Some good news, for once: Health care and government organizations started 2021 with ransomware incidents at their lowest point in more than a year.
Recorded Future reports that there were just two ransomware attacks on healthcare organizations in January, a fourfold decrease from the monthly average in 2020. In addition, state and local governments reported four ransomware incidents in January, compared to 14 attacks in December 2020 and 15 in December 2019.
Allan Liska, a ransomware expert at Recorded Future, said one explanation for the decline are the various crackdowns on ransomware groups. In January, the Department of Justice brought charges against a Canadian national as part of its effort to take global action against operators of the NetWalker ransomware. Earlier this month, French and Ukranian law enforcement arrested individuals allegedly tied to the Egregor ransomware-as-a-service operation, and in January, Europol announced an action to disrupt and take control of the Emotet botnet.
“For the most part, we don’t know what all the ransomware actors are thinking about all these takedowns,” Liksa said. “However, there are some signs that it’s had a chilling effect. Smaller groups like Fonix and Ziggy have seemed to shut down recently, suggesting that some operators may be getting nervous about law enforcement actions.”
Liska said the drop in incidents may be temporary, however, as January and February have traditionally been slow months for ransomware attacks against certain industries. In 2019, for example, only about 10 percent of ransomware attacks against the healthcare sector occurred during those two months, and that percentage was only slightly higher in 2020. School districts and government agencies could also see an uptick in ransomware attacks later this year, when students and teachers go back to school after more people are vaccinated.
Security pros tended to agree that the number of attacks at hospitals and schools will increase as the year goes on.
Kashif Hafeez, senior director at WhiteHat Security, said the move to remote learning during the pandemic opened up new attack surfaces that school systems were not prepared to support and leave them vulnerable to a major security event.
“As technology in schools continues to advance, so do the challenges that come with it — especially the cyber risks, which only intensify in the education sector,” Hafeez said. “In today’s environment, where schools operate remotely, they have increased the use of technology for teaching, learning and managing day-to-day operations. This provides cybercriminals with new opportunities, greatly increasing the attack surface, meaning that schools have become more vulnerable to cyberattacks.”
Mohit Tiwari, CEO and co-founder at Symmetry Systems, also said he didn’t expect to see fewer ransomware attacks on schools and hospitals in the months ahead. He said the absolute numbers are very small and any one outbreak can skew the numbers.
“With healthcare, in particular, computing flaws are highly correlated and can spread quickly,” Tiwari said. “With the right investments, there’s new technology that can shift certified workloads into safer virtual machines and put defenses around it, and better identity and authorize methods that prevent small errors from scaling out across the organization.”