Ransomware is one of the most concerning cybersecurity threats for individuals, SMBs, and enterprise environments alike.
This year has ushered in a resurgence in ransomware activity. Hackers continue to disrupt organizations of all sizes and industries. Even targeting governmental organizations was far from exceptional.
In this article, we’ll take a look at the biggest ransomware attacks of 2019 and the severe impact they have had.
Table of Contents
Ransomware Trends in 2019
According to Malwarebytes, a sharp increase in ransomware activity was observed in 2019. Ransomware was proliferated in 2016 and 2017 and then seemed to be on the decline.
However, in 2019, ransomware has been revitalized in and is being used in a large way to attack not consumers per se but businesses in very targeted attacks that presume to yield much larger payouts. Since the second quarter of 2018 to the second quarter of 2019, Malwarebytes noted a 365% increase in business detections of ransomware.
Don’t forget to check our article about ransomware and ransomware trends if you would like to find out more.
Ransomware Statistics to Take Note of:
- A new business will fall victim to a ransomware attack every 14 seconds in 2019. In 2021, that number will be every 11 seconds – KnowBe4
- Ransomware attacks have increased by 97% since 2017 – AttackIQ
- 34% of those affected took a week if not more to restore full access, up from 29% in 2016 – Kaspersky
- Ransomware generates over $25 million in revenue for hackers each year – Business Insider
- The NotPetya ransomware attack cost FedEx $300 million in Q1 2017 – Reuters
Countries Most Affected by Ransomware
Countries most affected by ransomware – SecurityBoulevarde.com
Predictions for 2019 and Beyond
Comparitech cited several ransomware predictions for 2019 by leading cybersecurity companies.
- The Dharma and Ryuk ransomware and their variants are now the most popular variant and will continue to be the most popular throughout 2019. (Source: Coveware)
- Cybersecurity Ventures predicts ransomware will cost $6 trillion annually by 2021. (Source: Cybersecurity Ventures)
- McAfee predicts some common ransomware targets will decrease. However, the company suggests cybercriminals will target less common and more vulnerable victims, such as individuals with high net values and connected devices (IoT). (Source: McAfee)
- Palo Alto Networks predicts a noticeable increase in Mac ransomware this year. (Source: Palo Alto Networks)
- MIT predicts cloud computing companies will see increased attacks against their systems. (Source: Computer Weekly)
Industries Targeted by Ransomware in 2019
There are several ransomware attack trends that become apparent when you look at ransomware attacks that have been carried out so far in 2019.
Organizations and companies attacked by ransomware:
- Large businesses
- Small municipalities
- Government offices
- School districts
- Logistics and technology companies
As shown in the Notable Ransomware Attacks in 2019 below, hackers have seemingly targeted large businesses and very ill-equipped small municipalities alike. Large businesses will often pay large sums of money to gain access to their systems. Small municipalities are often ill-equipped to defend against ransomware and are often easy prey for ransomware attacks.
Additionally, lucrative targets have included healthcare providers whose entire daily operations and business model revolves around technology-provided healthcare (patient records, charting, billing, etc).
Notable Ransomware Attacks in 2019
1. January 9, 2019 – City of Salisbury, Maryland police department suffered a ransomware attack.
- Hacker asked for an undisclosed sum of money
- Type of ransomware is unknown at this point
- Some data remained inaccessible after two weeks
- The police department had backups of business-critical data
- No evidence that data was lost or stolen during the attack
2. February 2019 – Vulnerability in common MSP tool used for distributing ransomware.
- ConnectWise and Kaseya
- Proof of concept vulnerability to reset administrator credentials
- Used to spread ransomware
3. March 1, 2019 – Jackson County, Georgia suffered a ransomware attack crippling systems through the county.
- Type of ransomware was undisclosed
- County official confirmed $400,000 was paid to hackers to restore access
- All departments were impacted during the attack, including 911 and emergency systems which they worked on restoring back first
4. March 1, 2019 – Jefferson City, Georgia was hit with a ransomware attack.
- The 911 dispatch services were affected and the whole town’s IT infrastructure went down.
- Part of the overall Jackson County Georgia ransomware attack
- The city had to revert to pen and paper for daily operations
- 911 operations had to go to manual processes and jail inmates had to be let out of cells via manual means
5. April 1, 2019 – City of Lodi, California was hit with a ransomware attack that disrupted phone lines and city financial systems.
- Ransomware demanded 75 Bitcoins ($400,000) at the time of the attack
- Ransomware encrypted files and knocked out phone lines
- They had to rebuild from backups
6. April 10, 2019 – Greenville, North Carolina, was hit with ransomware that knocked most of the city’s computers offline.
- Robinhood Ransomware was to blame
- Ransom was not paid
- The city opted to restore data and systems from backups
7. May 7, 2019 – City of Baltimore hit by ransomware.
- $18 million so far in damages
- Robinhood Ransomware variant
- 13 bitcoins demanded
- All systems were affected by the city
- The attack took weeks of recovery efforts
8. May 29, 2019 – City of Riviera, Florida was hit with an email infected with ransomware.
- All email, phones, police records, public works, city attorney’s office, library, and other systems were taken offline
- The city council authorized the city insurer to pay 65 bitcoins, valued at $600,000
- FBI was involved in the investigation, data was down for days
- The city invested another $900,000 in new hardware to help prevent future attacks
9. June 10, 2019 – City of Lake City, Florida was hit with a ransomware attack crippling all city systems.
- The city had antiquated systems running the city’s infrastructure which made it an easy target for hackers.
- Hackers demanded $500,000
- 42 Bitcoins were eventually paid by the city via their insurance
- The city paid $10,000 of this amount
- IT director was fired after the incident
- The type of ransomware was not disclosed
10. July 6, 2019 – La Porte County Indiana suffers the effects of a ransomware attack.
- Ryuk ransomware was to blame
- 7% of laptops were affected
- Two domain controllers were taken offline due to the infection
- The county had backups, however, the ransomware affected them
- The county had cybersecurity insurance
- Paid $130,000 in Bitcoin to restore systems after the attack
- Systems were not available days later
11. August 16, 2019 – Ransomware attack that struck 23 small local governments in Texas, holding them ransom for some $2.5 million.
- 23 entities in Texas reported ransomware attacks
- Type of ransomware has not been revealed
- Ransom demanded – $2.5 million
- Texas cities have refused to pay the ransom
12. September 5 – Flagstaff Arizona school district suffered a ransomware attack
- Internet services were shut down
- Classes were canceled for two days following the infection
- Laptops had to be reset to factory defaults
- The type of ransomware was undisclosed
- Affected some 10,000 students
13. October 1, 2019 – Three hospitals of the DCH Health System in Alabama were all hit by a ransomware attack compromising key medical systems.
- Ryuk Ransomware variant was responsible for the attack
- Ransom was paid to hackers by the hospital
- The undisclosed amount for the decryption key
- Staff was forced to downtime procedures
14. October 14, 2019 – Pitney Bowes hit by ransomware attack.
- Ryuk Ransomware variant was responsible for the attack
- Customer access to services, shipping, and e-commerce systems was disrupted
15. October 24, 2019 – Municipal services in the City of Johannesburg was hit with a ransomware attack
- The attack perpetrated by a group calling themselves “Shadow Kill Hackers”
- 4 Bitcoins were demanded
- The group posted a ransom note to the city’s Twitter account
- The group threatened to release city data if the ransom was not paid
- A few days later the city had around 80% of the city’s resources back online
16. October 27, 2019 – National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities affected by a ransomware attack
- More than half of the organizations 700 facilities were affected by the ransomware attack
- The attack prevented the affected clinics from accessing patient records, payment systems, and practice management software.
- It took more than a week for the affected facilities to be recovered
- Ryuk ransomware was responsible for the attack
- The company has not disclosed the ransomware amount demanded or if the ransom demand was paid to restore access to their systems
17. November 2, 2019 – Government of Nunavut operations affected by ransomware.
- PDF files and Word documents were encrypted
- File servers were affected by the ransomware infection
- Employee email and voicemail was affected by the ransomware attack
- It is not known whether or not the government’s backups were affected by the ransomware
- They were attempting to restore network operations from backups
- At the end of November 2019, Microsoft has stepped in to help the government
- In an agreement signed before the attack, the government is being given assistance from Microsoft’s DART (Detection and Response Team) to bring systems back online
- Microsoft is utilizing the latest operating systems and cloud storage with advanced cybersecurity features for the rebuilding of the Nunavut government.
18. November 4, 2019 – Targeted ransomware hits several Spanish companies including one of the largest IT consulting companies in Spain as well as the nation’s largest radio network.
- Bitpaymer ransomware used in the attack
- The second time the Spanish entities have been hit by ransomware (hit with the notorious WannaCry ransomware in 2017)
- Hackers demanded $835,923 ransom to get a decryption key to unlock their files
19. November 15, 2019 – French hospital Rouen University Hospital-Charles Nicolle network attacked with ransomware.
- All five sites operated by the hospital affected
- Forced hospital to operate in degraded mode
- Included pen and paper operations
- Telephone instead of email communications
- No variant of ransomware was disclosed or a ransom amount
20. November 18, 2019 – State of Louisiana was the target of a ransomware attack that took down the state’s Office of Motor Vehicles, Department of Health and Department of Public Safety.
- Ryuk ransomware is responsible
- Trickbot used Microsoft Group Policy and PsExec software to spread the ransomware across multiple Active Directory domains
- Ransom amount demanded was not disclosed
- The state is slowly getting affected systems back online
21. November 21, 2019 – Livingston School District in New Jersey victim of a ransomware attack.
- Nearly every piece of data needed to run the school district was locked with ransomware
- They are working with a private security firm to hopefully recover the data.
- The undisclosed amount is being demanded the ransom
- Unsure whether or not the district will pay the ransom at this point
22. November 25, 2019 – New York Police Department fingerprint database was taken offline due to ransomware.
- A contractor working in the environment plugged in an infected NUC computer
- The infection spread to 23 other computers
- These were connected to the fingerprint scanning system
23. November 25, 2019 – Virtual Care Provider Inc (VCPI) had nearly
- 80,000 computers and servers powering care facilities across 45 U.S. states affected by ransomware.
- The Ryuk ransomware appears to be the culprit in this attack
- Hackers are demanding $14 million in Bitcoin to restore the computers
24. November 27, 2019 – Global security company Prosegur hit with ransomware.
- Ryuk ransomware to blame
- Some claim networked alarms were hampered by the ransomware attack
- No ransom amount was disclosed
- Within a day the company tweeted the ransomware was contained and systems were on their way to being restored.
Protection From The Ransomware Threat
Ransomware is certainly going to be the big cybersecurity story of 2019 with the multitude of targeted, successful attacks on businesses across several industries.
Ransomware security becomes vital for organizations using G Suite and Office 365 in their daily operations.
Strong cybersecurity measures, as well as effective backups of on-premises and cloud environments, will be key to ensuring data is both safe as well as protected in case of a cybersecurity breach involving ransomware. Check out SpinOne for protecting your valuable cloud assets in either G Suite or Office 365.