Content, Content, Ransomware

Ransomware Public Sector Attacks Climb in Q2 2020, Study Finds

The number of ransomware attacks on public sector entities rose slightly late in Q2, 2020, reversing a four-month decline in cyber battering rams pinpointing those targets, a new Emsisoft Malware Labs report said.

In 2019, a record 966 government agencies, healthcare facilities and education institutions were barraged by ransomware, with cyber crooks pocketing about $7.5 billion. It appeared that number could only climb higher in 2020. However, starting at the turn of the year the sum of kneed public sector entities decreased month-over-month through April before rising in May and June. A deepening of the COVID-19 crisis when some hacking groups pledged to leave healthcare alone (even though others refused) may have prompted the slide in March and April, Emsisoft said.

In Q1 and Q2, at least 128 federal and state entities, healthcare providers and educational establishments were hijacked by ransomware. Of those, 77 whacks occurred in January and February. For March and April combined, the number of events slid to 22 but rose in May and June to 29 in total.

Emsisoft segmented attacks in the first half of 2020 by sector as follows:

  • At least 60 government entities were bitten by ransomware during the first two quarters. The prey included cities, transportation agencies, police departments and one federal agency. While attacks slid steadily from 19 in January to five in April, a May bump pumped the figure up to eight and in June to nine.
  • At least 41 hospitals and other healthcare providers were successfully attacked during Q1 and Q2, an unsurprising data point given how much COVID-19 drained their resources. The number of attacks dropped from January/February’s high of 26 to six in March and April but have since moved upwards in May and June to a total of nine.
  • More than 30 school districts and other educational establishments were impacted by ransomware, disrupting operations at some 439 schools. In January/February, 22 attacks were recorded, and in March/April four were counted. In May, only one school district was successfully attacked along with three others on universities. No attacks were recorded in June.

As for data theft, to date in 2020 sensitive material has been exfiltrated in ransomware attacks on at least five government entities and three universities, including a public research university actively engaged in COVID-19 research, Emsisoft said.

Despite the skywards move in ransomware incidents, there’s still time to arrest the Q2 increase in Q3 and Q4, said Fabian Wosar, Emsisoft chief technology officer. “2020 need not be a repeat of 2019. Proper levels of investment in people, processes and IT would result in significantly fewer ransomware incidents and those incidents which did occur would be less severe, less disruptive and less costly,” he said.

Emsisoft said its report is based on data from public and non-public sources and likely underestimates the actual number of ransomware incidents during the period studied.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.