Cybercriminals who deploy ransomware are always on the hunt for new victims. That’s true even during a time of crisis such as the coronavirus pandemic. Though some ransomware gangs have vowed to hold off on attacks against hospitals and healthcare providers as the world battles COVID-19, others are still trying to make a profit out of any potential victim. But as the virus has spread, the number of successful ransomware attacks against certain sectors has actually declined, according to a blog post published Thursday by Emsisoft.

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

In 2019, 966 government agencies, educational establishments, and healthcare providers in the US were hit by ransomware. Initial projections called for the same or worse numbers for 2020. But for the first quarter of the year, only 89 such organizations were affected by ransomware, reducing the number to a level not seen in several years.

Drilling down on the results, ransomware attacks during the first quarter hit 38 government agencies, 26 educational establishments, and 25 healthcare providers. This decline has continued into the start of the second quarter with three government agencies, two educational facilities, and two healthcare providers victimized by ransomware.

Whether or not the overall number of ransomware campaigns has fallen, why has the level of successful attacks against the three mentioned sectors declined? Emsisoft points to a few factors.

First, many government, educational, and healthcare organizations have suspended non-essential services during the coronavirus outbreak, leaving a smaller attack area for ransomware.

Second, while people working from home may be a new target, they also represent different challenges for ransomware attackers. These criminal groups are limited by available personnel and resources and can’t always modify their operations as quickly as desired.

Third, many organizations are suffering financially as a result of the COVID-19 outbreak. As such, they simply can’t afford to pay huge sums of money to attackers demanding a ransom. In a note posted recently on its website, the Maze ransomware group said: “We are living in the same economic reality as you are. That’s why we prefer to work under the arrangements, and we are ready for compromise.”

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

Though the number of successful ransomware attacks in the public sector has fallen, attacks against the private sector have remained at around the same level during the coronavirus outbreak. Further, even the decline against governments, schools, and healthcare providers is likely temporary, and Emsisoft believes the level of attacks will ramp up as the year progresses.

“The government should, as noted in our 2019 report, seek to bolster security in these sectors and should do so as a matter of urgency,” Emsisoft said in its blog post. “This is critical given that the COVID-19 pandemic could amplify existing security risks around the upcoming election, especially as some states have reallocated election security budgets to fund efforts related to COVID-19.”


Image: BeeBright, Getty Images/iStockphoto