Live

Watch CBSN Live

Ransomware's mounting toll: Delayed surgeries and school closures

Preventing ransomware attacks ahead of 2020 election
  • Ransomware has impacted at least 621 entities this year through September, a new study finds.
  • The targets include hospitals, health care centers, school districts and cities.
  • The total cost so far this year could be about $186 million. 

"Ransomware" attacks, in which hackers hijack computer systems or websites and demand payment to release them, are taking a growing toll on government agencies, hospitals and many other organizations. A new study documents 621 such cyberattacks this year, including incidents that closed public schools and delayed surgeries as administrators sought to respond to the threats.

The costs could be upwards of $186 million, based on the publicly disclosed costs of ransomware attacks, according to cybersecurity firm Emsisoft, which issued the report on Tuesday. It based its calculation on the $300,000 cost to Albany, New York, to restore its data following a ransomware attack.

Ransomware creates havoc for both workers and the customers of targeted organizations. Baltimore delayed sending out water bills after its systems were frozen for weeks earlier this year due to a ransomware attack. Other disruptions have included delayed home sales, disruptions in collecting taxes and issues with paying bills.

On Tuesday, a health center in Alabama said it was closing to new patients because of ransomware. 

In a case last month in Wyoming, a county health center canceled some surgeries after its systems were held hostage. Campbell County Health, the Wyoming medical center, also said it canceled lab, respiratory therapy, and radiology exams and procedures and wasn't taking new patients as it coped with the ransomware, according to a news release

In another case, an Arizona school district shut its schools for at least two days in early September after its systems were hit by ransomware. The closing "is really in deference to school security, making sure we are able to operate in a timely and effective manner," Zachery Fountain, director of communications for the district, told a local TV station. 

More attacks, bigger ransoms

Hackers are likely to step up ransomware attacks, Emsisoft said in its study. The attackers are also demanding larger ransoms from their victims, the study found, although it didn't specify an average ransom. Emsisoft didn't immediately return a request for comment.

"There is no reason to believe that attacks will become less frequent in the near future," said Fabian Wosar, CTO at Emsisoft, in a statement. 

Ransomware, Inside the Epidemic, Tim Green

Ransomware attacks have been on the rise in recent years because of how profitable they can be for attackers. Experts say smaller cities have proved to be attractive targets. Because they lack resources and are dealing with taxpayer money, they may elect to pay a ransom rather than try to recover their data through other methods.

More than 50 ransomware attacks during the first half of the year targeted cities, with about half of them smaller localities with fewer than 50,000 residents, a study published earlier this year found.

The average ransom payout in the second quarter of 2018 was $36,295, according to a report by security company Coveware. That's nearly triple the average payment in the prior quarter. In the third quarter of 2018, when Coveware first started tracking payments, the average was $5,973.

View CBS News In