New Orleans' city government crippled. A maritime cargo facility temporarily closed. Hospitals forced to turn away patients. Small businesses shuttered.
The cause in each of these incidents: ransomware attacks. In recent years, hackers have taken to locking down entire computer networks and demanding payments to let users back into their systems.
The frequency of ransomware attacks — among the scariest and most costly online assaults — has been hard to pinpoint because many victims quietly pay off their attackers without notifying authorities.
Now, an array of new data provide perhaps the best available picture of the problem. In 2019, 205,280 organizations submitted files that had been hacked in a ransomware attack — a 41% increase from the year before, according to information provided to the New York Times by Emsisoft, a security firm that helps companies hit by ransomware.
The average payment to release files spiked to $84,116 in the last quarter of 2019, more than double what it was the previous quarter, according to data from Coveware, another security firm. In the last month of 2019, that jumped to $190,946, with several organizations facing ransom demands in the millions of dollars.
Security experts said that even these numbers underestimate the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down.
"Anything of value that is smart and connected can be compromised and held for ransom," said Steve Grobman, chief technology officer at McAfee. "If critical infrastructure systems are held for ransom, what is our policy going to be for dealing with those?"
The data from the security companies and the number of recent ransomware incidents show a dramatic escalation for a type of attack that, just a few years ago, was mostly directed at individuals, who had to pay only a few hundred dollars to get their files back.
The Coast Guard said in December that ransomware had forced a cargo transfer facility to shut for more than 30 hours after attackers took control of "the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations." The Coast Guard did not reveal the location of the facility.
The city of New Orleans, one of dozens of cities hit by ransomware over the last year, was attacked with similar ransomware late last year and is still conducting many operations on paper, with police officers recording incidents manually.
Cities appeared to be high on the target list because they are among the only victims who have to report the attacks. In reality, public-sector organizations represented only around 10% of all victims last year, Coveware said.
Barclays and several other banks are still unable to make foreign-currency conversions for customers more than a month after Travelex, the company that provides them with cash, was targeted by ransomware known as Sodinokibi, or REvil. The BBC reported that the hackers demanded $6 million.
Ransomware attacks have also caused a number of small and medium businesses to shut altogether, like Colorado Timberline, a printing company with a few hundred employees near Denver, and Brookside ENT and Hearing Services in Battle Creek, Mich., a 10-person medical office.
"I was suddenly retired and I didn't want to be," said Dr. William Scalf, one of two doctors at Brookside, which closed in April after failing to recover its medical files from hackers who demanded $6,500.
Authorities have not released statistics on the broad changes in ransomware attacks, but the FBI noted in its latest warning that the attacks were becoming "more targeted, sophisticated and costly."
The agency said an online portal for reporting incidents received 1,493 reports in 2018. But officials think that number was likely "artificially low" because it did not include reports from field offices or agents or other sources.
"What we find most concerning is that it causes not just direct costs, but also indirect costs of lost operations," said Herbert Stapleton, cybersection chief at the FBI. "We certainly view it as one of the most serious cybercriminal problems we face right now."
Europol, the European Union's law enforcement agency, has gone further, calling ransomware the "most widespread and financially damaging form of cyberattack."
"We have had success stories, but to be honest, it is becoming more and more complicated," said Fernando Ruiz, acting head of Europol's European Cybercrime Center. "This is a garden for them, and we need to change that."