Report Highlights Election Concern: Ransomware Attacks on the Rise in the US

The data supports a series of alarming recent revelations from hospital systems, city and county governments, and other targets that have been affected. Check Point recorded more than 300 ransomware attacks in the third quarter, up from approximately 150 in the second quarter.

And it follows a series of highly publicized attacks last week: one targeting Tyler Technologies, a provider of software used by numerous local governments, and Universal Health Services, one of the nation’s largest hospital companies. A statement on the Tyler Technologies website has said that the company does not directly manufacture election software and that the software it produces and is used by election officials to display election information is separate from its internal systems that were affected by the attack. .

US hospital networks are among the most popular targets for ransomware attackers, accounting for 16 percent of total volume for the quarter, said Check Point Lotem threat analyst Finkelsteen, who published a report on the threats. findings Tuesday. Hospitals are seen as a critical piece of the national response to the coronavirus, and their need to stay operational at all costs has emboldened attackers who have become increasingly confident in a quick payday, Finkelsteen said.

“Hackers are invading ransomware because others have done it successfully,” he told CNN. “Organizations are willing to pay. Organizations pay the price instead of dealing with encrypted files and the need to recover their IT systems. This creates a vicious cycle: the more ‘successful’ these attacks, the more frequently they occur.”

Paying hackers can seem like a quick fix to an immediate problem. But experts warn that paying ransoms only creates more incentives for the attacks to continue. The US government finally got involved last week, as the Treasury Department issued two warnings that paying hackers or facilitating the payment of a ransom on behalf of a victim could be considered a violation of US sanctions. USA If the recipient is in a target country.

“A person subject to US jurisdiction can be held civilly liable even if he did not know or had no reason to know that he was engaging in a transaction with a person that is prohibited by sanctions laws and regulations,” said the warning.

Refusing to pay ransoms could lead to short-term problems, including posting compromised internal data on the Internet, Finkelsteen said. But, he cautioned, the current trend in payments points to a worse outcome: hackers funnel their profits into research and development to create even more powerful forms of ransomware.

“The most effective way to end the cycle is to stop paying the ransom,” he said. “Simply put, if the cash flow stops, the attack flow stops.”

Other sectors that have been targeted include US manufacturing, software vendors, government agencies, and insurance or legal providers, Check Point said.

Ransomware could pose a risk to the electoral process if systems designed to support voting are removed, Finkelsteen said, but so far experts consider it “primarily a hypothetical threat at this time.”