Ransomware Attacks Are Increasing In Toronto

According to a recent report by CBC News, ransomware attacks are on the rise in Canada. Hospitals, the transport systems, and the food industry have not been spared in these crimes. The Toronto East Hospital and a Toronto dental office are two examples of attacks on hospitals.

A 2019 survey by Carbon Black found that 88% of Canadian organizations experienced a data breach in the previous 12 months. 82% of the companies surveyed have experienced an increase in the overall volume of cybersecurity incidents. Closer home, Toronto has experienced a 300% increase in ransomware crime reports. Unfortunately, the problem is not just with the frequency, but also the complexity of the attacks.

In yet another report by Emsisoft, Canada experienced more than 4,000 ransomware attacks in 2020. The minimum cost estimate for the ransom was $164,772,274, and the maximum estimate was $659,246,267. Considering the non-monetary cost of the attacks, including the downtime, the numbers quickly escalate to a higher minimum and maximum.

Ransomware has been a significant problem for businesses in Canada, and there doesn’t seem to be an end to it. The primary question that everyone is grappling with is why such attacks are on the rise. Here are some explanations provided by some security experts.

Cyber Failures by Victims

Unfortunately, most victims of ransomware attacks contribute to the success of the incidents without knowing it. Ransomware spreads through user-initiated actions like visiting malicious websites or clicking on phishing links on emails. In other cases, ransomware also spreads through drive-by downloads and malvertising. These activities don’t need user engagement to be successful.

However, it’s worth noting that cybercriminals don’t target specific victims. An attack may happen after the malicious actors realize that an entity has been infected. According to the Federal Bureau of Investigation, these are instances of extension rather than ransomware.

Ransomware is a Lucrative Business for Hackers

Ransomware usually leaves its victims without a choice but to pay a ransom. This factor makes it a profitable business for cybercriminals. Hackers usually believe that affected businesses must part with the ransom they demand to have their systems restored. As such, cybercrime has become an industry in itself and has brought many companies crumbling down.

While some ransomware attacks are quickly discovered, like the recent ones against JBS and the Colonial Pipeline, others go unnoticed. In such cases, the operators have a more extended period to continue exploiting networks before the breach comes into the limelight. This happens because the actors have created modus operandi to outperform security software, enabling them to maneuver a company’s cyber defenses.

They have the skill to recruit an organization’s legitimate tools and applications to function as part of their evil-scheming tools. This practice, known as “living off the land,” allows the hackers to stay under the radar in the disguise of routine processes.

Ransomware as a Service

Ransomware attacks have now penetrated the market as a service. Hackers have devised a flexible, adaptable, and profitable business model through ransomware to help them continue building revenue. The model is based on a subscription that enables affiliates to use existing ransomware tools to instigate their attacks. Affiliates only get a percentage of the loot, while the more significant share goes to the owners of the ransomware software.

This model has made it easy for cybercriminals to act, as it removes the coding erudition that was previously a requirement for a successful attack. Like with all other SaaS solutions, affiliates in this model don’t need experience or skills to use the tools. As such, the model empowers even beginner hackers to conduct highly sophisticated attacks.

The Russia Factor

Most ransomware attacks originate from Russia. Just recently, the U.S. President confronted the Russian President over ransomware gangs in Russia that make a profit without prosecution. Private cybersecurity companies and the FBI have not provided any evidence of the Russian government’s involvement in ransomware attacks.

This can be attributed to the fact that the line between hacking groups and state cyber operation groups can be murky. As Russian Intelligence agencies’ cyber operations evolve, it has become more complicated for the U.S. government to tell apart alleged Russian intelligence operatives from ordinary cybercrime. Russian officials have made the situation more complex by calling hackers whose actions meet Kremlin objectives “patriotic.”

How to Fight Ransomware

Cybersecurity experts offer the following recommendations, and although they are not comprehensive, they provide a guideline for best practices:

Securing Networks and Systems

  • Backups should be present in all systems: go for a backup plan that enables you to save multiple iterations of the backups. Routine tests for the backups are also crucial.
  • Using anti-spam, anti-malware, and antivirus solutions
  • Disabling macros scrips
  • Having an incident response and recovery plan
  • Keeping all systems patches
  • Restricting internet access by using a proxy server and installing ad-blocking software
  • Applying the principles of network segmentation and least privilege by categorizing and separating data based on organizational value.
  • Participating in cybersecurity information-sharing programs and organizations
  • Vetting and monitoring third parties

Securing the End-User

  • Create a reporting plan for your staff to let them know how and where to report suspicious activities
  • Provide phishing and social engineering training to employees, reminding them to avoid opening suspicious links or attachments whose source they don’t know
  • Remind them to close their browsers when not in use.

Responding to a Cybersecurity Threat of Attack 

CISA and other cybersecurity experts recommend that you:

  • Ensure your systems and software are up-to-date at all time
  • Implement multi-factor authentication
  • Immediately disconnect all infected systems from the internet to prevent further propagation of the infection.
  • Only restore files from regularly updated and maintained backup systems
  • Report cybersecurity incidents to CISA: according to a Statistics Canada 2020 report, approximately 21% of the Canadian business population has been affected by cybersecurity incidents. Unfortunately, only 12% of them have made reports to the police.
  • Lastly, there is a need to create awareness among business leaders and management on investing in cybersecurity measures.

Ransomware Services In Toronto

Ransomware threats are increasing in Canada, and there’s a need to be proactive about cybersecurity measures. One way to boost the security of your systems and network is to work with a managed service provider. This way, you have the assurance that monitoring is ongoing, and threat detection is more effective.

EB Solution works with businesses in Canada to offer custom-made IT solutions. Schedule an online meeting today to find out how we can help your business.

Watch Our Latest Tech Videos From EB Solution

Call Now