What can ransomware do?
Financial loss is only one impact of ransomware. Obscuration, which occurs when the ransomware installation encrypts the victim’s data, can result in significant business disruption for days, weeks, or months. Aside from the immediate losses, businesses also incur the cost of incident response, digital forensics, regulatory fines, and legal and PR counsel resulting from long-term damage to a company’s reputation. In the healthcare sector, ransomware can even have deadly consequences.
What are some ransomware examples and popular targets?
It can be hard to keep up with the ransomware threat landscape. The following examples show the pervasive and potentially catastrophic risk that organizations in almost every industry must address.
Energy and utilities sector
One of the most costly and disruptive incidents of recent times is the Colonial Pipeline ransomware attack. Believed to be the largest-ever attack on an American energy system, hackers disrupted fuel supply across the East Coast for days until a $4.4 million ransom was paid (although the Department of Justice later seized the funds).
The attack was attributed to DarkSide, a relatively new RaaS group first discovered in August 2020. According to CISA, DarkSide explicitly targets large, high-revenue organizations, stating that their goal “is to make money [not create] problems for society.” The group’s ransom requests range from $200,000 to $2,000,000 – although history has shown that they are open to negotiation! In addition to the pipeline attack, DarkSide recently announced three more victims, including a Scottish construction company, a renewable energy product reseller in Brazil, and a technology services reseller in the U.S. The hackers stole client, employee, and financial data.
Colonial Pipeline wasn’t the first headline-grabbing attack on the energy and utilities sector. Four years earlier, Ukraine famously “went dark” when NotPetya took down the country’s entire energy grid. BitSight research suggests that similar attacks in the U.S. are likely: After reviewing the cybersecurity performance data of more than 2,000 U.S.-based oil and energy companies, we found that 62% are at heightened risk of a ransomware attack.
Another vulnerable and lucrative target for hackers is healthcare. Since 2009, there have been over 3,000 healthcare data breaches in the U.S. medical industry. Notable incidents in recent years include NotPetya attacks against drugmaker Merck and Heritage Valley Health Systems (both in 2017), the latter resulting in postponed surgeries. In September 2020, major healthcare provider Universal Health Services experienced a ransomware attack resulting in widespread computer systems failures. And, in May 2021, Ireland’s health service suffered a ransomware attack forcing a shutdown within its IT infrastructure.