Ransomware attacks are happening to companies every day, permeating every industry imaginable. Although many companies succumb to the mindset that it would never happen to them, cyber security should be a high priority item in the budget for any business, large or small. Over the past year alone, we’ve seen 1000’s of cyber attacks in the United States, affecting millions of citizens both directly and indirectly [1].

What is Ransomware?

Ransomware is a type of malicious software that unravels when the user clicks a link in a phishing email or downloads an email attachment. Once activated, this malware can take over a computer or even an entire network. Ransomware can also be delivered through security holes and infect an unpatched system without any action by the user.
Cybercriminals target victims by breaching their (often protected) systems, encrypting their sensitive files, paralyzing operations, and then demanding high payments to put an end to the ransom. While no industry is immune, there are some that are more affected than others.

Who is Affected By Ransomware?

Cybercriminals target victims by breaching their (often protected) systems, encrypting their sensitive files, paralyzing operations, and then demanding high payments to put an end to the ransom. While no industry is immune, there are some that are more affected than others.

1. Healthcare – A ransomware attack on medical facilities has some of the most threatening implications of any industry. Yes, the financial toll is huge for the institution, but the subsequent effect on patients puts lives at risk. In Germany, the first ransomware related death was recorded last year when a woman was unable to receive a life-saving surgery due to the breach. [2]

2. Education – Last year, ransomware attacks affected over 86 universities and colleges. These attacks also disrupted the operations of nearly 1,224 individual schools. [3] The residual impact of breaches in this industry are massive. Cyber criminals threaten to hold personal information captive or release private data unless a hefty ransom is paid.

3. Information Technologies – The IT sector suffers immensely from cyberattacks, and has especially found themselves targeted in the post-pandemic era. With unprotected office networks and work-from-home computer systems, ransomware actors took advantage of the disruption with increased threats. With the incentive of safely recovering data, companies were forced to pay ransoms totalling $412 million in 2020. That’s a 341% increase from the last two years. [4]

4. Municipalities – Government buildings are not immune from ransomware attacks. In fact, in Baltimore & Texas, the municipalities chose NOT to pay the ransom, but ended up spending just as much money on remediation. Additional losses came in the form of productivity and man hours. The time spent catching up on lost time understandably compromised their level of service to citizens.

5. Critical Infrastructures – These are perhaps the most destructive type of ransomware attack because of the effect they have on humanity. Water, electric, sewer, gas, power, transportation – basically anything to do with supply chains would affect the general population in the case of a ransomware attack. For example, a small trucking company who did not have ransomware detection software suffered an attack on their internal systems last year. This put every semi-truck’s route at a halt. Drivers parked on the shoulder waiting to recover their dispatch route cost the company time and money. Not to mention the effect it had on the consumers awaiting their deliveries! [5]

Ransomware victims span across far more industries than even those listed above because cybercriminals don’t discriminate by industry. They simply target the vulnerable.

Don’t Underestimate Your Risk

Oftentimes companies assume a ransomware attack would only target large corporations. For instance, the Colonial Pipeline hack of 2021 occurred in an industry with enough capital to earn the attention of ransomware hackers, but small companies are at just as much of a risk. Even if the degree of a company’s vulnerability varies due to size, the vulnerability remains for all who are unprotected.

But wasn’t the Pipeline’s network protected, you may ask? Certainly, the Pipeline had cybersecurity in place. Most, if not all, targeted companies do. This breach had more to do with internal servers not being patched leaving holes for hackers to get in. Software needs updating constantly to ensure a better shield against hackers. If you don’t patch your system, hackers who are already scanning your system and are familiar with it, can easily penetrate those holes.
And while not everyone will lose $5 million in ransom payments, a company’s cybersecurity posture is what puts them at risk. Keystone’s wasn’t prepared (read: intelligent) enough to combat the ever-evolving malware tactics that go undetected each day. As ransomware adapts and evolves, so must the solutions.

Cyber Security is No Longer Optional

Effective cybersecurity solutions are usually expensive, presenting limitations to smaller, “mom-and-pop” companies. Advanced providers are using cutting edge technology to help solidify their cybersecurity posture. Too many large cyber industries don’t scale down to the little guy. For this reason, unprotected smaller companies become vulnerable since hackers know they’re unprotected.

Essentially, a business will either spend money on ransomware detection software, or the manpower to backup their systems regularly in lieu of that. The cost is high in either case.
Even beyond that, the largest losses of all would likely occur after a ransomware attack. Pick any industry – in any potential breach situation, it is not just the breach that causes the most concern, it’s the after effects. Be it informational or financial, ransomware attacks provoke costly losses; cybersecurity is no longer optional for any business in any industry.