Ransomware Statistics in 2019 So Far…


September 25, 2019

I’ve written about Ransomware attacks extremely often this year. I feel like a fear-monger or one of those sidewalk preachers who loudly claim the end is near as you stroll past them.

I wish I could say things are getting better, but they don’t seem to be. According to Armor (a cloud-based cybersecurity company), 182 organizations in the U.S. have publicly disclosed they’ve been the victim of a ransomware attack. 

49 of those have been public school districts. That’s followed by 70 municipalities (some of which we’ve covered before) and 27 healthcare facilities. The remaining 36 are assumed to be private businesses or a mix of industries. 

Let’s run through those numbers again:

  • 182 publicly reported cases of ransomware
  • 70 of the reported cases were municipalities (towns, cities, etc)
  • 49 of the reported cases were school districts (about 500 individual schools)
  • 27 of the reported cases were healthcare facilities
  • 36 of the reported cases were from a variety of different industries

Why are these types of organizations (primarily municipalities, school districts, and healthcare facilities) being targeted?

 Two reasons:

  • They’re easy targets. Municipalities, school districts, and healthcare facilities rarely allocate the resources needed to adequately defend themselves against ransomware attacks. IT departments are typically understaffed and overworked. Things like security awareness training, regular back-ups, etc might be unattainable or “nice to have” services for public entities.
  • They’re public-facing and require high-availability. These organizations can’t afford to shut down. That means they’re more likely than not to pay a ransom or be willing to pay a ransom than others for the reasons I mentioned above.

Cybercriminals are very well aware this is the case and they’ve adjusted their strategies accordingly. The Armor brief (which you can read here: https://www.armor.com/threat-intelligence/armor-identifies-10-new-ransomware-victims-in-the-past-9-days/) makes the point that new organizations are coming under fire every day and the attacks show no signs of stopping.


 Just because the outlook isn’t good doesn’t mean there aren’t things we can do and that its impossible to be pro-active in regards to fighting ransomware. 

 Here are a few tips you can use to defend your organization:

  • Offline Data Backups – users must have multiple backups of their critical data, applications, and application platforms. These backups must be air-gapped from the internet and password protected.
  • White Listing Solution – limits the use of applications and processes that are allowed to run in your environment by providing a shortlist of approved applications and processes. Like a VIP List for your PC, if it’s not on the list, it’s not allowed.
  • File Integrity Monitoring—Monitors your IT environment 24x7x365 for changes to the critical OS, files and processes such as directories, registry keys, and values. It also watches for changes to application files, rogue applications running on the host and unusual process and port activity, as well as system incompatibilities.
  • Practice Least Privilege Access Control –ensure the user has the least privilege for their job. This also applies to services.
  • Audit/Penetration Testing from Independent, Third-Party Experts—to ensure that you are implementing best practices.
  • IP Reputation Monitoring/Blocking—blocking known bad infrastructure and actors
  • Continuous Security Awareness Training – educate employees about current and emerging cybersecurity risks and phishing emails. Effective training should actively engage employees and include policies concerning the correct response to suspected phishing attempts.
  • Endpoint Protection Solution – includes protection, detection and response capabilities for laptops, workstations and mobile devices. Utilizes antivirus (AV) and anti-malware (AM) to block cyberattacks. It is also used to quickly detect and remediate any malicious activity or infection that has made its way onto the endpoint.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...