America’s massive ransomware problem, explained

“A cybercriminal only has to be lucky once, while a defender has to be lucky every minute of every day.”

That’s from a recent report on ransomware by the Institute for Security and Technology (IST) — basically The Avengers of cybersecurity.

Ransomware is a malware that demands ransom in exchange for decrypting files or to prevent the sharing of stolen data. As inconveniences go for IT departments, it’s numero uno.

And the problem is only getting worse

Ransomware attacks are increasingly common. Some of the latest include:

• The Colonial Pipeline: This month hackers were paid $4.4m to restore systems to the operator of a gas pipeline that supplies ~45% of the East Coast
• CNA Financial: The insurance company paid $40m in March to free itself from a ransomware attack

In 2020, ransomware victims coughed up a total of $350m (311% more than 2019).

Ransomware is a pain in society’s ass

Pretty much every institution is a target:

• Public health: An October attack on the University of Vermont Medical Center cost ~$64m
• Local governments: A May 2019 attack on Baltimore cost $18.2m and took out the city’s 911 dispatch system
• Schools: 57% of all attacks in August and September 2020 were on K-12 schools

The average downtime from an attack is 21 days. Even after paying a ransom, it takes an average of 287 days to fully recover.

But the IST has a plan

The group’s report outlines a plan to turn the tide in the ransomware fight.

A key recommendation is better coordination between agencies within the United States (e.g., National Security works closely with a new cyber security agency) and with similar groups in other nations.

Seems simple (it’s not). You can read more about each step here.