More than 600 US government entities hit with ransomware so far this year - and it's only going to get worse

Emisoft warning over rising ransomware epidemic that has overwhelmed public sector organisations, school districts and healthcare providers

A total of 621 public-sector organisations in the US have been subjected to serious ransomware attacks so far this year, according to security firm Emisoft.

The news comes as the group behind the GandCrab ransomware-as-a-service is believed to have come out of retirement - just months after announcing their withdrawal from ransomware. In June, a free decryption tool was released covering all versions of the GandCrab ransomware.

RDP is vulnerable to ransomware via exploitation on unpatched systems, misconfigured security settings and brute force attacks on weak login credentials

These attacks across the US include at least 68 state, county and municipal entities, including a Ryuk outbreak in Lake City involving a $460,000 ransom demand - paid for via an insurance policy; the city of Baltimore was hit by the RobbinHood ransomware, which cost it $18.2 million to recover from after officials refused to pay the $76,000 ransom; and in New Bedford, a ransomware attack came with a $5.3 million ransom demand.

Education and healthcare sectors were also hard hit, with Louisiana public schools even declaring an emergency in July after several school districts were hit. In one attack, affecting the Moses Lake School District, encompassing 16 schools, the ransomware was traced to an IP address in Moscow. Instead of paying the $1 million ransom, the District rebuilt systems from backups that were out-of-date by between four and five months.

And ransomware attacks have also come via software supply chains. In August, a cloud management service providing backup for dental practices across the US was infected with Sodinokibi, which subsequently affected around 400 dental practices across the country. "Several sources claim the ransom was paid, although the total amount was not specified," Emisoft reports.

According to Emisoft, compromises of managed service providers are increasing as it enables attackers to hit multiple organisations at the same time. Ransom demands are also rising, partly because ransoms are being paid, encouraging attackers to increase their ransom demands with their next successful attack.

"Email and attachments and RDP [remote desktop protocol] continue to be the attack vectors of choice. The latter is vulnerable to ransomware via exploitation on unpatched systems, misconfigured security settings and brute force attacks on weak login credentials," Emisoft warns.

It adds that, in some instances, workarounds may be possible that could minimise recovery costs. However, many public sector organisations nevertheless need to invest more on keeping operating systems and software up-to-date, rigorous patch management and appropriate endpoint security software to identify and stop malware before it can be activated or spread.

Ongoing training, including penetration tests that focus as much on people as systems, is also a key component of any security strategy, according to Proofpoint.

In the UK and Europe, meanwhile, the costs of falling victim to cyber attacks are set to go through the roof as a result of GDPR, with British Airways facing a fine of £138 million over a Magecart attack last year, and Marriott Hotels facing a £99 million fine.