Update Tuesday, September 3, 2019: to reflect new victims identified by Armor
As of today, Armor’s Threat Resistance Unit (TRU) security team has identified four new ransomware victims since Friday, August 30 bringing the total to 17 new ransomware victims in the past 11 days. Ten of them are school systems. Education officials across the US are dealing with a rash of ransomware attacks, just as students are settling into the new school year. The 10 school systems affected are in Connecticut, New York, New Jersey, Indiana, Washington, Virginia and Idaho. The attacks are part of an ongoing, relentless assault on critical networks and data in what’s quickly becoming “The Year of Ransomware.”
It’s interesting to note that 10 of the victims are school systems, with concentrations in Connecticut (4) and New York (3). Three of the schools have identified Ryuk as the ransomware that encrypted their files. The Rockville Center School District reported that they were initially faced with a ransom of $176,000, but their insurance company was able to renegotiate the ransom to $88,000. Rockville Center’s out-of-pocket deductible was $10,000. There is no word yet whether any other organizations have cyber insurance or plan to pay ransoms.
Since January, Armor has identified 153 ransomware victims in the U.S., including schools, municipalities, law enforcement agencies and healthcare networks. Out of the 153 victim organizations compromised by ransomware in 2019 in the U.S., educational institutions (30) make up the second largest pool of victims, after municipalities (69), followed by healthcare (26). The Dental Record/PerCsoft, which created software and back-up services for over 400 dentists, now joins a growing list of 7 managed service providers who have been attacked in 2019 including Datto, CloudJumper and iNSYNQ. These numbers only include publicly reported incidents. The number of attacks that go unreported is much higher. The FBI reported 1,493 ransomware cases last year, and anti-virus provider Kaspersky reports to have tracked millions of attempted ransomware attacks in 2018.
Four New Victim Organizations Identified Since Friday, August 30, 2019
The Dental Record/PerCSoft—Milwaukee/West Allis, WI*
Temple University Health System—Philadelphia, PA
Datto—Norwalk, CT
CloudJumper—Garner, NC (May 2019)
*As many as 400 dentists have been notified
The 17 victim organizations which have publicly reported ransomware attacks in the last 11 days:
The Dental Record/PerCSoft—Milwaukee/West Allis, WI*
Temple University Health System—Philadelphia, PA
Datto—Norwalk, CT
CloudJumper—Garner, NC (May 2019)
Lake County—Crown Point, IN
Rockville Center School District—Rockville Center, NY
Moses Lake School District—Moses Lake, WA
Mineola Public Schools—Mineola, NY
Stevens Institute of Technology—Hoboken, NJ
New Kent County Public Schools—New Kent, VA
Nampa Idaho School District—Nampa, ID
Middletown Public Schools—Middletown, CT
Wolcott Public Schools—Wolcott, CT
Wallingford School District—Wallingford, CT
New Haven Public Schools—New Haven, CT
Watertown Daily Times—Watertown, NY
Hospice of San Joaquin—San Joaquin, CA
“Just like municipalities, which rely on critical systems to manage records and revenue in a community, school districts host data and systems critical to their community and its students,” said Chris Hinkley, head of Armor’s Threat Resistance Unit (TRU) security team. “Thus, hackers know that schools cannot afford to shut down, and that budgets are typically stretched thin, so they often have few security protections in place, both aspects which make them a viable target. And unfortunately, several of the previous attacks on public institutions (the Rockville Center School District, which paid out $88,000 in ransom, Riviera City, Florida which paid a $600,000 ransom and Lake City, Florida which paid $500,000 ransom), have signaled to the hackers that impacting entire communities can be very lucrative.”
Published Friday, August 30, 2019
Armor Identifies 13 New Ransomware Victims Including 10 Educational Institutions
Education officials across the US are dealing with a rash of ransomware attacks, just as students are settling into the new school year. Armor has identified 13 new organizations that have fallen victim to ransomware attacks, including 10 school systems in Connecticut, New York, New Jersey, Indiana, Washington, Virginia and Idaho. The attacks are part of an ongoing, relentless assault on critical networks and data in what’s quickly becoming “The Year of Ransomware.”
The following 13 organizations have been publicly reported as being hit by ransomware:
Lake County—Crown Point, IN
Rockville Center School District—Rockville Center, NY
Moses Lake School District—Moses Lake, WA
Mineola Public Schools—Mineola, NY
Stevens Institute of Technology—Hoboken, NJ
New Kent County Public Schools—New Kent, VA
Middletown Public Schools—Middletown, CT
Wolcott Public Schools—Wolcott, CT
Wallingford School District—Wallingford, CT
New Haven Public Schools—New Haven, CT
Watertown Daily Times—Watertown, NY
Hospice of San Joaquin—San Joaquin, CA
It’s interesting to note that 10 of the victims are school systems, with concentrations in Connecticut (4) and New York (3). Three of the schools have identified Ryuk as the ransomware that encrypted their files. The Rockville Center School District reported that they were initially faced with a ransom of $176,000, but their insurance company was able to renegotiate the ransom to $88,000. Rockville Center’s out-of-pocket deductible was $10,000. There is no word yet whether any other organizations have cyber insurance or plan to pay ransoms.
Since January, Armor has identified 149 ransomware victims in the U.S., including schools, municipalities, law enforcement agencies and healthcare networks. Out of the 149 victim organizations compromised by ransomware in 2019 in the U.S., educational institutions (31) make up the second largest pool of victims, after municipalities (69), followed by healthcare (25). These numbers only include publicly reported incidents. The number of attacks that go unreported is much higher. The FBI reported 1,493 ransomware cases last year, and anti-virus provider Kaspersky reports to have tracked millions of attempted ransomware attacks in 2018.
“Just like municipalities, which rely on critical systems to manage records and revenue in a community, school districts host data and systems critical to their community and its students,” said Chris Hinkley, head of Armor’s Threat Resistance Unit (TRU) security team. “Thus, hackers know that schools cannot afford to shut down, and that budgets are typically stretched thin, so they often have few security protections in place, both aspects which make them a viable target. And unfortunately, several of the previous attacks on public institutions (the Rockville Center School District, which paid out $88,000 in ransom, Riviera City, Florida which paid a $600,000 ransom and Lake City, Florida which paid $500,000 ransom), have signaled to the hackers that impacting entire communities can be very lucrative.”
Publicly Reported Victims of Ransomware 2019 – Educational Institutions
| Education | Bridgeport Public Schools | Bridgeport | CT |
| Education | Augustana College | Rock Island | IL |
| Education | Park Rapids Public Schools | Park Rapids | MN |
| Education | Taos Municipal Schools District | Taos | NM |
| Education | Crosby ISD | Crosby | TX |
| Education | Grinnell College in Iowa | Grinnell | IA |
| Education | Hamilton College in New York | Clinton | NY |
| Education | Oberlin College | Oberlin | OH |
| Education | Sugar-Salem School District | Sugar City | ID |
| Education | Oklahoma City Public Schools | Oklahoma City | OK |
| Education | Wolcott Public Schools | Wolcott | CT |
| Education | Sul Ross State University | Alpine | TX |
| Education | Middletown Public Schools | Middletown | CT |
| Education | Wallingford School District | Wallingford | CT |
| Education | Houston County Schools | Ashford | AL |
| Education | Louisiana Public Schools | Sabine Parish | LA |
| Education | Gadsden Independent School District | Gadsden | NM |
| Education | Lyon County School District | Yerington | NV |
| Education | Monroe College | New York | NY |
| Education | Syracuse City School District | Syracuse | NY |
| Education | Broken Arrow Public Schools | Broken Arrow | OK |
| Education | Newport Public Schools | Newport | RI |
| Education | Northwest Indian College | Bellingham | WA |
| Education | Glenwood School District | Glenwood | IA |
| Education | Moses Lake School District | Moses Lake | WA |
| Education | Mineola Public Schools | Mineola | NY |
| Education | New Haven Public Schools | New Haven | CT |
| Education | Rockville Center School District | Rockville Center | NY |
| Education | Stevens Institute of Technology | Hoboken | NJ |
| Education | Nampa Idaho School District | Nampa | ID |
| Education | New Kent County Public Schools | New Kent | VA |
Map of publicly reported US ransomware attacks January-August 2019