Internationally renowned security software company Emsisoft has declared a ransomware crisis and called on governments to take immediate action to improve their security and mitigate risks.
So serious is the threat posed by ransomware that the New Zealand company has published a report into the effects of the malware on the United States three weeks earlier than planned in an effort to prevent further attacks.
The State of Ransomware in the US: Report and Statistics 2019 was rushed out today along with a plea for urgent action. The publication date was revised following the recent $1 million Maze ransomware attack on the Florida city of Pensacola.
"This report was originally scheduled to be published on January 1st, 2020. We have, however, decided to release it immediately due to a recent incident in which a ransomware attack may have resulted in a municipal government’s data falling into the hands of cyber-criminals," wrote Emsisoft researchers.
"We believe this development elevates the ransomware threat to crisis level and that governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”
So far this year, 948 government agencies, educational establishments and healthcare providers in the United States have been impacted by ransomware. According to the report, the potential cost of these attacks could exceed $7.5 billion.
As a result of the unprecedented swathe of attacks, emergency patients had to be redirected to other hospitals, medical records were lost, and surgeries were cancelled. Some attacks interrupted 911 services, forcing dispatch centers to rely on printed maps and paper logs to track emergency responders in the field.
Emsisoft CTO Fabian Wosa said: “The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020. Governments and the health and education sectors must do better."
The report cites research which has found that governments are failing to implement basic and well-established cybersecurity best practices, even when legally required to do so.
Emsisoft researchers have called for improved security standards and oversight, more guidance, better public-private sector cooperation and the implementation of legislative restrictions on ransom payments. They have also urged vendors and service providers to innovate and collaborate to win the ongoing fight against ransomware.