Ransomware attacks have been prominent in the news lately. One of the actual uses of cryptocurrency is for hackers to get paid as they hold your data hostage, crippling your company. These attacks are too common and can cost millions of dollars when all is said and done.
Massachusetts has many significant and prestigious businesses and institutions that ransomware attacks have hit. The best way to show you the negative impacts of ransomware and how vital it is to protect yourself is by simply recounting eight of the most famous ransomware attacks in Massachusetts.
The Steamship Authority
Massachusetts' largest ferry service, the Steamship Authority, was hit by a ransomware attack on June 2, 2021, impacting the ticketing process. The attack impacted booking and payment systems, taking down the ability to change reservations online or schedule trips and impacting credit card payments for the ferry service.
The Steamship Authority refused to pay the cybercriminals, resulting in ferry service systems and ticketing process being down for ten days. During the ten days, no trips were canceled but customers experienced delays, and the Steamship Authority worked with federal and state law enforcement authorities.
The attack ended up being a topic of discussion between Russian President Vladimir Putin and President Biden.
Sturdy Memorial Hospital
Attleboro, Massachusetts hospital Sturdy Memorial Hospital fell victim to a ransomware attack in February 2021, resulting in the theft of the records of 35,271 patients. The hospital paid the ransom to have the data restored and to obtain assurances that the data would not be further distributed and was destroyed.
The hospital never disclosed the amount of the ransom paid to the hackers.
The following August, a class-action lawsuit was filed against the hospital for the ransomware attack seeking an unspecified amount for damages, including extended credit monitoring, compensatory damages, and attorneys' fees. The lawsuit alleged that paying hackers does not guarantee that patient records will be protected and that steps should have been taken to prevent the theft in the first place.
City of Quincy, Massachusetts
In February 2022, Quincy's online network was hacked in a targeted ransomware attack. The Quincy Police Department's server and network showed the initial signs of disruption, which alerted the city's IT department to something amiss. Text files demanding money in exchange for the data were found on the servers by employees in that department.
Quincy runs a network of 60 servers for all city departments, and 32 on the city's network were deemed safe and running again four days later. The city prioritized critical functions like fire, financial, emergency operations, and police systems but could still not access their shared file drive for many days.
While the city did not communicate with or pay the hackers, forcing it to enter into a $100,000 work order with its security contractor and team of IT professionals to remedy the ransomware attack impacts. No evidence of city files on the Dark Web was ever found, and the city referred to the ransomware attack as more of an inconvenience than anything else.
City of Brockton Police Department
The Brockton police department was attacked in July 2021, disrupting department work and leaving cyber security experts to determine what data was compromised on the city's computer system. While the ransomware attack didn't shut down the department's work, it did slow it down. Fortunately, the city backed up its data every 12 hours.
The PD and fire department resorted to going "old school" for several days, using pens and paper, and calling in vehicle checks. Mutual aid agreements with nearby law enforcement agencies were put into effect to help with administrative matters while the system was shut down, and cyber security forensic specialists were brought in to determine data loss and the source of the ransomware attack.
This attack resulted in the city spending considerable effort to investigate the attack and restore systems. Additionally, it did erode public trust in the city government.
City of Dighton Police Department
Yes, police departments sometimes pay the ransom. The Dighton PD was completely locked out of its systems in December 2016, taking down the entire department including emergency dispatch. Russian hackers demanded payment after the cyber attack, threatening to wipe out the system if not received.
The police chief and Board of Selectmen decided to pay a ransom of $4,600 to restore the systems, although they worked on the systems for several days, trying to restore them before doing so. Before paying, the police department's computer vendor talked to the FBI and other police departments that had paid the ransoms after a cyber attack.
Despite managing to negotiate a much lower ransom, the city suffered additional costs and reputational damage.
City of Bedford
In a rare disclosure of the amount demanded, the city of Bedford disclosed a ransomware attack of the Ryuk malware in July 2019, where $5.3 million was the asking price to restore systems. The ransomware attackers wanted the amount paid in Bitcoin, which would have been the most significant ransomware payment ever.
As other cities had previously paid six-figure sums to restore their data, the city's mayor attempted to negotiate the sum to $400,000, an amount consistent with other payments by municipalities for ransomware attacks that were affecting operations. Fortunately, the city had a $1 million cyber insurance policy that would have covered the amount, but the hackers rejected it outright.
Bedford was fortunate that most systems were turned off at the time due to the July 4th holiday. Still, the city's information services agency spent over two months replacing or restoring 158 computers, 4% of Bedford's 3,532 computers.
The city's cyber security policy did cover the costs of getting the city back online after the cyber attack.
ReproSource Fertility Diagnostics
In August 2021, a stunning 350,000 patient records held by Malborough-based fertility laboratory ReproSource Fertility Diagnostics were compromised in a data breach. The attack began on August 8 but was only discovered on August 10.
Included in the sensitive information were patient names, phone numbers, email addresses, dates of birth, health insurance information, driver's license numbers, Social Security numbers, credit card numbers, and financial account numbers. The data breach was part of a growing trend of ransomware attacks on fertility clinics to secure sensitive information.
In November 2021, a class-action lawsuit was filed in Massachusetts claiming ReproSource was woefully deficient in its security and response. The class action seeks three years of credit monitoring, actual, compensatory, statutory damages, statutory penalties, punitive damages, attorneys' costs, and interest.
Tewksbury Police Department
In 2015, the Tewksbury PD agreed to pay the hackers after an attack with the malware program, Cryptolocker. Cryptolocker encrypts data and then requires a decryption key to recover it, affecting operations until unlocked.
The hackers demanded a $500 ransom paid in Bitcoin through the Tor network, which makes tracing the hackers' location extremely difficult. The payment was the last resort after the department spent five days attempting to remedy the situation independently with the help of cyber specialists from federal and state law enforcement.
This case shows how much amounts demanded by the vast majority of hackers have increased. $500 is now a paltry sum in a time when cities are paying 6-figure sums to restore data or unlock their systems.
The Ramifications Can Be Devastating
Whether days or weeks are lost due to being the target of a ransomware attack or ransoms are paid, companies and governments suffer tremendously. Operations are interrupted, and revenue is lost. In the cases of police and fire departments, lives are on the line.
Beyond the downtime or cost of the ransom, reputational damage and lawsuits often result from being a target, and both can devastate an organization. The amount of information residing on IT systems is tremendously lucrative for hackers willing to sell your customer's data on the Dark Web, setting you up for a possible class-action lawsuit.
Why are Ransomware Attacks Popular?
As you can see, these attacks are very profitable for hackers in Russia or China. They can be carried out anytime on any system with security holes, and they are easy to carry out and often profit the hackers whether you pay the ransom or not.
The amounts demanded are skyrocketing as hackers have learned the maximum pain points that companies or government agencies will pay to restore data or systems functionality. With so much money to be made, the number of attacks and groups coordinating them continues to grow.
How to Protect Against Ransomware
The answer is pretty simple, bring in the IT pros that can secure your data from outside attacks and educate employees on how to protect against them. Nothing can be left to chance when the costs to organizations that have failed to take prevention seriously are extensive.
Like the old saying, an ounce of prevention is worth a pound of cure. The cost of being ahead of hackers is minute compared to the costs of dealing with them and then dealing with the later fallout. If you haven't brought in a cyber security professional to assess and harden your systems, it is something you must do immediately.