Canada on high alert for ransomware attacks amid Russia’s invasion of Ukraine


Canada was put on high alert for ransomware attacks on February 24, the day Russia invaded Ukraine.

Canada’s Communications Security Establishment (CSE) today warned banks, power utilities and other major Canadian companies “to take immediate action and strengthen (your) online cyber defenses.” .

Ransomware attacks were already a growing threat to Canadian businesses, hospitals, government agencies and other organizations before Russian cybercriminals loyal to Moscow received additional incentive to attack victims in Western countries that sanctioned the Russia to reverse its invasion of Ukraine.

In a landmark survey of Canadian employers conducted last year, Telus Corp., the telecommunications giant, reported that 83% of the 463 Canadian companies and other organizations participating in the survey had suffered an attempted ransomware attack.

More than two-thirds were unable to thwart the attempt and suffered the attack. About 44% of these victims paid the ransom demanded by the cybercriminals who had encrypted their data and effectively frozen their computer systems.

The average ransom paid was $140,000. The ransom paid by large organizations reaches tens of millions of dollars.

And cybercrime victims in the Telus survey calculate that the ransom they paid was only 10% of their total costs to recover from an attack.

Additional costs include delays or cancellations of plans to improve the efficiency of IT systems and loss of employee productivity.

And just over half of those surveyed who were attacked reported permanent full or partial loss of their data.

We know from reports by the federal Canadian Center for Cyber ​​Security (Cyber ​​Center) and other international cybersecurity organizations that data lost in cyberattacks is often posted on open-source websites at the sight of all.

That the stolen data is used in commercial espionage and intellectual property theft; by other ransomware groups that use it to attack the victim again; and is shared with the intelligence agencies of governments hostile to the West.

The threat from ransomware attackers described in this space in June 2021 has since escalated.

By then, hundreds of North American organizations large and small had already been attacked.

The varied targets included the United States’ largest gasoline pipeline system (Colonial Pipeline Co.) and its largest meatpacker (JBS USA); a large network of Irish hospitals; Florida’s largest school district; Toronto’s Humber River Hospital; and the Ontario municipalities of Stratford, Wasaga Beach and Midland.

Deteriorating economic conditions in Russia and Eastern Europe are increasing the number of ransomware attackers looking for a lucrative source of income from criminal activity with minimal start-up costs.

And the ransomware network has expanded to include illegal stores that sell the most advanced cyberattack tools.

Protecting yourself against digital extortion attempts and other malicious cyberattacks is simple. Great advice on cyber protection is provided by the Cyber ​​Centerin Telus’ 2022 Ransomware in Canada Study, and in a comprehensive report on cyber vulnerabilities by the United States Cybersecurity & Infrastructure Security Agency.

At the top of the list of protections advocated by cybersecurity experts is “proactive overlay”.

Proactive, of course, means putting cyber protections in place before being attacked. Layering means deploying multiple protections against each vulnerability, blocking every possible entry point for a malware infection two or three times.

The work-from-home phenomenon has provided another gateway for ransomware attackers. They use poorly protected home office computing setups to access larger organizations.

Thus, for individuals, the protections include updating your computer with the latest software patches. And limit personal data shared online, which provides hackers with entry points to infect a computer or your organization’s entire IT system.

And beware, “multi-factor authentication” provided by employers does not protect against malicious software gaining access to your computer when you click on dubious emails, links, attachments and websites (click bait).

For institutions, a robust protection system, or “vulnerability management program” (VMP), is essential.

Telus’ survey found that approximately two-thirds of organizations with a VMP have not experienced a successful ransomware attack, while 42% of those without a VMP have suffered a ransomware attack. damaging cyberattack.

Cyber ​​insurance is not as effective a risk management practice as a VMP. Some claims are denied by insurers, while other insurers pay the claim but then refuse to continue providing coverage. Many Telus participants report being repeatedly victims of cyberattacks.

And speed is essential when attacking. By shutting down its digital systems immediately when it suspected a cyberattack on June 14, 2021, Humber River Hospital was able to protect its patient data.

Most victims continue not to report the attacks. This hampers progress in learning how to prevent attacks and manage them more effectively.

It’s a time-honoured phrase that bad guys are always one step ahead of law enforcement. But by keeping pace with the advances of cybercriminals, we can at least give ourselves a fighting chance.


Comments are closed.