News of the spike comes as Americans brace for a chaotic election — and a bumpy flu season that could exacerbate the ongoing effects of the coronavirus pandemic.
UHS said in a statement Monday that it is continuing to restore service to its IT network and that no electronic medical records were directly affected by a cyberattack that took place Sept. 27.
US hospital networks have been among the most popular targets for ransomware attackers, accounting for 16 percent of the quarter’s overall volume, said Check Point threat analyst Lotem Finkelsteen, who published a report on the findings Tuesday. Hospitals are viewed as a critical piece of the nation’s coronavirus response, and their need to remain up and running at all costs has emboldened attackers who’ve become increasingly confident in a quick payday, said Finkelsteen.
“Hackers are swarming on ransomware because others have done it successfully,” he told CNN. “Organizations are willing to pay. Organizations pay the price instead of dealing with encrypted files and the need to recover their IT systems. This creates a vicious circle: The more such attacks “succeed,” the more frequently they occur.”
Paying off hackers might seem like a quick solution to an immediate problem. But experts warn that paying ransoms only creates more incentives for attacks to continue. The US government finally got involved last week, as the Treasury Department issued two warnings that paying off hackers, or facilitating a ransom payment on behalf of a victim, could be considered a US sanctions violation if the recipient is located in a target country.
“A person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations,” the warning read.
Refusing to pay ransoms could lead to short-term pain, including the release of compromised internal data on the internet, said Finkelsteen. But, he warned, the current trend of payments points to a worse outcome: Hackers funneling their proceeds into research and development to create even more potent forms of ransomware.
“The most effective way to put an end to the cycle is to stop paying the ransom,” he said. “Simply put, if the cash flow stops, the attack flow stops.”
Other sectors that have come under attack include US manufacturing, software vendors, government agencies and insurance or legal providers, Check Point said.
Ransomware could pose a risk to the election process if systems designed to support voting are brought down, Finkelsteen said, but so far experts regard it as “mainly a hypothetical threat right now.”