Ransomware in 2020 will be as destructive as ever, according to experts.
In a ransomware attack, critical data and files are encrypted and locked, blocking access, until a ransom is paid. The attacks aren't just limited to big cities: municipalities all over the country have been affected. Fox News asked experts to rank the worst to date, including a widespread attack that took down the city of Baltimore last year.
Here are the five most destructive attacks – and a preview of what’s to come.
In May of 2019, Baltimore was hit by a strain of ransomware called RobbinHood. The city refused to pay the $76,000 demanded. The attack caused widespread disruption of city services and property transactions.
Recovery costs have been estimated at $18.2 million. “Hugely disruptive and hugely expensive,” Brett Callow, threat analyst at anti-malware firm Emsisoft, told Fox News.
While not a specific event, the Maze ransomware family wreaked havoc in 2019 and continues to do so, recently affecting the city of Pensacola, Fla. this past December.
"The bad actors behind the ransomware created a website “intended to ‘name and shame’ their victims, while also threatening to publicize data stolen from their networks if they do not pay the ransom,” Satnam Narang, senior research engineer at cybersecurity firm Tenable, told Fox News.
Marcus Carey, enterprise architect in the office of the CTO at ReliaQuest, agreed with Narang's assessment. "Compared to other ransomware, Maze has unique infection methods, aiming to dupe a victim by creating lookalike websites, even imitating trusted government sites and cybersecurity websites to execute its attack," Carey said.
CAMPBELL COUNTY HEALTH
The 2019 attack on Campbell County Health in Gillette, Wy. is one of the worst in recent memory, Emsisoft's Callow said. “While most ransomware incidents are expensive inconveniences, the attack on CCH put lives at risk.”
“Emergency patients had to be redirected to other hospitals, new admissions were halted and clinics continued to have limited access to patient information a month after the attack. The fact that this incident, and the attacks on other U.S. hospitals, did not result in any loss of life was simply a matter of luck,” Callow added.
Sodinokibi, also known as REvil ransomware, is already responsible for payment demands totaling millions of dollars in the first week of January 2020, said Tenable’s Narang.
“Sodinokibi is part of a worrying trend of ‘Big Game Hunting’ ransomware attacks, where attackers focus on targeted, low-volume activity with a potentially high return,” Narang said.
LAS CRUCES PUBLIC SCHOOLS
The Las Cruces Public Schools district in New Mexico had to reformat 30,000 devices, as described by Emsisoft's Callow.
The malware behind the ransomware has been identified as Ryuk malware. Ryuk typically focuses on targets in the government and military and has the ability to exploit just one machine, before spreading throughout a network quickly and infiltrating data, according to ReliaQuest's Carey.