residents, Barracuda said, noting that "smaller towns are often more vulnerable because they lack the technology or resources to protect against ransomware attacks."
The average ransom payout in the second quarter of this year was $36,295, according to a report by Coveware. That's nearly triple the average payment in the prior quarter. In the third quarter of 2018, when Coveware first started tracking payments, the average was $5,973.
Ransomware attacks have been on the rise in recent years because of how profitable they can be for attackers — and smaller cities are an attractive target. In addition to lacking resources, cities are often dealing with taxpayer money and so may elect to pay a ransom rather than try to recover their data in another way, said Wendi Whitmore, vice president of X-Force Threat Intelligence at IBM Security.
"We are definitely seeing more, and we see them because attackers see that they're successful," said Whitmore.
"A lot of times we have clients think it's a one-time cost," she added. But "If you pay the ransom, you still have to fix the [security] problem so the same thing doesn't happen tomorrow."
Not all cities opt for a quick fix. Barracuda found that of the 50 municipal attacks over six months, only three cities chose to pay the ransom. Many others are instead fighting it out, with mixed levels of success. Baltimore, which was attacked in May, refused to pay a $76,000 ransom; it has to date spent more than $5 million recovering the data lost in the attack, ProPublica reported.
The increase in attacks is driving a rise in cyber insurance — a rare new area of growth in the insurance industry. Cyber policies are more profitable for insurance companies than policies overall, according to a 2018 report from Aon, and last year, insurers collected $2 billion on premium on these policies. The number of cyber insurers is also rising, increasing 54% over four years.
But the quick growth of cyber insurance could itself be a factor driving increased attacks, ProPublica found. Insurers have encouraged hacked clients to pay the ransom rather than fight the attackers, on the grounds that it would save time and money, ProPublica reported. And there is some evidence that hackers are specifically going after companies they know have cyber insurance, presumably because they're more likely to pay up.
Whitmore recommends that organizations keep a backup of essential files that is disconnected from their main network so that, in case of an attack, hackers won't be able to seize all the files. She also suggested organizations rehearse their plan in case of a cyber attack, much like in a fire drill.
"You may not be able to use company email to get hold of everyone, so do we have the ability, in advance, to get a hold of everyone? It could be a WhatsApp group or Gmail," Whitmore advised.