3 Things You Need to Know About Canadian Ransomware Attacks
Over the last year, ransomware attacks in Canada have increased in scale, frequency, and sophistication. This was recently confirmed in the Canadian Centre for Cyber Security’s threat bulletin. According to their data, there were 235 ransomware attacks reported last year, however since most attacks are not made public, we know that this number just reflects the tip of the iceberg. Nevertheless, there are some points drawn from those attacks that cybersecurity practitioners should pay attention to.
Before we delve into the analysis, let’s review the topic at hand. Ransomware attacks typically use malware to infect an organization’s devices and encrypt sensitive data, locking staff out of their files and demanding a ransom in exchange for decrypting them. The most common techniques include:
- Phishing – Malicious links sent via email, text, or social media post,
- Malvertising – Malicious code triggered when a user clicks on an online advertisement, and
- Drive-by Downloads – Malware forcibly downloaded and installed on a computer via an infected website.
Now that we’ve reviewed what ransomware is all about, here are three important things you should know:
1. Industrial control systems are prime targets
More than half the ransomware attacks cited targeted critical infrastructure, including electrical grids, oil and gas facilities, and hospitals. According to the authors, “The COVID-19 pandemic has made organizations like hospitals, governments, and universities more mindful of the risks tied to losing access to their networks and often feeling resigned to pay ransoms. Cybercriminals have taken advantage of this situation by significantly increasing the value of their ransom demands.” These institutions are among the highest value targets because cybercriminals believe these entities have the greatest incentive to pay due to the critical functions they perform.
2. Ransomware-as-a-service, here to wreak havoc and here to stay
While nobody asked ransomware groups to discover a new way to become even more detestable, they went and found it anyway: Ransomware-as-a-Service (RaaS). The advent of RaaS has officially turned the practice of holding organizations’ data for ransom into an industry. Developers of these platforms sell or lease ransomware to other cybercriminals in exchange for receiving a percentage of each victim’s ransom payment. The result: a business model that makes widespread fraud campaigns more cost effective for malicious actors than ever.
3. Surging recovery costs far exceed ransom costs
While the global average ransom payment has stabilized around $200,000 CAD, the average cost of recovery exploded. In 2020, these costs were just under $1 million CAD. In 2021, they grew to $2.3 million CAD. According to the Canadian Centre for Cyber Security, ransom payments “are likely reaching a market equilibrium, where cybercriminals are becoming better at tailoring their demands to what their victims are most likely to pay given the growth of recovery cost and the risk of reputational damage from public data leaks.”
What you can do
Although ransomware attacks may have increased in scale, frequency, and sophistication, implementing basic countermeasures can still greatly reduce your exposure to most types of attack.
With the proliferation of RaaS platforms and recovery costs surging, it’s crucially important to secure industrial control systems and maintain the fundamentals of a sound cybersecurity practice. Start by having some level of protection in the form of a secure email gateway solution and then incorporate a level of protection against malvertising as well as conventional email filtering and anti-virus functionality. Unfortunately, even if your email security platform prevents 99.9% of malware or malicious links from getting through, it only takes one well-crafted email to cause a breach. It’s therefore very important to configure these tools according to best practices and ensure that both IS teams and end users maintain constant vigilance.
In the event your organization does suffers a ransomware attack, it’s important to:
- Have a plan – Don’t “wing it”
- Assume the attacker is still there – Monitor your environment closely for anomalous activity
- Close the barn door – Failing to do so means you’ll likely be attacked again
- Get professional help – Your team will likely lack either the skills or capacity to do it all
And if you’d like more information on this topic, simply reach out to our team, we are here to help.
You might also like
Employee Spotlight: Meet Peter Woods
iON is delighted to shine the Employee Spotlight on Contract Specialist, Peter Woods.Meet Peter WoodsOriginally from Ottawa, Peter moved to Calgary in 1999 after completing his degree. During this time, he began his career in procurement as a buyer and progressed through various roles in supply chain and contract management.Climbing and Lessons LearnedAlthough always active…
Employee Spotlight: Meet Chris Timmons
iON is pleased to shine the Employee Spotlight on Assessment Services Team Lead, Chris Timmons. Meet Chris Timmons From an early age, Chris has been a high achiever. He excelled at his elementary school in Pilot Butte, SK. And when he moved to Ottawa as a teen, he used previously taken classes to fast-track through Grade 11 and…
iON at Calgary Cyber Summit 2022
iON is proud to be a gold sponsor at this year’s Calgary Cyber Summit. Running September 13-16, the event hosts over 300 law enforcement, partner agencies, and corporate cybersecurity representatives from a dozen countries, allowing for unparalleled networking and learning opportunities. The theme of this year’s event is “Stronger Together,” with a focus on expanding…