An uptick in ransomware complaints flooded the FBI in 2020’s final months, including a spate of attacks on hospitals, The Washington Times has learned.
In each of the last four months of 2020, the FBI received more than 200 complaints about ransomware, according to data compiled by the FBI’s Internet Crime Complaint Center that was shared with The Times.
Victims’ cash losses more than tripled in 2020 year-over-year to $29.1 million, according to data collected by the FBI.
The complaints peaked in October with 302 reports of ransomware, malicious software that infects a computer system and threatens to publish the victim’s data or block access to it unless a ransom is paid.
The rest of 2020 had just two months with 200 ransomware complaints to the FBI, according to the data, which does not capture unreported ransomware attacks.
The bureau did not track ransomware attacks by industry but contemporaneous reports show that the healthcare industry was under siege.
Sky Lake Medical Center in Oregon got hit with ransomware in October, and the center’s spokesperson Tom Hottman said he recalled reading about many dozens of similar attacks nationwide in the same timeframe.
Mr. Hottman said hospitalized patients’ care was “largely unaffected” but electronic medical record and ensured care functioned at a “slower tempo.”
“The malware was identified as “Ryuk,” which some news organizations have attributed to Russia,” said Mr. Hottman in an email. “In cooperation with enforcement agencies, we identified where the source code was that could have led to a discussion with the attackers, but we elected to not entertain any discussion of ransom, therefore no conversations ever took place, nor was any ransom paid. Also, we identified a limited number of diagnostic imaging procedures which were negatively impacted – i.e., encrypted – by the virus.”
Sky Lake Medical Center reported that there was no indication that personal health information was compromised or shared. Patients affected by the ransomware’s encryption of their medical imaging are being offered the opportunity to have imaging procedures redone at no cost.
Last month, the Greater Baltimore Medical Center disclosed that it suffered a cyberattack in December which the Baltimore Sun identified as resulting from ransomware.
The hospital did not respond to requests for comment and has not disclosed details of the attack such as suspects or the nature of the attack.
Ransomware attacks are proving more successful and growing more sophisticated, said Brett Callow, threat analyst at software company Emsisoft.
He said cyberattackers that formerly just encrypted the data in a ransomware attack now also look to steal it as extra leverage to profit from their crimes.
“These are no longer expensive and disruptive inconveniences, they can seriously damage health care in terms of their reputations and bottom lines,” Mr. Callow said.
The attacks could affect life-or-death decisions for patients.
Mr. Callow pointed to the experience of an ill German woman whose ambulance was redirected to a different hospital because the first option was suffering a cyberattack. The woman died shortly after receiving treatment at the second hospital, according to Wired, but prosecutors decided against pursuing the hour-long delay in treatment as contributing to her death.
In the U.S., ransomware attacks are one component of the multitude of threats that the nation’s critical infrastructure faces regularly. While infrastructure often conjures images of railways, runways, and roadways in need of repair, it now also means digital systems and computer networks that undergird the information superhighway.
A cyber-breach of a water treatment plant in Oldsmar, Florida, was likely the result of poor password security and an outdated operating system, according to federal officials. A plant operator quickly prevented the hacker from changing the drinking water’s level of sodium hydroxide, also known as liquid drain ingredient lye, from 100 parts per million to 11,100 parts per million.
Investigators have yet to identify a suspect.
Security experts say the attempted attack is not a challenge that is unique to the 15,000-person town located just outside Tampa.
“While I don’t think that this is a big deal in the sense that, ‘Oh, some scary foreign government is trying to poison the poor people of a small town in suburban Tampa,’ I do think that this is noticeable and maybe a valuable item in that it highlights just how we as a society have underinvested in certain elements of critical infrastructure operations and the resulting security of those operations,” said Joe Slowik, DomainTools security researcher.
Don’t be surprised if you see your water bill goes up as organizations try to limit their exposure to similar attacks, Mr. Slowik said.