The recent ransomware attack on Colonial Pipeline was an all too familiar story to businesses across the United States.
The pipeline, which supplies fuel to some 50 million people from the Gulf Coast up through the entire East Coast, was closed last Friday as a precautionary measure after a ransomware attack. The company and the U.S. government continue to investigate the extent of the impact.
Over the past few months, ransomware attacks have not only hit businesses of all sizes, but also hospitals in New York, Nebraska, Oregon, and Michigan, among multiple other states. Police and sheriffs’ offices, schools, and local governments, from Atlanta to Baltimore to Fisher County, Texas, have suffered a similar fate.
A recent report from the Ransomware Task Force, a group of 60 cybersecurity experts from industry and government, sheds light on both the alarming increase in the frequency of these attacks and the ransom size they demanded.
In 2020, it estimates $350 million in ransom was paid to attackers – a more than 300 percent increase over the previous year – with an average payment of over $300,000.
According to a 2021 report, the greatest number of victims in 2020 by industry were in manufacturing, professional and legal services, and construction. Healthcare, manufacturing, and education businesses experienced significant increases. Attacks against industry sectors, including aerospace, also appear to be on the rise.
Often, organizations hit by ransomware face a very difficult choice: either pay a ransom and fuel a criminal market or refuse to pay and hope their computer systems can be restored.
If businesses decide to pay the ransom to quickly resume operations, the price can put their business on the brink of bankruptcy. Moreover, there is no guarantee their systems will be restored.