Report highlights concern heading into election: Ransomware attacks on the rise in the US
Washington(CNN Business) Cyberattacks that seize control of computers and hold them for ransom are on the rise, with the United States seeing a doubling of so-called "ransomware" attacks over the last three months compared to the previous quarter, according to Check Point Research, a cybersecurity firm.
The data back up a slew of alarming recent disclosures from hospital systems, city and county governments, and other targets that have been hit. Check Point recorded more than 300 ransomware attacks in the third quarter, up from roughly 150 in the second quarter.
News of the spike comes as Americans brace for a chaotic election — and a bumpy flu season that could exacerbate the ongoing effects of the coronavirus pandemic.
And it follows a series of attacks that became highly publicized last week: One targeting Tyler Technologies, a software vendor used by numerous local governments, and Universal Health Services, one of the nation's largest hospital companies. A statement on Tyler Technologies' website has said the company does not directly make election software and the software it does produce that is used by election officials to display voting information is separate from its internal systems that were affected by the attack.
UHS said in a statement Monday that it is continuing to restore service to its IT network and that no electronic medical records were directly affected by a cyberattack that took place Sept. 27.
US hospital networks have been among the most popular targets for ransomware attackers, accounting for 16 percent of the quarter's overall volume, said Check Point threat analyst Lotem Finkelsteen, who published a report on the findings Tuesday. Hospitals are viewed as a critical piece of the nation's coronavirus response, and their need to remain up and running at all costs has emboldened attackers who've become increasingly confident in a quick payday, said Finkelsteen.
"Hackers are swarming on ransomware because others have done it successfully," he told CNN. "Organizations are willing to pay. Organizations pay the price instead of dealing with encrypted files and the need to recover their IT systems. This creates a vicious circle: The more such attacks "succeed," the more frequently they occur."
Paying off hackers might seem like a quick solution to an immediate problem. But experts warn that paying ransoms only creates more incentives for attacks to continue. The US government finally got involved last week, as the Treasury Department issued two warnings that paying off hackers, or facilitating a ransom payment on behalf of a victim, could be considered a US sanctions violation if the recipient is located in a target country.
"A person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations," the warning read.
Refusing to pay ransoms could lead to short-term pain, including the release of compromised internal data on the internet, said Finkelsteen. But, he warned, the current trend of payments points to a worse outcome: Hackers funneling their proceeds into research and development to create even more potent forms of ransomware.
"The most effective way to put an end to the cycle is to stop paying the ransom," he said. "Simply put, if the cash flow stops, the attack flow stops."
Other sectors that have come under attack include US manufacturing, software vendors, government agencies and insurance or legal providers, Check Point said.
Ransomware could pose a risk to the election process if systems designed to support voting are brought down, Finkelsteen said, but so far experts regard it as "mainly a hypothetical threat right now."
