Understanding the Ransomware Threat in Canada

In 2021, ransomware attacks happened throughout Canada. And more than half of the known victims were critical infrastructure providers.

Now, there’s a new awareness campaign. Last December, the Communications Security Establishment (CSE) shared findings from The Cyber Threat Bulletin: The Ransomware Threat in 2021.

The bulletin reports that 235 ransomware incidents occurred against Canadian victims from January 1, 2021 to November 16, 2021. Over fifty percent of targets were from the energy, health, and manufacturing sectors.

Newfoundland and Labrador’s healthcare system suffered from a cybersecurity threat. It cancelled thousands of medical procedures ranging from chemotherapy to X-rays. Toronto’s Humber River was also forced to shut down its IT systems to prevent a ransomware attack.

Nearly a quarter of Canadian small businesses have also experienced some kind of malicious cyber incident since March 2020.

Most people know about the existence of cybersecurity threats. But what is ransomware? And how disastrous is it?

Defining Ransomware

Ransomware is a type of malicious software. It infects a computer and restricts its access. As the name suggests, a “ransom” has to be paid to retrieve critical data.

This type of malware is designed to spread across a network. Threat actors and criminals target databases and file servers. This allows them to paralyze an entire organization quickly.

How does it work?

Malware requires a vector to establish its presence at an endpoint. So, deploying ransomware involves email spam campaigns or targeted attacks. After infiltration, a malicious binary is executed on the infected system that searches and encrypts valuable files.

Ransomware employs asymmetric encryption. The attacker generates a unique pair of private-public keys to encrypt and decrypt a file. A private key to decrypt the files is stored on the attacker’s server.

After file encryption, the ransomware prompts the user for a ransom. The ransom is payable within 24 to 48 hours to decrypt the files, or the files are lost forever unless the victim has a separate data backup.

How to defend against it

The availability of malware kits caused ransomware to spread far and wide. Today, ransomware-as-a-service (RaaS) exists where organized cybercrime groups are profiting.

To avoid ransomware and mitigate the damage in an attack:

1. Always have backup copies of essential files. Backup data should not be accessible for modification or deletion from the systems where the data resides.

2. Use security software on your computer and all other devices. Keep it up-to-date.

3. Practice safe surfing and only use secure networks when connecting to the internet.

Fighting back

The CSE has said that it conducts cyber operations and works with Canadian law enforcement to disrupt cybercriminal threats. Its tools and authority stem from The Communications Security Establishment Act of 2019.

Four Ministers have also taken action through an open letter. The heads of National Defence, Emergency Preparedness, Public Safety and International Trade, Export Promotion, and Small Business Economic Development urge Canadian organizations to adopt cybersecurity’s best practices against ransomware.

The Bottom Line

Ransomware was one of Canada’s top cybersecurity threats last year. The proliferation of this type of malware attack  is alarming, as reported by the CSE. Key sectors were left vulnerable. Underscoring the importance of having data security measures in place.

Fortunately, businesses in the major cities have access to data destruction services. Companies located in “The Queen City” can contact one servicing their particular area. These experienced professionals do document shredding in Toronto, plus a whole lot more.