Ransomware is one of the most concerning cybersecurity threats for individuals, SMBs, and enterprise environments alike.This year has ushered in a resurgence in ransomware activity. Hackers continue to disrupt organizations of all sizes and industries. Even targeting governmental organizations was far from exceptional. In this article, we’ll take a look at the biggest ransomware attacks of 2019 and the severe impact they have had.Ransomware Trends in 2019According to Malwarebytes, a sharp increase in ransomware activity was observed in 2019. Ransomware was proliferated in 2016 and 2017 and then seemed to be on the decline. However, in 2019, ransomware has been revitalized in and is being used in a large way to attack not consumers per se but businesses in very targeted attacks that presume to yield much larger payouts. Since the second quarter of 2018 to the second quarter of 2019, Malwarebytes noted a 365% increase in business detections of ransomware. Don’t forget to check our article about ransomware and ransomware trends if you would like to find out more.Ransomware Statistics to Take Note of:A new business will fall victim to a ransomware attack every 14 seconds in 2019. In 2021, that number will be every 11 seconds – KnowBe4Ransomware attacks have increased by 97% since 2017 – AttackIQ34% of those affected took a week if not more to restore full access, up from 29% in 2016 – Kaspersky Ransomware generates over $25 million in revenue for hackers each year – Business InsiderThe NotPetya ransomware attack cost FedEx $300 million in Q1 2017 – ReutersCountries Most Affected by RansomwarePredictions for 2019 and BeyondComparitech cited several ransomware predictions for 2019 by leading cybersecurity companies.The Dharma and Ryuk ransomware and their variants are now the most popular variant and will continue to be the most popular throughout 2019. (Source: Coveware)Cybersecurity Ventures predicts ransomware will cost $6 trillion annually by 2021. (Source: Cybersecurity Ventures)McAfee predicts some common ransomware targets will decrease. However, the company suggests cybercriminals will target less common and more vulnerable victims, such as individuals with high net values and connected devices (IoT). (Source: McAfee)Palo Alto Networks predicts a noticeable increase in Mac ransomware this year. (Source: Palo Alto Networks)MIT predicts cloud computing companies will see increased attacks against their systems. (Source: Computer Weekly)Industries Targeted by Ransomware in 2019There are several ransomware attack trends that become apparent when you look at ransomware attacks that have been carried out so far in 2019. Organizations and companies attacked by ransomware:Large businessesSmall municipalitiesGovernment officesSchool districtsHealthcareLogistics and technology companiesAs shown in the Notable Ransomware Attacks in 2019 below, hackers have seemingly targeted large businesses and very ill-equipped small municipalities alike. Large businesses will often pay large sums of money to gain access to their systems. Small municipalities are often ill-equipped to defend against ransomware and are often easy prey for ransomware attacks. Additionally, lucrative targets have included healthcare providers whose entire daily operations and business model revolves around technology-provided healthcare (patient records, charting, billing, etc).Notable Ransomware Attacks in 20191. January 9, 2019 – City of Salisbury, Maryland police department suffered a ransomware attack. Hacker asked for an undisclosed sum of moneyType of ransomware is unknown at this pointSome data remained inaccessible after two weeksThe police department had backups of business-critical dataNo evidence that data was lost or stolen during the attack2. February 2019 – Vulnerability in common MSP tool used for distributing ransomware.ConnectWise and KaseyaProof of concept vulnerability to reset administrator credentialsUsed to spread ransomware3. March 1, 2019 – Jackson County, Georgia suffered a ransomware attack crippling systems through the county. Type of ransomware was undisclosedCounty official confirmed $400,000 was paid to hackers to restore accessAll departments were impacted during the attack, including 911 and emergency systems which they worked on restoring back first4. March 1, 2019 – Jefferson City, Georgia was hit with a ransomware attack. The 911 dispatch services were affected and the whole town’s IT infrastructure went down.Part of the overall Jackson County Georgia ransomware attackThe city had to revert to pen and paper for daily operations911 operations had to go to manual processes and jail inmates had to be let out of cells via manual means5. April 1, 2019 – City of Lodi, California was hit with a ransomware attack that disrupted phone lines and city financial systems.Ransomware demanded 75 Bitcoins ($400,000) at the time of the attackRansomware encrypted files and knocked out phone linesThey had to rebuild from backups6. April 10, 2019 – Greenville, North Carolina, was hit with ransomware that knocked most of the city’s computers offline.Robinhood Ransomware was to blameRansom was not paidThe city opted to restore data and systems from backups7. May 7, 2019 – City of Baltimore hit by ransomware. $18 million so far in damagesRobinhood Ransomware variant13 bitcoins demandedAll systems were affected by the cityThe attack took weeks of recovery efforts8. May 29, 2019 – City of Riviera, Florida was hit with an email infected with ransomware.All email, phones, police records, public works, city attorney’s office, library, and other systems were taken offlineThe city council authorized the city insurer to pay 65 bitcoins, valued at $600,000FBI was involved in the investigation, data was down for daysThe city invested another $900,000 in new hardware to help prevent future attacks9. June 10, 2019 – City of Lake City, Florida was hit with a ransomware attack crippling all city systems. The city had antiquated systems running the city’s infrastructure which made it an easy target for hackers.Hackers demanded $500,00042 Bitcoins were eventually paid by the city via their insuranceThe city paid $10,000 of this amountIT director was fired after the incidentThe type of ransomware was not disclosed10. July 6, 2019 – La Porte County Indiana suffers the effects of a ransomware attack.Ryuk ransomware was to blame7% of laptops were affectedTwo domain controllers were taken offline due to the infectionThe county had backups, however, the ransomware affected themThe county had cybersecurity insurancePaid $130,000 in Bitcoin to restore systems after the attackSystems were not available days later11. August 16, 2019 – Ransomware attack that struck 23 small local governments in Texas, holding them ransom for some $2.5 million.23 entities in Texas reported ransomware attacksType of ransomware has not been revealedRansom demanded – $2.5 millionTexas cities have refused to pay the ransom12. September 5 – Flagstaff Arizona school district suffered a ransomware attackInternet services were shut downClasses were canceled for two days following the infectionLaptops had to be reset to factory defaultsThe type of ransomware was undisclosedAffected some 10,000 students 13. October 1, 2019 – Three hospitals of the DCH Health System in Alabama were all hit by a ransomware attack compromising key medical systems.Ryuk Ransomware variant was responsible for the attackRansom was paid to hackers by the hospitalThe undisclosed amount for the decryption keyStaff was forced to downtime procedures14. October 14, 2019 – Pitney Bowes hit by ransomware attack.Ryuk Ransomware variant was responsible for the attackCustomer access to services, shipping, and e-commerce systems was disrupted15. October 24, 2019 – Municipal services in the City of Johannesburg was hit with a ransomware attackThe attack perpetrated by a group calling themselves “Shadow Kill Hackers”4 Bitcoins were demanded The group posted a ransom note to the city’s Twitter accountThe group threatened to release city data if the ransom was not paidA few days later the city had around 80% of the city’s resources back online16. October 27, 2019 – National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities affected by a ransomware attackMore than half of the organizations 700 facilities were affected by the ransomware attackThe attack prevented the affected clinics from accessing patient records, payment systems, and practice management software.It took more than a week for the affected facilities to be recoveredRyuk ransomware was responsible for the attackThe company has not disclosed the ransomware amount demanded or if the ransom demand was paid to restore access to their systems17. November 2, 2019 – Government of Nunavut operations affected by ransomware.PDF files and Word documents were encryptedFile servers were affected by the ransomware infectionEmployee email and voicemail was affected by the ransomware attackIt is not known whether or not the government’s backups were affected by the ransomwareThey were attempting to restore network operations from backupsAt the end of November 2019, Microsoft has stepped in to help the governmentIn an agreement signed before the attack, the government is being given assistance from Microsoft’s DART (Detection and Response Team) to bring systems back onlineMicrosoft is utilizing the latest operating systems and cloud storage with advanced cybersecurity features for the rebuilding of the Nunavut government.18. November 4, 2019 – Targeted ransomware hits several Spanish companies including one of the largest IT consulting companies in Spain as well as the nation’s largest radio network.Bitpaymer ransomware used in the attackThe second time the Spanish entities have been hit by ransomware (hit with the notorious WannaCry ransomware in 2017)Hackers demanded $835,923 ransom to get a decryption key to unlock their files19. November 15, 2019 – French hospital Rouen University Hospital-Charles Nicolle network attacked with ransomware. All five sites operated by the hospital affectedForced hospital to operate in degraded modeIncluded pen and paper operationsTelephone instead of email communicationsNo variant of ransomware was disclosed or a ransom amount20. November 18, 2019 – State of Louisiana was the target of a ransomware attack that took down the state’s Office of Motor Vehicles, Department of Health and Department of Public Safety.Ryuk ransomware is responsibleTrickbot used Microsoft Group Policy and PsExec software to spread the ransomware across multiple Active Directory domainsRansom amount demanded was not disclosedThe state is slowly getting affected systems back online21. November 21, 2019 – Livingston School District in New Jersey victim of a ransomware attack.Nearly every piece of data needed to run the school district was locked with ransomwareThey are working with a private security firm to hopefully recover the data.The undisclosed amount is being demanded the ransomUnsure whether or not the district will pay the ransom at this point22. November 25, 2019 – New York Police Department fingerprint database was taken offline due to ransomware.A contractor working in the environment plugged in an infected NUC computerThe infection spread to 23 other computersThese were connected to the fingerprint scanning system23. November 25, 2019 – Virtual Care Provider Inc (VCPI) had nearly 80,000 computers and servers powering care facilities across 45 U.S. states affected by ransomware.The Ryuk ransomware appears to be the culprit in this attackHackers are demanding $14 million in Bitcoin to restore the computers24. November 27, 2019 – Global security company Prosegur hit with ransomware.Ryuk ransomware to blameSome claim networked alarms were hampered by the ransomware attackNo ransom amount was disclosedWithin a day the company tweeted the ransomware was contained and systems were on their way to being restored.Protection From The Ransomware ThreatRansomware is certainly going to be the big cybersecurity story of 2019 with the multitude of targeted, successful attacks on businesses across several industries. Related Link: SpinOne Developed the First Fully Automatic 24/7 Ransomware Protection for G SuiteRansomware security becomes vital for organizations using G Suite and Office 365 in their daily operations. Strong cybersecurity measures, as well as effective backups of on-premises and cloud environments, will be key to ensuring data is both safe as well as protected in case of a cybersecurity breach involving ransomware. Check out SpinOne for protecting your valuable cloud assets in either G Suite or Office 365. Try SpinOne for free Share this article Share this post on Linkedin Share this post on X Share this post on Facebook Share this post on Reddit Was this helpful? Yes No Submit Cancel Thanks for your feedback!