According to a recent report by CBC News, ransomware attacks are on the rise in Canada. Hospitals, the transport systems, and the food industry have not been spared in these crimes. The Toronto East Hospital and a Toronto dental office are two examples of attacks on hospitals.
A 2019 survey by Carbon Black found that 88% of Canadian organizations experienced a data breach in the previous 12 months. 82% of the companies surveyed have experienced an increase in the overall volume of cybersecurity incidents. Closer home, Toronto has experienced a 300% increase in ransomware crime reports. Unfortunately, the problem is not just with the frequency, but also the complexity of the attacks.
In yet another report by Emsisoft, Canada experienced more than 4,000 ransomware attacks in 2020. The minimum cost estimate for the ransom was $164,772,274, and the maximum estimate was $659,246,267. Considering the non-monetary cost of the attacks, including the downtime, the numbers quickly escalate to a higher minimum and maximum.
Ransomware has been a significant problem for businesses in Canada, and there doesn’t seem to be an end to it. The primary question that everyone is grappling with is why such attacks are on the rise. Here are some explanations provided by some security experts.
Unfortunately, most victims of ransomware attacks contribute to the success of the incidents without knowing it. Ransomware spreads through user-initiated actions like visiting malicious websites or clicking on phishing links on emails. In other cases, ransomware also spreads through drive-by downloads and malvertising. These activities don’t need user engagement to be successful.
However, it’s worth noting that cybercriminals don’t target specific victims. An attack may happen after the malicious actors realize that an entity has been infected. According to the Federal Bureau of Investigation, these are instances of extension rather than ransomware.
Ransomware usually leaves its victims without a choice but to pay a ransom. This factor makes it a profitable business for cybercriminals. Hackers usually believe that affected businesses must part with the ransom they demand to have their systems restored. As such, cybercrime has become an industry in itself and has brought many companies crumbling down.
While some ransomware attacks are quickly discovered, like the recent ones against JBS and the Colonial Pipeline, others go unnoticed. In such cases, the operators have a more extended period to continue exploiting networks before the breach comes into the limelight. This happens because the actors have created modus operandi to outperform security software, enabling them to maneuver a company’s cyber defenses.
They have the skill to recruit an organization’s legitimate tools and applications to function as part of their evil-scheming tools. This practice, known as “living off the land,” allows the hackers to stay under the radar in the disguise of routine processes.
Ransomware attacks have now penetrated the market as a service. Hackers have devised a flexible, adaptable, and profitable business model through ransomware to help them continue building revenue. The model is based on a subscription that enables affiliates to use existing ransomware tools to instigate their attacks. Affiliates only get a percentage of the loot, while the more significant share goes to the owners of the ransomware software.
This model has made it easy for cybercriminals to act, as it removes the coding erudition that was previously a requirement for a successful attack. Like with all other SaaS solutions, affiliates in this model don’t need experience or skills to use the tools. As such, the model empowers even beginner hackers to conduct highly sophisticated attacks.
Most ransomware attacks originate from Russia. Just recently, the U.S. President confronted the Russian President over ransomware gangs in Russia that make a profit without prosecution. Private cybersecurity companies and the FBI have not provided any evidence of the Russian government’s involvement in ransomware attacks.
This can be attributed to the fact that the line between hacking groups and state cyber operation groups can be murky. As Russian Intelligence agencies’ cyber operations evolve, it has become more complicated for the U.S. government to tell apart alleged Russian intelligence operatives from ordinary cybercrime. Russian officials have made the situation more complex by calling hackers whose actions meet Kremlin objectives “patriotic.”
Cybersecurity experts offer the following recommendations, and although they are not comprehensive, they provide a guideline for best practices:
Securing Networks and Systems
Securing the End-User
Responding to a Cybersecurity Threat of Attack
CISA and other cybersecurity experts recommend that you:
Ransomware threats are increasing in Canada, and there’s a need to be proactive about cybersecurity measures. One way to boost the security of your systems and network is to work with a managed service provider. This way, you have the assurance that monitoring is ongoing, and threat detection is more effective.
EB Solution works with businesses in Canada to offer custom-made IT solutions. Call us today to find out how we can help your business.