Ransomware hits hundreds of US schools, local governments: study

US private equity firm Thoma Bravo, which is taking over Uk antivirus maker Sophos, also owns another leader in antivirus software, McAfee (AFP Photo/Rob Engelaar)

Washington (AFP) - Hundreds of US municipalities, schools and health organizations have been hit by ransomware in 2019, leading to massive service disruptions, researchers said Tuesday.

The security firm Emsisoft said at least 621 government entities, healthcare providers and school districts, colleges and universities were affected by ransomware in the first nine months of 2019.

The attacks which lock up computer networks if a ransom is not paid has led to disruption of municipal and medical services and the closing of some schools, the report noted.

The researchers had no prior year data for comparison but said ransomware appears to be surging as hackers seek vulnerabilities in older computer networks and use cryptocurrencies to anonymously get payments.

"There is no reason to believe that attacks will become less frequent in the near future," said Fabian Wosar, chief technology officer at Emsisoft.

"Organizations have a very simple choice to make: prepare now or pay later."

The researchers said the use of cyber insurance may be making ransomware more profitable than it otherwise would be and "incentivizes further attacks."

A report earlier this year by the Internet Society found global losses from ransomware rose by 60 percent last year to $8 billion.

Emsisoft said at least 68 state, county and municipal entities were hit by ransomware including widely publicized incidents in Baltimore, Maryland, and New Bedford, Massachusetts, where a $5.3 million demand was issued.

The report found 62 incidents involving school districts and other educational establishments, which potentially impacted up to 1,051 individual schools, colleges and universities.

At least 491 ransomware attacks this year affected US health care providers, in some cases forcing hospitals to turn away emergency room patients or cancel surgeries, the researchers said.

While law enforcement and security experts say it is unwise to pay hackers, many organizations have ended up accepting ransom demands which cost less than rebuilding computer systems.