Ransomware, a common cyberattack method that in the past mostly targeted individuals and small companies, is now impacting more school districts, health systems, and pharmaceutical companies.
A type of malware, ransomware slips into a computer system and steals or blocks access to data or personal information until the victim pays a "ransom," usually with an untraceable gift card, credit credit, or cryptocurrency.
Over the past month, several high-profile attacks have shown the new scope of the threat. Recent victims span the public and private sectors and include Universal Health Services, one of the largest hospital systems in the U.S., and the Clark County School District in Las Vegas.
The school district was able to recover its data and did not pay the ransom, but as a result the hackers leaked student and employee data to the public. The administration is now providing complimentary credit monitoring and identity restoration services to employees.
The hospital system, meanwhile, is still in the midst of the data recovery process, but initially, the attack led to the delay of lab results and diversion of ambulances at certain hospitals.
Another recent attack hit healthcare software provider eResearchTechnology, which in turn impacted IQVIA, a research firm that is working with AstraZeneca on a COVID-19 vaccine.
"As a collective, we're losing the battle," said Tony Howlett, chief information security officer (CISO) at SecureLink, which develops software for companies to give third-party vendors safe access to their data. "They're stepping up their attacks, their techniques, their sophistication."
He added that hackers in past cases generally stole information so they could sell it online, but ransomware offers them a chance to cut out the middleman.
The full scope of the problem is hard to measure because individuals and private companies are not required to report attacks. But one report from Coveware, which helps companies combat cyber threats, found that the cost of the average ransom jumped 60 percent to $178,254 between the first and second quarters of 2020.
This higher price tag is a sign of more brazen hackers, but also bigger, more sensitive targets. Ransomware attacks have been on the rise for the past few years — in part due to the increasing availability of cheap malware — but some experts believe the recent spike and shift to larger organizations stems from vulnerabilities brought on by the coronavirus pandemic.
Since the beginning of the pandemic, for example, many white-collar workers have moved from office spaces to their homes, where basic cybersecurity is harder to maintain.
"A lot of it has to do with the fact that most organizations have transitioned their workforce to a work-from-home scenario or remote scenario," said Homayun Yaqub, senior director of strategy at Forcepoint, a security software developer. "As a consequence of the rapid rate at which that occurred, it created a certain level of vulnerability."
He also pointed out that phishing attempts are increasingly tailored to take advantage of the "heightened state of anxiety" surrounding coronavirus, with emails or "lures" highlighting hot-button topics such as vaccines, personal protective equipment, and government assistance.
Yaqub said this highlights the importance of training employees on how to avoid phishing traps. But while standard cybersecurity measures such as educating employees and making sure emails from outside the company are labeled "external" can help prevent attacks, some experts believe that what companies do on the back-end is more important.
"There's only one way to truly avoid the implications of ransomware in your ecosystem, and that is with a really strong backup and recovery strategy," said Lucas Moody, CISO of Rubrik, a cloud data management company. "That's really the only way that you can walk away unscathed from a ransomware attack 100 percent of the time."
Moody explained that the cybersecurity industry has focused overwhelmingly on preventative controls, while backup and recovery has been somewhat neglected. With the advent of bolder and more pervasive cyberattacks, that's starting to change.
"In the future, we'll see companies invest appropriately in backup and recovery, making some of these attack types more and more moot and hopefully ineffective in the future," he said.
The prospect of a leak further complicates a ransomware response, because backing up data, in that case, won't stop personal information from falling into the wrong hands.
"Ransomware has typically been focused on encrypting and preventing the victim from accessing those files, but the latest evolution is the introduction of leakware," Yaqub said. "It's also now threatening the dissemination of that data and releasing that data to the public."
For healthcare, and other sectors that host sensitive information, the stakes are especially high, and hackers are taking advantage of how overburdened providers are during the pandemic.
"They're in the middle of this unprecedented pandemic, so their operations are all thrown off anyway," Howlett said. "They might be operating at peak capacity with limited staff. I think it's kind of a perfect storm that's put them on their heels as an industry."
Even prior to the pandemic, attacks on the healthcare sector were exploding. One report from Corvus, a commercial insurance provider, said attacks increased 350 percent in 2019.
"What we're seeing is a lot of healthcare organizations especially are being caught behind," Howlett said. "Obviously dealing with the pandemic is their number one job, and I wouldn't say security has fallen by the wayside. But it hasn't gone up in importance."