There are dozens of reported ransomware attacks in the U.S. Many are in the public sector where disclosure rules force these entities to make these issues public. Cloud security solutions provider Armor recently put together a list of these entities who have been hit.
They identified the City of Borger, Texas is among the 23 local Texas government organizations hit by ransomware on August 16th 2019. There have been a total of 68 publicly reported ransomware attacks since January against municipalities, including the 23 in Texas. As of today, Texas leads the nation in the number of municipalities which have fallen victim to ransomware, they are currently up to 30 victims, followed by Georgia with 9, Florida and New York with 8, and Ohio with 7, etc. We were surprised to see Connecticut with 3 reported cases – relative to the population, this is a significant number. Connecticut has a population of 3.6 million while New York has 19.5 million.
See the full list is at the bottom.
Armor has tracked 134 U.S. organizations which have been infected with ransomware since the beginning of the year. Municipalities make up the largest portion. This is followed by healthcare organizations and school systems. The remaining victims fall into a variety of different industries including entertainment, law enforcement, etc.
States with Most Ransomware Incidents Affecting Municipalities
As of today, Texas leads the nation in the number of municipalities which have fallen victim to ransomware, they are currently up to 30 victims, followed by Georgia with 9, Florida with 8, along with New York, Ohio with 7, etc. . See the full list below.
Texas: 30 (with 23 announced August 16)
- Georgia: 9
- New York: 8
- Florida: 8
- Ohio: 7
- California: 7
- Pennsylvania: 6
- Washington: 5
134 U.S. Organizations Publicly Reported Victims of Ransomware in 2019
Out of the 134 victim organizations compromised by ransomware in 2019 in the U.S. (See the full list of victim organizations at the end of this document), municipalities make up the largest portion. This is followed by healthcare organizations and school systems. The remaining victims fall into a variety of different industries including entertainment, law enforcement, etc.
- 68 attacks on municipalities
- 23 attacks on healthcare systems
- 16 school systems, colleges or universities
- 7 law enforcement agencies
- 3 managed service providers (MSPs)
- 3 radio stations
- 2 media companies
- 2 large airport
- 1 synagogue
- 1 charity
- 9 other
The High ROI of Ransomware
Compared to the amount of money a ransomware operation can generate, the cost of getting into the ransomware game is negligible. Take for example, the threat actor (s) that hit Riviera Beach, Florida, they made off with $600,000 in one attack. The threat group that hit Lake City, Florida with the Ryuk ransomware collected $460,000 in one haul.
To get an idea of how inexpensive ransomware and ransomware-as-a -service (RaaS) solutions are being sold for on the Underground Hacker Markets, Armor’s Threat Resistance Unit (TRU) went into the Dark Web and found the following ransomware and RaaS offerings being advertised.
Generic Ransomware | $225 |
Generic Ransomware | $660 |
Inpivx Ransomware | Ransomware +Panel +Tutorial= $500 Ransomware-only-$300 Panel-only – $200 |
Ranion-(RaaS) | 12 months $900 6 months $490 1 Month $120 |
Megacortex Ransomware | $1,000 or €1,000 +10% of ransom |
The creators of the Inpivx ransomware offer to sell the source code to their panel, the ransomware and a tutorial for only $500. Or buyers could buy the components separately.
Inpivx pricing:
- Inpivx Ransomware + Panel + Tutorial = $500
- Inpivx Ransomware-only – $300
- Inpivx Panel-only – $200
Popular Ransomware Families
According to news reports, the ransomware which hit the local Texas governments is called .JSE ransomware. It is also sometimes referred to by anti-virus vendors as Nemucod, the downloader trojan which has been seen dropping the ransomware onto infected computers. This ransomware family is only one of hundreds of different ransomware families identified by Armor’s (TRU) research team and by the security research community. Other notable ransomware families which are making their mark in 2019 include:
- Ryuk is one of the most prevalent families of ransomware used in 2019 attacks (of those widely reported); In July, the FBI stated 100 companies were hit from Ryuk in the last 12 months
- In 2019, LockerGoga has been cited as being one of the prevalent ransomware threats to hit organizations in UK and Europe
- Other sporadic mentions of ransomware families relating to 2019 US attacks include: Dharma (Crysis), Cryptomix and MegaCortex; Robbinhood (City of Baltimore and Greenville, NC)
- GandCrab was by far the leading ransomware in 2018, by March 2019 there were 9 variants; in June 2019 GandCrab authors purportedly “retired” claiming $2 billion in collections and a decryption key was released by the FBI released in July 2019
- Sodinokibi/Sodin/REvil may be RaaS replacing GandCrab according to several security researchers.
An Ounce of Prevention is
Worth a Pound of Cure
From the rash of ransomware attacks which have occurred this year, if there is any lesson to be learned and only one preventive measure which can be taken is that organizations must utilize OFFLINE BACKUP STORAGE of all critical data, applications and application platforms. They must ensure that these are backed up, password- protected and air-gapped from the Internet and ensure that they have multiple copies.
Other Key Ransomware Protection Tips Include:
- White Listing Solution – limits the use of applications and processes that are allowed to run in your environment by providing a short list of approved applications and processes. Like a VIP List for your PC, if it’s not on the list, it’s not allowed.
- File Integrity Monitoring—Monitors your IT environment 24x7x365 for changes to critical OS, files and processes such as directories, registry keys, and values. It also watches for changes to application files, rogue applications running on the host and unusual process and port activity, as well as system incompatibilities.
- Practice Least Privilege Access Control –ensure the user has the least privilege for their job. This also applies to services.
- Audit/Penetration Testing from Independent, Third-Party Experts—to ensure that you are implementing best practices.
- IP Reputation Monitoring/Blocking—blocking bad known bad infrastructure and actors
- Continuous Security Awareness Training – educate employees about current and emerging cybersecurity risks and phishing emails. Effective training should actively engage employees and include policies concerning the correct response to suspected phishing attempts.
- Endpoint Protection Solution – includes protection, detection and response capabilities for laptops, workstations and mobile devices. Utilizes antivirus (AV) and antimalware (AM) to block cyber attacks. It is also used to quickly detect and remediate any malicious activity or infection that has made its way onto the endpoint.
Want more? We have further put together cybersecurity essentials – a simple list which will help most organizations become far more secure. Some of our list overlaps with the above.
Please go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360 are all great.
We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately.
Finally, learn about the latest in the Channel, MSPs and Cybersecurity at the world’s only #TechSuperShow, ITEXPO, Feb 12-14, 2020 Fort Lauderdale, FL.
Publicly Reported Victims of 2019 Ransomware Attacks
Vertical | Name | City | State |
Education | Bridgeport Public Schools | Bridgeport | CT |
Healthcare | Southern Hills Eye Care | Sioux City | IA |
Law Enforcement | Salisbury Police Department | Salisbury | MD |
Healthcare | ActivYouth Orthopedics | Paramus | NJ |
Municipality | City of Akron | Akron | OH |
Law Enforcement | Lamar County Sheriff | Lamar County | TX |
Municipality | City of Del Rio | Del Rio | TX |
Healthcare | Columbia Surgical Specialists | Spokane | WA |
Municipality | City of Sammamish | Sammamish | WA |
Healthcare | Southeastern Council on Alcoholism and Drug Dependence | New London | CT |
Municipality | Town of Colchester | Colchester | CT |
MSP | Florida ISP Talahassee | Talahassee | FL |
Payroll | Apex Human Capital Managament | Roswell | GA |
Education | Augustana College | Rock Island | IL |
Education | Park Rapids Public Schools | Park Rapids | MN |
Education | Taos Municipal Schools District | Taos | NM |
Education | Crosby ISD | Crosby | TX |
Media | Urban One Media | Atlanta | GA |
Municipality | Jackson County | Jefferson | GA |
Education | Grinnell College in Iowa | Grinnell | IA |
Healthcare | Brookside Medical Center | Battle Creek | MI |
Municipality | Orange County | Hillsborough | NC |
Other | Arizona Beverages Company | Woodbury | NJ |
Education | Hamilton College in New York | Clinton | NY |
Municipality | City of Albany | Albany | NY |
Education | Oberlin College | Oberlin | OH |
Law Enforcement | Fischer County Sheriff | Fischer County | TX |
Municipality | Garfield County | Panguitch | UT |
Healthcare | Shingle Springs Health and Wellness Center | Placerville | CA |
Municipality | Imperial County | El Centro | CA |
Municipality | City of Stuart | Stuart | FL |
Media | The Weather Channel | Atlanta | GA |
Municipality | Stone Mountain Park Association | Stone Mountain | GA |
Education | Sugar-Salem School District | Sugar City | ID |
Healthcare | Quantum Vision Centers | Swansea | IL |
Municipality | Howard County | Kokomo | IN |
Municipality | Daviess County Library | Owensboro | KY |
Healthcare | ResiDex Software | Boston | MA |
Municipality | Leominster Public School District | Leominster | MA |
Nonprofit | Fathers Bills and Mainspring | Quincy | MA |
Municipality | Genesee County | Flint | MI |
Municipality | City of Greenville | Greenville | NC |
Other | Cleveland Hopkins International Airport | Cleveland | OH |
Municipality | Potter County | Amarillo | TX |
Other | Asian Art Museum | San Francisco | CA |
Municipality | City of Rivier Beach | Riviera Beach | FL |
Healthcare | Talley Medical Surgical Eye Associates | Evansville | IN |
Healthcare | Kansas Heart Hospital | Wichita | KS |
Municipality | Louisville Airport | Louisville | KY |
Healthcare | Imperial Health | Lake Charles | LA |
Municipality | City of Baltimore | Baltimore | MD |
Municipality | Lansing Board of Water & Light | Lansing | MI |
Education | Oklahoma City Public Schools | Oklahoma City | OK |
Municipality | City of Washington | Washington | PA |
Municipality | Philadelphia Online Courts | Philadelphia | PA |
Municipality | Luzerne County Courthouse | Wilkes-Barre | PA |
Healthcare | Bayamon Medical Center/PR Women’s and Children’s Hospital | Bayamon, Puerto Rico | PR |
Municipality | Hutchinson County | Yankton | SD |
Municipality | City of Edcouch | Edcouch | TX |
Municipality | City of Laredo | Laredo | TX |
Healthcare | Wickenburg Community Hospital | Wickenburg | AZ |
Healthcare | Marin Community Clinics | Novato | CA |
Healthcare | Estes Park Health | Estes Park | CO |
Municipality | City of Lake City | Lake City | FL |
Media | WMNF Radio | Tampa Bay | FL |
Municipality | Office of the Courts and Judicial Council Georgia | Atlanta | GA |
Healthcare | Park DuValle Community Health | Louisville | KY |
Municipality | Strafford County | Dover | NH |
Transportation | A. Duie Pyle | Carteret | NJ |
Healthcare | Olean Medical Group | Olean | NY |
Healthcare | Seneca Nation Health System | Salamanca | NY |
Healthcare | NEO Urology | Boardman | OH |
Municipality | Fayette County | Fayette County | OH |
Education | Sul Ross State University | Alpine | TX |
Law Enforcement | St. Johns Virgin Islands Police | St. Johns Virgin Islands | VI |
Healthcare | Gray’s Harbor Commnuity Hospital | Aberdeen | WA |
Education | Houston County Schools | Ashford | AL |
Municipality | Gila County | Gila | AZ |
Media | KHSU-Humboldt State University | Humboldt County | CA |
Other | CorVel | Irvine | CA |
Municipality | City of Lodi | Lodi | CA |
Municipality | Key Biscayne | Key Biscayne | FL |
Law Enforcement | Lawrenceville Police Department | Lawrenceville | GA |
Law Enforcement | Georgia Department of Safety | Atlanta | GA |
Municipality | Henry County | Henry County | GA |
Media | CHR WCIL (101.5), Z100 WOOZ and news/talk WJPF (1020/1340) | Carbondale | IL |
Other | Draper, Inc. | Spiceland | IN |
Municipality | LaPorte County | LaPorte | IN |
Municipality | Vigo County | Vigo County | IN |
Education | Louiaina Public Schools | Sabine Parish | LA |
Municipality | New Bedford County | New Bedford | MA |
Healthcare | Truman Medical Centers | Kansas City | MO |
Law Enforcement | Lincoln County Sheriff | Lincolnton | NC |
Education | Gadsden Independent School District (GISD) | Gadsden | NM |
Education | Lyon County School District | Yerington | NV |
Municipality | Westchester County Library | White Plains | NY |
Education | Monroe College | New York | NY |
Education | Syracuse City School District | Syracuse | NY |
Municipality | Onodaga County | Syracuse | NY |
Municipality | Richmond Heights Polie Department | Richmond Heights | OH |
Education | Broken Arrow Public Schools | Broken Arrow | OK |
MSP | PM Consultants | Portland | OR |
Municipality | Butler County Federated Library System | Butler | PA |
Other | Unnamed Business? | Greenburg | PA |
Healthcare | Net Health | Pittsburgh | PA |
Municipality | Newport Public Schools | Newport | RI |
Municipality | Town of Collierville | Collierville | TN |
Education | Northwest Indian College | Bellingham | WA |
MSP | iNSYNQ-MSP Quickbooks Accounting | Gig Harbor | WA |
Other | Ohev Shalom Synagogue | Maitland | FL |
Healthcare | Eye Care Associates | Beaver Township | OH |
Municipality | Texas DPS, DHS -Austin* | Austin | TX |
Municipality | Texas DPS, DHS -Austin* | Borger | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |
Municipality | Texas DPS, DHS -Austin* | Local | TX |