In 2023, the United States faced a relentless onslaught of financially driven ransomware attacks. These assaults impacted 2,207 hospitals, schools, governments, and private sector companies, as detailed by Emsisoft in their report “State of Ransomware.” The ransomware epidemic, as dire as ever, not only disrupted critical services. It also claimed lives, with an estimated 42 to 67 Medicare patients killed between 2016 and 2021.
From a cyber liability insurance perspective, consider this line from the Emsisoft research. “For example, was cyber insurance a driver of the 29,900 percent increase in demands and, if so, how could that have been avoided? The lessons learned may enable more effective legislative responses to future threats.”
Calls for a radical solution have intensified. Many advocate for a complete ban on ransom payments as the only effective measure against the escalating crisis. The numbers speak for themselves, detailing the increasing impact over the past three years:
Some Takeaway:
- Hospital systems: 2023 saw 46 hospital systems compromised, affecting 141 hospitals, causing ambulance rerouting and data theft.
- K-12 schools: Ransomware incidents doubled, impacting 108 school districts. Hackers obtained details of campus rape and teacher abuse cases, putting sensitive information at risk.
- Post-secondary schools: 72 institutions fell victim to ransomware, a notable increase from previous years.
- Governments: Hackers targeted 95 entities, including cities like Dallas and Oakland, stealing data and demanding ransom payments.
- Private sector: Cybercriminals set their sights on numerous major companies, including Boeing and MGM Resorts, leading to a staggering $449 million in ransom payments extracted in the first half of 2023.
Security experts, including Emsisoft, argue that banning ransom payments is the only effective strategy, emphasizing that the profit-driven nature of ransomware necessitates cutting off the revenue stream. Despite governmental efforts, including international coalitions and task forces, ransomware continues to thrive, demanding decisive action.
Critics cite potential challenges in implementing a ban, including concerns about victim impacts and the persistence of cyber criminals. However, proponents assert that the short-term pain of a ban outweighs the long-term consequences of continued attacks, emphasizing the need for global leadership to confront this growing threat.
The urgency to combat ransomware is no longer a silent plea. Threat actors are escalating their tactics, resorting to cruel intimidation tactics like threatening cancer hospitals with swatting attacks. This demands immediate and decisive action from both governments and individuals.
Source: The State of Ransomware in the U.S.: Report and Statistics 2023
Other News: Should Ransomware Payments Be Banned? (Opens in a new browser tab)