Beyond the figures: Exploring the hidden costs of ransomware

In the past, we’ve talked extensively about the impact of ransomware on both the U.S. and a global scale. But what these reports fail to capture is the effect of ransomware in minutiae; how it has forced small businesses to shut down, allowed criminals to escape and prevented patients from accessing drugs and health care.

In today’s post, we’re going to go beyond the financial figures and explore 10 ways ransomware has impacted the day-to-day lives of small businesses, employees, students and hospital patients around the world.

1. Police lose evidence, alleged criminals walk free

Ransomware attacks on police departments have severely impacted 911 services. Police stations have been forced to use inefficient pen and paper systems, evidence has been lost and suspected criminals have been allowed to walk free.

• Florida’s Stuart Police Department was hit with Ryuk in April 2019. The attack resulted in the loss of 18 months’ worth of digital evidence, forcing the department to drop 11 cases against six suspected drug dealers. The dropped cases included charges for possession of meth, possession of cocaine, selling narcotics, manufacturing narcotics, delivering narcotics and more.
• In December 2016, suspected Ukraine-based attackers held the Cockrell Hill Police Department’s server to ransom using a strain of ransomware known as Osiris. The department refused to pay the $4,000 ransom, which led to the loss of eight years worth of video evidence.
• The New Orleans Police Department was plunged back into the pre-Internet era after suffering a ransomware attack in December 2019, impacting its ability to access information and coordinate reports. It took police weeks longer than necessary to catch an accused serial flasher as they were unable to readily access electronic files across districts.

2. Disrupted digital HVAC leads to mold growth at Ohio schools

More than 1,200 schools in the U.S. were affected by ransomware in 2019, as noted in our report, The State of Ransomware in the US: Report and Statistics 2019. Often the effects were predictable – grades were lost, the staff was unable to access data about students’ medications or allergies, schools were temporarily closed down – but sometimes an attack had unexpected consequences.

In May 2019, the Coventry Local School District was hit with Trickbot, which brought down the phone systems and forced some schools to shut down for a day. The attack also affected some schools’ Internet-connected HVAC units, resulting in a loss of temperature control, which led to potentially harmful mold growing inside the affected schools.

3. Real estate transactions halted in Baltimore

In May 2019, Baltimore city was infected with RobbinHood. In addition to disrupting almost every government department, the attack also had a profound impact on the real estate market.

Essential systems required for real estate deals were brought offline, halting property transactions during what is typically one of the busiest months for Baltimore’s property market. Property transactions could not be completed as title insurance companies were unable to check the status of property lies or verify taxes owed or water bills, and were therefore unable to issue title insurance to homebuyers. It took two weeks for the government and real estate officials to develop a manual workaround.

4. Hospitals forced to turn away new patients, surgeries delayed

While ransomware attacks are usually financially motivated, for victims there’s often more than just money at stake.

This is particularly true in the healthcare sector. Ransomware groups have frequently targeted healthcare organizations as the threat of life-endangering downtime puts significant pressure on victims to pay the ransom. Attacks have delayed surgeries, forced hospitals to turn away new patients, caused the loss of patient data and even forced some healthcare providers to close their businesses permanently.

• In October 2019, a ransomware attack severely disrupted operations at three hospitals belonging to the Alabama hospital group DCH Health Systems. The hospitals were forced to stop admitting all incoming non-critical patients and ambulances were instructed to take patients to other hospitals when possible.
• Also in October 2019, seven hospitals in Australia were hit by ransomware. The attack disrupted outpatient appointments, delayed elective surgeries and forced the hospitals to shut down some patient record, booking and management systems.

5. Cyber insurance premiums skyrocket

Cyber insurance has come to play an important role in ransomware risk management strategy. Cyber policies typically cover not only the ransom but also a range of associated costs, including data recovery and legal liabilities. A flurry of costly claims in recent months has resulted in U.S. insurers increasing their cyber insurance premiums by as much as 25 percent.

6. Australian wool auctions delayed, affects cash flow for SMBs

In February 2020, wool sales across Australia ground to a halt after Talman, a software supplier used by more than three-quarters of the wool industry across Australia and New Zealand, was hit with ransomware. The wool auctions, comprising some 70,000 bales, were abandoned for the week, affecting the cash flow of some wool growers who were not able to make loan repayments and were subsequently hit with interest rate charges as high as 18 percent.

7. Nursing homes unable to order drugs for patients

In November 2019, 110 nursing homes across the U.S were crippled by Ryuk following an attack on their IT service provider, Virtual Care Provider Inc (VCPI). Almost all of VCPI’s servers were affected, including Internet service, email, access to patient records, and phone and client billing systems. In some care facilities, nurses were unable to order new drugs, putting the health and lives of patients at risk.

8. Reliance on paper systems increase the risk of internal theft

Ransomware incidents often render a company’s phone, email and billing systems unusable, forcing organizations to resort to pen and paper. Not only are manual systems less efficient, but they also have the potential to be abused by the unscrupulous staff looking to take advantage of the organization during an already difficult time.

From November 2017 to January 2018, City of Spring Hill’s Finance Department was only accepting cash and check payments due to a ransomware incident in early November, which impacted the systems used for payment processes. An accounts receivable clerk took advantage of the situation to steal at least $1,543.96 from 19 customers who had deposited money in the city’s payment drop box. The clerk responsible was fired from her position in February 2018 and indicted in September 2019.

9. Companies go out of business, employees lose jobs

In some cases, the disruption caused by ransomware has been so extreme that jobs have been lost and businesses have been permanently shut down.

• In April 2019, Michigan-based Brookside ENT and Hearing Center suffered a ransomware attack in which threat actors demanded $6,500 to decrypt the practice’s files. The company refused, prompting the threat actors to wipe the practice’s entire system, including appointment schedules, payment data and patient records. The owners decided to retire early rather than try to rebuild their business.
• In August 2019, Wood Ranch Medical in California was hit by ransomware. In addition to encrypting patients’ healthcare records, the ransomware also encrypted the practice’s backup hard drives, leaving the company unable to recover medical records. The practice closed its doors in December 2019.
• In December 2019, employees of Arkansas-based telemarketing firm The Heritage Company were told to go home and find new jobs following a ransomware attack in October. The company lost hundreds of thousands of dollars and the recovery process – initially estimated at one week – dragged out for over two months. The company’s leadership eventually made the decision to suspend all services, leaving more than 300 staff jobless.

10. Freight deliveries delayed

Ransomware has caused extreme problems in the logistics sector, where security and timeliness and of the utmost importance.

In June 2017, logistics giant Maersk found itself caught up in one of the most devastating ransomware attacks of all time. As many as 4,000 servers and 50,000 endpoints were infected, spread across 600 sites in 130 countries. Disruption was widespread: the company’s website went down, no new bookings could be made and the data identifying the inventory of Maersk’s 800 ships had been wiped. All in all, Maersk estimates the attack cost $300 million in damages.

In February 2020, Australian transportation and logistics company Toll Group was hit by a variant of the Mailto ransomware. The incident brought down a number of the company’s IT systems, causing significant delivery delays and affecting freight volumes.

Conclusion

To those who have never experienced a ransomware incident, ransomware might seem little more than an abstract digital threat. But the effects are real. Hospitals shutting down, suspected criminals walking free and people losing their jobs – these are just some of the ways ransomware has impacted the world around us.