How Ransomware is an increasing threat to the Public Sector.
The second half of 2019 and the start of 2020 has seen increased use of ransomware as a way of monetising cyber-attacks on businesses. This has included sustained attacks on local government in the USA, especially Texas and Florida, as well as high-profile attacks such as Travelex in the UK as well as the attack on the Department of Communications, Climate Action and the Environment (DCCAE) in Ireland. Travelex is now back online after almost a month and the DCCAE had good defences that caught the attack before it could do any lasting damage, but these were the reported attacks. The insurance provider Hiscox reported in 2019 that ‘Ransomware attacks have increased by over 97% in the past two years’ and the rate of attacks is increasing.
What is Ransomware?
Ransomware is a type of malware that infects a victim’s system, encrypts their data and threatens to block all access unless a ransom is paid. In effect it is extortion. In general, the ransom demanded is in line with what the firm or the individual can afford and is paid into a Bitcoin account so the actual account holder is not traceable. This enables the hackers to benefit from the attacks through payment in freely negotiable currency with limited exposure and less chance of being traced through bank accounts when they spend the money.
The public sector is increasingly being targeted?
While ransomware has been out of the headlines in the UK since the Wannacry cyber-attack cost the NHS an estimated £92m in 2018 the same has not been true in the USA where hackers seem to have been targeting the public sector. In August 2019, the New York Times reported 22 small Texas towns being hit in an apparently coordinated attack. This was the largest coordinated attack but by no means the only one on municipal authorities. Some USA city councils have paid up, Lake City Florida reportedly paid $600,000, most of which was covered by insurance. Others, such as New Orleans, have declared states of emergency as city services were taken offline and they had to revert to paper and pencil. At the same time, the monetary amount being demanded is increasing. According to ransomware removal specialists Coveware, it had reached $41,198 in quarter 3 2019.
But why the public sector?
There are several possible reasons including the fact the sector contains organisations that are often more collegiate, with individual parts having different priorities and budgets. These different working practices make co-ordination of response more difficult, even when there is a central IT function. This is not helped by the lack of resource and the reliance on older technology. As support for Windows 7 is withdrawn, and with that updates to anti-malware stop, health services are having to pay extra for continued support and protection. With around 80% of its estate still running Windows 7, Ireland’s Health Service Executive (HSE) is reported to be spending €1.1m to extend security support for the operating system
In the UK, the NHS still has around half its systems running on the outdated operating system. Though many hospital trusts are expecting to be able to negotiate some extended support that means a lot of systems will have to be replaced or renewed over the coming 12 months. Given that the Department for Health had been warned of the risks of cyber-attacks on the NHS almost 18 months before the WannaCry attack, there is a need for more urgency in addressing the potential loss of software support.