Ransomware 2022-3-4: From nuisance to life threat
Technology for Lawyers
Published: February 2, 2024
Cybersecurity company Emsisoft has published a study of ransomware attacks from last year and the years before, and its findings are intense. So is its call to action.
Ransomware has gone from a nuisance to a public health and safety disaster since it was introduced around 2015.
Of particular sensitivity are ransomware attacks on hospitals and hospital systems.
In fact, the University of Minnesota School of Public Health recently published a study that concluded that: “From 2016 to 2021, we estimate that ransomware attacks killed between 42 and 67 Medicare patients.”
That is just the tip of the iceberg.
When a ransomware crew sets its sights on a hospital system, not only that hospital can get shut down, but the shuffling of patients to other hospitals is in itself a health problem for the patients and facilities.
Ransomware attacks have gotten more prolific and therefore have made more and more money.
That money has been plowed back into the ransomware businesses (best practices) and the influx of money has given the ransomware attackers better facilities, equipment and more evolved coding.
It’s a mess.
And it’s dangerous.
Between 2021-2023, over 100 hospital systems were infected (many with multiple hospitals).
And these stats (infections and deaths) are probably underreported.
And at the same time, governments and anti-malware groups have taken down numerous ransomware gangs (many of which are state actors). But it hasn’t been near enough. The attacks keep coming, only growing in sophistication.
What to do?
The solution proposed by Emsisoft and numerous other experts may be surprising: pay them. Not only that, but make paying them the law.
“The only viable mechanism by which governments can quickly reduce ransomware volumes,” says Emsisoft, “is to ban ransom payments.”
Ransomware is a profit-driven enterprise. If it is made unprofitable, most attacks will quickly stop.