The threat of cyber attacks is no longer restricted to TV shows and movies, with cyber security incidents like ransomware attacks becoming far more frequent in daily life. While the COVID-19 pandemic may have slowed many aspects of society, ransomware has seen a marked increase in recent years around the globe – and Canada is no exception.
The Growing Ransomware Threat
Ransomware incidents involve threat actors infiltrating an organization’s defenses and deploying malware to prevent the company from accessing its information. Though the specific tactic may differ between threat actors, users will ultimately find themselves unable to access vital data and key systems unless the organization pays a ransom to the threat actors, usually in the form of digital currency. During the incident, threat actors may also extract data from the company’s network, which can have serious privacy consequences for the organization and its customers. Not only will their data be in the hands of an unknown party, but in many cases, threat actors may threaten to publish the exfiltrated information online if the organization refuses to provide them with payment.
Ransomware saw record-breaking numbers last year. By the end of the first half of 2021, global ransomware attacks had increased by 151% as compared to the previous year, with ransom payments of up to CAD$48.4M being paid out to hackers. In Canada, the Canadian Centre for Cyber Security (the Cyber Centre) has knowledge of at least 235 ransomware incidents that occurred over the course of 2021 (though, it is important to note that the majority of ransomware attacks go unreported). Out of the known ransomware incidents that were reported to the Cyber Centre, more than half involved critical infrastructure providers. However, the Office of the Privacy Commissioner of Canada (the OPC) stresses that no sector is fully immune from an attack, as incidents of ransomware have occurred indiscriminately since 2020 in not-for-profit, professional, financial, transportation, manufacturing, and retail sectors.
The increase in ransomware incidence and scope in recent years is partly attributed to the growing sophistication with which cyberattacks may now be conducted. A number of key trends in ransomware have arisen, and are rapidly changing the cybercrime landscape. For instance, ransomware-as-a-service (RaaS) is a model that allows developers to sell and/or lease ransomware to cybercriminals whilst being paid a percentage of the profit. These kinds of schemes allow an increased number of unskilled threat actors to get a hold of sophisticated ransomware technology, while providing skilled attackers the opportunity to profit from the mass distribution of their work. The world has also seen an increase in victims of high-impact targeting, wherein more targeted attacks are being launched at supply chains and essential services in order to maximize potential victims and profits. For instance, many threat actors have leveraged the COVID-19 pandemic to aim at high-impact targets that have become especially vital in current circumstances, such as emergency medical services and law enforcement agencies. As stated by chief information officer Amar Yousif at UTHealth in Houston, “[a]ttackers [targeting hospitals] understand that we’re talking about life and death. There’s a great incentive to just pay and get the thing unlocked so we can treat patients.” In finding more opportune ways to breach vulnerable organizations, threat actors are demonstrating that their targeting schemes are becoming increasingly sophisticated, as well as strategic.