Ransomware attacks in US down to lowest level in years: report

Ransomware attacks have gone down drastically this year, a new report has revealed. The report indicated that only 89 cases of ransomware were reported in the first quarter. The COVID-19 crisis has forced many institutions to shut down, reducing their attack surface. However, we are not out of the woods yet, with the report stating that relief is only temporary.

Ransomware attacks affected 966 U.S. government agencies, educational organizations and healthcare providers in 2019. This number was projected to rise by most security researchers this year. However, according to a report by New Zealand cybersecurity company Emsisoft, ransomware attacks have fallen sharply. The security researchers stated that this is the lowest number of attacks they have seen in several years.

In the first quarter of the year, 89 attacks were reported. January was the worst hit, with the number of attacks decreasing as the coronavirus pandemic worsened. In January, 39 organizations were hit, with government organizations being the most targeted at 19 cases. Education and healthcare saw ten cases each. In March, government entities reported just seven cases, with healthcare and education reporting 3 and 2 cases respectively.

The decrease has largely been due to the lockdown in the U.S., with businesses either shutting down or allowing its employees to work from home. This has reduced their attack surface, the researchers pointed out.

Emsisoft’s report reiterates an earlier report by blockchain analytics firm Chainalysis which pointed out, “So far, the on-chain data suggests ransomware attacks — or, at least, ransomware payments — have decreased significantly since the COVID-19 crisis intensified in the U.S. and Europe in early March.”

Hackers have also unexpectedly showed concern for their victims. A month ago, Bleeping Computer reached out to some of the most prolific ransomware operators, asking them if they are still targeting health services during the crisis. They indicated that they will not target healthcare industry, and if companies in this sector get hit accidentally, they will offer decryption for free. The hacker groups, which included DoppelPaymer, Maze and CLOP also indicated that they generally avoid healthcare and emergency services.

The Emsisoft researchers were however quick to note that while the relief is welcome, it’s still too early to celebrate. Once the organizations resume normal operations, the attacks will resume, they believe.

Fabian Wosar, the company’s CTO further pointed out that there has never been a worse time to get hit by ransomware given the dire financial situation most companies are in. He stated, “Companies are hurting financially and many are reliant on government support programs for their survival. I fully expect that some of the companies hit by ransomware in the coming weeks will fail; attacks will be the straw that broke the camel’s back.”