Biden Admin Warns Worsening Ransomware Attacks Are Outpacing Efforts To Mitigate Them
The official, in emphasizing the threat posed by ransomware and the critical importance of the summit, highlighted the recent high profile case of the ransomware attack that hit the Los Angeles school district. After infecting the internal computer systems of the second largest school district in the US with ransomware, Vice Society, the ransomware gang responsible for the attack, proceeded to publish 500GB of stolen data in response to the district’s refusal to pay a ransom fee.
The Los Angeles Unified School District (LAUSD) isn’t the only educational institution to have suffered a ransomware attack. Abraham Lincoln College permanently shut down earlier this year after succumbing to a ransomware attack that rendered the school’s computer systems inoperable for months, even after paying the ransom. A report published in June estimated that schools lost a total of $3.56 billion in 2021 as a result of ransomware attacks, and that number is likely to be higher this year given the number of schools struck by ransomware so far.
As the ransomware business booms, more players enter the picture and new innovations arise. Android malware developers have begun introducing ransomware into the largely untapped mobile device market, and established ransomware gangs are experimenting with data corruption as an alternative to data encryption. Members of the general public, not just business owners and organization heads, should be concerned about the rising tide of ransomware attacks. Most ransomware attacks these days don’t just disrupt the regular operations of their targets, but also involve publishing stolen customer and employee data as part of a scheme known as double extortion.
With ransomware looming as a growing threat, both organizations and users alike should seriously consider employing data minimization practices in order to cut down on the amount of valuable data that could potentially be stolen and published. Many organizations ask their users to provide more information about themselves than is necessary, and many users are all too willing to comply. Ransomware attacks may not be as costly to society if organizations reassess their data collection, storage, and sharing practices. Users can also limit the amount of personally identifiable information (PII) they give away by making use of email address, phone number, and credit card masking services in combination with name and address aliases. Ransomware likely isn’t going away any time soon, so we should learn to adapt by implementing better practices.