Ransomware attacks were already a growing threat to Canadian businesses, but the war in Ukraine has given new urgency to getting one step ahead of cybercriminals
Canada went on high alert for ransomware attacks on Feb. 24, the day Russia invaded Ukraine.
Canada’s Communications Security Establishment (CSE) warned Canadian banks, power utilities and other major firms that day “to take immediate action and bolster (your) online cyber defences.”
Ransomware attacks were already a growing threat to Canadian businesses, hospitals, government agencies and other organizations before Russia-based cybercriminals loyal to Moscow were given additional incentive to attack victims in Western countries that sanctioned Russia to reverse its invasion of Ukraine.
In a landmark survey of Canadian employers conducted last year, Telus Corp., the telecom giant, reported that 83 per cent of the 463 Canadian businesses and other organizations participating in the survey had experienced an attempted ransomware attack.
More than two-thirds were unable to thwart the attempt and suffered the attack. About 44 per cent of those victims paid the ransom demanded by the cybercriminals who had encrypted their data and effectively frozen their computer systems.
The average ransom paid was $140,000. Ransom paid by large organizations reaches into the tens of millions of dollars.
And cybercrime victims in the Telus survey calculate that the ransom they paid was only 10 per cent of their total costs in recovering from an attack.
The additional costs include delays or cancellations of plans to boost the efficiency of IT systems, and loss of employee productivity.
And just over half of respondents who were attacked reported permanent full or partial loss of their data.
We know from reports by the federal Canadian Centre for Cyber Security (Cyber Centre) and other international cybersecurity agencies that data lost in cyberattacks is often posted on open-source websites for all to see.
That stolen data is used in business espionage and intellectual property theft; by other ransomware groups who use it to attack the victim again; and is shared with intelligence agencies of governments hostile to the West.
The threat from ransomware attackers described in this space in June 2021 has since grown worse.
By that point, hundreds of North American organizations large and small had already been attacked.
The varied targets included America’s largest gasoline pipeline network (Colonial Pipeline Co.) and its biggest meat packer (JBS USA); a major network of Irish hospitals; Florida’s largest school district; Toronto’s Humber River Hospital; and the Ontario municipalities of Stratford, Wasaga Beach and Midland.
Worsening economic conditions in Russia and Eastern Europe are increasing the population of ransomware attackers seeking a lucrative source of income from a criminal activity whose start-up costs are minimal.
And the ransomware network has expanded to include illegal stores that sell the most advanced cyberattack tools.
Guarding against digital extortion attempts and other malicious cyberattacks is straightforward. Excellent guidance on cyber protection is provided by the Cyber Centre, in the 2022 Telus Canadian Ransomware Study, and in an exhaustive report on cyber vulnerabilities by the U.S. Cybersecurity & Infrastructure Security Agency.
Topping the list of protections urged by cybersecurity experts is “proactive layering.”
Proactive, of course, means getting cyber protections in place before you are attacked. Layering means deploying several protections against every vulnerability, blocking each possible entry point to malware infection two and three times over.
The work-from-home phenomenon has provided another gateway for ransomware attackers. They use poorly protected home office computer set-ups to gain access to larger organizations.
So, for individuals, protections include keeping your computer up to date with the latest software patches. And limiting personal data shared online, which provide hackers with entry points to infect a computer or your organization’s entire computer system.
And beware that “multifactor authentication” provided by employers does not protect from malware that accesses your computer when you click on dubious emails, links, attachments and websites (click bait).
For institutions, a robust protection system, or “vulnerability management program” (VMP), is a must.
The Telus survey found that about two-thirds of organizations with a VMP did not fall victim to a successful ransomware attack, while 42 per cent of those without a VMP suffered a damaging cyberattack.
Cyber insurance is not as effective a risk management practice as a VMP. Some claims are refused by insurers, while other insurers pay the claim but then refuse to continue providing coverage. Many Telus participants report being repeated victims of cyberattacks.
And speed is of the essence when attacked. By shutting down its digital systems immediately when it suspected a cyberattack on June 14, 2021, Humber River Hospital was able to protect its patient data.
Most victims continue not to report attacks. That holds up progress on learning how to prevent attacks and handle them more effectively.
It’s a time-honoured expression that the bad guys are always a step ahead of law enforcement. But by keeping pace with the advances made by the cybercriminals, we can at least give ourselves a fighting chance.
