At least Keizer wasn’t alone in its data being held for ransom in 2020.
According to a report on the state of ransomware in the United States, Keizer was one of 113 federal state and municipal governments and agencies that fell victim to cybercriminals. In addition, 560 healthcare facilities and 1,681 schools, colleges and universities were subjected to the fallout of ransomware.
Keizer paid a nearly $50,000 ransom, plus consulting and negotiating fees to retrieve its data but the city got off easy in other respects. Delaware County in Pennsylvania paid a $500,000 ransom and Tillamook County paid $300,000. Impacted schools had to cancel in-person and virtual classes and even revealed details of alleged sexual assaults.
Other impacts were literally matters of life and death.
“The attacks caused significant, and sometimes life-threatening, disruption: ambulances carrying emergency patients had to be redirected, cancer treatments were delayed, lab test results were inaccessible, hospital employees were furloughed and 911 services were interrupted,” according to the report authored by Emisoft, a firm that specializes cybersecurity research and network protection products.
Ransomware is different than what the average user envisions when being hacked. While data might still be destroyed or downloaded data, ransomware primarily locks data behind an encrypted door that can only be unlocked with a numeric key held by the hackers.
Hackers are typically known to charge ransom based on the number of servers it was able to lock up and payments are made through a web of untraceable digital transactions. Ransomware can stay in targeted computers for weeks or months undetected before hackers reveal its presence. By that time, hackers might even know the coverage amount of the entity’s insurance policy against cybercrime.
A lack of transparency regarding the outcomes of cyber attacks is also proving to be a problem, the report concludes.
It is not known precisely how often such incidents occur “nor is it known why attacks succeed, how many demands are paid, or the total cost of ransomware to the public sector. Without such information, policymakers cannot formulate an evidence-based response to the problem,” the report states.
While human error is frequently the source of a breach, networks can be designed “in such a way that they do not collapse like houses of cards when those errors occur.”
Read the full report at tinyurl.com/csreport2020.