The Realities of Ransomware

Ransomware is scary

By: Harrison Stites (class of 2022)

Ransomware accounted for over 80 percent of the cybersecurity attacks in the education sector in 2020, according to the Verizon Data Breach Investigation Report. Healthcare organizations such as BJC (and, by extension, WashU) are significant targets for ransomware attacks because they work with Personal Health Information (PHI) and other sensitive data. As a major research and medical institution, WashU is an attractive target for cybercriminals. A successful ransomware attack can destroy public confidence in the organization, which has far-reaching effects on the institution. This article examines successful ransomware attacks and how we can prevent such attacks from targeting our community.

Our first ransomware story is a worst-case scenario and one that should be avoided at all costs. In 2019, a hospital in Alabama experienced a ransomware attack resulting in the shutdown of their computer systems. As a result, they were unable to deliver the quality of care expected of them, which led to the eventual death of a baby delivered during the cyberattack. This attack illustrates the consequences of ransomware attacks and the importance of protecting WashU from ransomware. In addition to the financial costs of ransomware attacks, this example illustrates the physical, tangible consequences of these attacks.

The next ransomware story highlights the importance of protection. The University of California San Francisco paid over one million dollars to recover data that was stolen in a ransomware attack in 2020. Fortunately, the university had taken steps to back up and secure their data, so cybercriminals were only able to access a small portion of their online footprint. As this example shows, taking steps to protect against ransomware can significantly affect the outcome of attacks. As a result of these protections, the attack was substantially mitigated and could have been much worse. For more information on how you can protect yourself and WashU from ransomware attacks, visit our ransomware definition page here.

Not all ransomware attacks target medical institutions. In 2020, Michigan State University was the victim of a ransomware attack by NetWalker, an organization that primarily targets educational and medical institutions. The attackers gained access to a single department’s student information and financial documents. MSU has refused to pay the ransom, the consequences of which are yet unknown more than a year later. This story exemplifies the uncertain and evolving nature of ransomware.

Ransom demands are greater and attacks more frequent today than in the past several years. However, there is still significant uncertainty surrounding ransomware and cyberattacks in general. Even if the ransom is paid, there is little reason to trust that criminals will hold up their end of the bargain.

As illustrated by the examples above, ransomware represents a real threat to the WashU community. A successful ransomware attack would cause harm to our people, our resources, and the public’s trust in our institution.

For more information about ransomware and strategies to protect our community, please visit the links below:

Thank you for doing your part to keep WashU secure.