Some of these threat actors can act so effectively because they are backed by foreign states, namely China, Iran and Russia: CSEA
Publishing date:Dec 06, 2021
OTTAWA – There have been 235 known ransomware attacks against Canadian victims to date in 2021, and more than half targeted critical infrastructure providers such as electrical grids, oil and gas, and hospitals, warns Canada’s digital cybersecurity agency.
And that is just the tip of iceberg, as “most” ransomware attacks go unreported, warns the Communication Security Establishment’s (CSE) Canadian Centre for Cyber Security in a new cyber threat bulletin published Monday.
“The Cyber Centre continues to regularly observe high-impact ransomware campaigns that can cripple businesses and critical infrastructure providers,” reads the bulletin.
“The COVID-19 pandemic has made organizations like hospitals, governments, and universities more mindful of the risks tied to losing access to their networks and often feeling resigned to pay ransoms. Cybercriminals have taken advantage of this situation by significantly increasing the value of their ransom demands.”
Ransomware attacks are a form of cybercrime in which criminals use malware to infect an individual or organization’s devices and encrypts them against their will (or locks them out of their files, in other words). They then demand a ransom — generally in cryptocurrency such as bitcoins — in exchange for the victim’s files to be decrypted.
- Many Canadian firms knuckle under to ransomware demands, survey suggests
- Locked-up computer systems only part of ‘terrifying’ ransomware scourge
The devices can be infected via a number of known techniques, such as phishing (clicking on a malicious link sent by text, email or social media), malvertising (a code that infects a computer when a user clicks on an online advertisement) and drive-by downloads (malware that is forcibly downloaded and installed on a computer via an infected website).
Globally, ransomware attacks increased by 151 per cent in the first six months of 2021 compared to the previous year, and Canada is unlikely spared from that phenomenon, CSE notes.
In its bulletin, the Cyber Centre notes that the average ransom payment around the world seems to have stabilized around $200,000, but the cost of recovering from the attack for individuals or organizations has exploded, jumping to $2.3 million this year from just under $1 million in 2020.
Few examples of ransomware attack in Canada are known publicly, but the most recent major event occurred within the last month when a cyberattack compromised one of Newfoundland and Labrador’s most crucial IT systems used by the province’s doctors and technicians.
A poll by the Canadian Internet Registration Authority published last month revealed that 69 per cent of organizations that were the target of an attack paid the ransom.
Thus, the Cyber Centre published a series of tools and advice on Monday, including a “ransomware playbook”, alongside its bulletin to help Canadian individuals and organizations both protect themselves from attacks and know how to react if they fall victim to one.
Above all, the cybersecurity agency exhorts those affected by a ransomware attack to report it to police and CSE, even if the ransom is paid.
“While ransomware attacks will almost certainly continue to increase in scale, frequency and sophistication, the vast majority can be prevented by implementing basic cyber security measures,” the center says.
In Canada as in the world, ransomware operators can target anyone, but many have been focusing on large organizations or critical infrastructure operators because they believe they have the most resources to pay, and quickly.
“For large enterprises and critical infrastructure providers, many sophisticated ransomware groups are still demanding increasingly exorbitant amounts, with 2021 seeing the largest ransom payment ever at $48.4M CAD,” the report notes, referring to the infamous Colonial Pipeline ransomware attack in the US last may that crippled the country’s largest fuel pipeline for five days.
Critical infrastructure can mean organizations in the energy, health and manufacturing industries, for example.
Last May, the world’s largest meat processing company JBS Foods was victim of a ransomware attack that ultimately disrupted global food production. The company ended up paying $13.3 million to the hackers responsible for the attack.
Some of these threat actors can act so effective because they are backed by foreign states, namely China, Iran and Russia, the Cyber Centre says.
The latter state is one of the most notorious supporter of cybercriminal groups, with CSE revealing that many of the world’s most “sophisticated and prolific” ransomware variants are used by threat actors based in Russia.
“We assess that Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity—as long as they focus their attacks against targets located outside Russia and the former Soviet Union,” reads the bulletin.