In late 2016,BitSight released its Insights report on ransomware. To create this report, BitSight researchers analyzed the growing trend of ransomware across nearly 20,000 companies worldwide. They identified, among other things, which industries are most susceptible to these types of attacks. BitSight’sresearchers found that education, government, energy and utilities, and healthcare industries were most susceptible, as corroborated by their Security Ratings:
Some more recent studies—likeNTT Security's 2017 Global Threat Intelligence Report—have emphasized that sectors like “business and professional services” are particularly vulnerable to ransomware as well. Thus, it’s important to remember that every industry could be susceptible to a ransomware attack. To better understand the criticality of ransomware cyber attacks and the impact these attacks have already had on many vulnerable industries, take a look at the industries (in no particular order) below:
Ransomware can be particularly troublesome for industries that have a lot of time-sensitive materials on corporate systems, or those that can’t handle being offline for extended periods of time. Unfortunately, healthcare fits both bills. If a number of machines in a hospital go offline because of a ransomware infection, this forces hospital operations to go down—and that could impact lives. Malware authors are aware of this—and since they’re looking for the quickest payout they can—hospitals could potentially be targeted more frequently.
According tothis Recode article, U.S.-based drugmaker Merck was impacted by the massive NotPetya ransomware attacks in 2017, as was Heritage Valley Health Systems (a healthcare network in Pennsylvania). And in fact, one surgery at one of the hospitals associated with Heritage Valley had to be postponed as a result. And in a seperate August 2017 attack,the Erie County Medical Center in New York was hit with a ransomware attackthat took the trauma center offline for 6 weeks.
At the time the Insight study was conducted, BitSight researchers found that education had the highest rate of ransomware cyber attacks out of all industries examined. In fact,educational institutions had more than three times the rate of ransomware found in healthcare and more than 10 times the rate found in finance.
Unfortunately, educational institutions may be more vulnerable to ransomware cyber attacks simply because they have less control over devices that connect to their networks. A student could bring a malware-infected laptop onto campus and compromise several other systems. Organizations like finance, however, are likely more resilient because they have more enforceable restrictions when it comes to endpoint security and network policy.
TT Security's 2017 Global Threat Intelligence Report—as reported in thisDark Reading article—found that 17% of current ransomware cyber attacks are targeted at the government. Keep in mind that BitSight’s Government industry sector doesn’t only contain federal government organizations, but also state and local municipalities. While smaller government bodies seem more likely to be victimized by ransomware (due to budget, operations, and overall infrastructure), that’s not always the case. For example, the city ofNewark, New Jersey, was hit with a ransomware attackin April of 2017, and on a larger scale,the Ukrainian government was also attackedin the NotPetya attacks in 2017.
4. Energy & Utilities
Energy and utility companies are interesting targets, as they can sometimes fall victim to malware (or ransomware) attackers who are particularly interested in damaging a particular city, state, or country. At the same time the Ukrainian government was hit with a ransomware attack, Ukrainian power companies were also impacted. In fact,this Forbes articleexclaimed that NotPetya took out the whole power grid in Ukraine during the widespread attacks in spring 2017.
ThisUtilityDive articledescribes how the power sector is reacting to the recent wave of ransomware cyber attacks. Additionally, they report that U.S. energy services company Avangrid “severed external communication ties with their international subsidiaries in an effort to ward off any infection from the malicious software.”
Consider Your Ransomware Remediation Strategies & Why They Might Not Be Effective
Regardless of what industry you operate in, the data and findings above highlight the need for a ransomware plan and remediation strategy. There are several things you can do if you’re infected with a ransomware attack—and the first question on anyone’s mind is whether or not to pay.We, along with various government agencies, do not recommend paying the ransom.There are a notable number of cases in which ransoms have been paid but companies do not recover their data.
There are some legitimate remediation strategies you have at hand based on best practices within the field—starting with backing up and restoring your data.To do this, you’ll need a good backup strategy in place so you can retrieve the uninfected data in case of an attack.
Even so, be aware thatrelying solely on backed up data may be an inadequate strategy, as malware authors are starting to create ransomware families that also encrypt various backup solutions before infecting computers. If this happens to you and you attempt to restore your data with a backup, you would be unable to do so as that version would already be encrypted. This isn’t yet considered a popular ransomware cyber attack method, but it’s something to be cognisant of as you refine your remediation strategy and determine the best way to overcome a potential ransomware disaster.
If you want more background information about ransomware, or any additional data and statistics from our BitSight researchers, download thisBitSight Insights reporttoday.
What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by the...
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...