Ransomware keeps its hold on your data, Verizon says

The company’s annual data breach report shows hacking attacks that take your files away got worse in the past year. They doubled and got more sophisticated.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read

Files are getting locked up more and more frequently in ransomware attacks, according to the 2018 Verizon Data Breach Investigations report.

James Martin/CNET

If it's any consolation to the city of Atlanta, it's not alone.

In March, hackers took over the city government's computer systems, scrambled up important files and refused to give back access until the city paid a $51,000 ransom to be paid in bitcoin. That's an experience that lots of organizations have faced in the past year. Just in the last month, Baltimore recently found itself locked out of computers involved in its 911 emergency response system. And Boeing was also hit with a ransomware attack.

Those aren't isolated incidents. According to Verizon's annual Data Breach Investigations Report, released Tuesday, ransomware attacks doubled in the last year. That's especially alarming considering that they doubled the year before, too.

In other words, ransomware isn't just a hot hacking trend. It's a lucrative, growing form of cyberattack that can throw governments, schools, hospitals and businesses into chaos. Worse, we're not getting any better at stopping it, said Dave Hylender, senior risk analyst at Verizon Business and a co-author of Verizon's report.

"While we are certainly more aware of it, there are still a lot of people who are falling for it," Hylender said.

Ransomware accounted for 39 percent of all new malware infections tallied up in the Verizon report, which looks at more than 53,000 security incidents drawn from Verizon cybersecurity customers as well as reports from the US Secret Service and an international consortium of private sector companies.

The numbers match up with findings released Monday by cybersecurity company Malwarebytes, which found that while hackers are targeting consumers with ransomware less frequently, they're hitting businesses with more of the attacks.

"It's very lucrative. It's very low-risk for the attacker. It can be done from a great distance," Hylender said of ransomware. "Whatever works, hackers will try it until that well runs dry."

The sector that's hardest hit by ransomware is health care, Hylender said. According to the Verizon report, 85 percent of the malware attacks against hospitals and other medical facilities were ransomware.

The health care industry is required to disclose data breaches under strict regulations that don't apply to other sectors. So a hospital, for example, is more likely to publicly report a ransomware attack than other kinds of businesses. But even accounting for that factor, "it's still very very widespread" in health care, Hylender said.

Other trends the report identifies include hacks that steal employee information from businesses (think hackers using your W-2 form to claim your tax refund for themselves), as well as espionage on campus. Spying was the motivation for 20 percent of hacking attacks on universities.

Hylender said one plausible explanation for this trend is that universities partner with private companies, military contractors and other organizations with valuable information. It may be that universities are easier to hack than their partners, he said, adding that when it comes to cybersecurity, "they don't have the level of funding that bigger manufacturers or research organizations would."

As for ransomware, the attacks aren't just getting more common--they're also getting more sophisticated. When hackers previously might have encrypted all the files on one computer at a workplace and demanded a ransom, now they're finding ways to access company servers, Hylender said. And they don't encrypt files right away, making it harder for cybersecurity software to identify hacking tools as malicious.

That means more cities -- and other organizations -- could soon be in the position Atlanta found itself in.

Correction, 7:58 a.m. PT: The spelling of Dave Hylender's last name has been fixed.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

iHate: CNET looks at how intolerance is taking over the internet.