When we think of ransomware, we don’t automatically think of phishing attacks, but we should! The most common way ransomware and malware infect a network is, in fact, from phishing. So, it’s no surprise that both are on the rise. According to Microsoft, phishing attacks increased 250 percent in 2018 and have continued to grow in 2019. In fact, according to Webroot, there are 1.5 million new phishing sites created each month. Likewise, ransomware statistics (as shared by Coveware) show an increase in both growth and severity:
- The average ransom increased 89 percent in Q1 2019 – to $12,752
- Average length of a ransomware attack – 7.3 days
- Average cost in downtime of a ransomware attack – $64,645
- Average size of a company targeted by ransomware – 114 employees
Two industries that have been hit particularly hard are cities and municipalities and the healthcare sector. Both rely heavily on systems and data to conduct business, considered to be mission critical. Let’s take a look at a few such ransomware attacks.
The City of Baltimore was the victim of a ransomware attack that brought their systems to a standstill. Town utility invoices stopped going out, creating havoc, and for over a month, employees had no access to their network. While the original threat actors demanded $76,000, the city refused to pay the ransom and so far it has cost them more than $18 million for remediation, new hardware, and lost or deferred revenue.
In Florida, two cities recently paid out a combined $1.1 million in bitcoin to regain access to their files after a ransomware attack on Riviera Beach and Lake City. The culprit was a malicious link in a phishing email attack clicked on by a city employee.
Targeting cities and municipalities is becoming commonplace. According to FBI and the Department of Homeland Security, more than 50 cities, large and small, have been hit with ransomware attacks, including Atlanta, which cost the city $17 million.
The healthcare industry is also becoming a soft target for phishing attacks and ransomware. According to an article in Intelligent Healthcare Media, there were five US-based healthcare organizations hit with ransomware attacks in just a seven-day span recently. One of the reasons healthcare is often targeted is their lack of focus on attack prevention efforts. In a blog we penned this past June, we citied a Business Insider article that shared some alarming lack of priority with regards to IT security:
- Privacy and security are health firms’ third-highest priority, despite the growing attack threats
- Health firms are reluctant to make cybersecurity efforts an investment priority, despite the high cost of data breach remediation (think HIPAA penalties)
- Health firms have called for a change to policy that would make HIPAA-compliant health firms exempt from the hefty government breach penalties, arguing that organizations that expect to be penalized regardless of whether their countermeasures are up to snuff may underinvest in security
- Cybersecurity is underfunded primarily because the sophistication of cyberattacks increases at a faster rate than prevention capabilities, there are too many competing priorities, and the cost of countermeasures is too high
- If dollars allocated to cybersecurity can’t keep pace with the security threat, we’ll likely see a greater volume of breaches (which we are now seeing)
As phishing continues to grow as a vector for ransomware attacks, what is crucial for cities and municipalities, healthcare organizations, and any other targets is a zero-hour, real-time phishing threat prevention solution. Being able to block employee web traffic to phishing sites (via malicious links and other vectors) and stop a ransomware attack at the start of the kill chain, is paramount.
SlashNext Real-Time Phishing Threat Intelligence is the industry’s broadest, most up-to-the-minute intelligence on phishing threats. It is powered by SEERTM (Session Emulation and Environment Reconnaissance) threat detection technology using virtual browsers in a purpose-built cloud to dynamically inspect sites with advanced computer vision, OCR, NLP, and active site behavioral analysis. Machine learning enables definitive verdicts—malicious or benign—with exceptional accuracy and near-zero false positives.
See what threats you’re missing. Contact us for a demo or try SlashNext Real-Time Phishing Threat Intelligence free for 15 days.