Ransomware attacks have been launched against “critical infrastructure organizations” in Canada, a Senate committee heard this week, and the number of attempts to hold sensitive data for ransom is likely to increase in the coming years.
Testifying before the Senate’s National Security and Defence Committee on Monday, the head of the Canadian Cyber Incident Response Centre (CCIRC) said her department is very concerned about the rise of ransomware, a type of malware that infects computers, locks down data and then encrypts it until the victim hands over a payment to get the information back.
READ MORE: Ransomware on the rise in Canada – How to protect your data
“These attacks can lead to a loss of productivity and potentially permanent loss of business information,” said Colleen Merchant, Director General at CCIRC.
“These attacks are likely to increase in frequency as the payouts are lucrative for the malicious actors … Some open sources have suggested this funding goes to organized crime or even terrorist groups.”
Merchant did not specify which “critical infrastructure organizations” across the country may have been hit by ransomware, but cited the healthcare industry as one tempting target for hackers.
WATCH: Tech Talk with Tino Kironomos – Anti-Ransomware
In March, the Ottawa Hospital acknowledged that it had four computers fell victim to a ransomware attack after an employee clicked on a link. The hospital’s IT department wiped each computer’s drive in response, and no payments were made. A hospital in California recently paid hackers $17,000 US in bitcoin to restore access to its electronic medical record system.
In another section of her testimony on Monday, Merchant explained that critical infrastructure organizations in Canada could include things like financial systems (banks, etc.), telecommunications companies and the energy sector.
“They underpin a lot of the functionality of our economy, as well as our national security,” she noted.
Patrick Clow, chief of Cyber Operations at CCIRC, confirmed that the number of ransomware attacks being reported to the government via CCIRC are increasing.
“This move from a traditional, simple pop-up message … to actually encrypting files, and in some cases very important files to the organization, has really changed in the last couple of years,” Clow said.
“It’s been quite prevalent in the number of incident reports we’ve been receiving in the last little while.”
WATCH: How to protect yourself from ransomware attacks
The department — which employs 43 people and coordinates prevention, mitigation, response and recovery linked to “cyber events” — does not recommend that anyone pay a ransom to unlock their data. Ransoms are typically demanded in bitcoin, a digital payment system that is less traceable than cash.
“It’s usually not effective (to pay) and there are ways in which (companies) can protect themselves, namely by having a good back-up of your information,” Merchant said.
She was unable to provide precise numbers for how much money may have been handed over by Canadian entities (public or private) to liberate their data.
Is the government itself vulnerable?
According to Matthew Held, CEO and co-founder of IT consulting firm Manawa Networks, the Canadian government and large corporations may have an easier time defending against ransomware than the average small or medium-size business.
Governments can often liberate their data themselves because they have the resources and expertise to break the encryptions, Held explained. In addition, not everyone in a government department has access to all of that department’s important files, so if they click on a malicious email, only their own files are taken hostage.
Government entities and big business also tend to keep better back-ups. If a ransomware attack occurs, Held said, they can simply “roll back” to an earlier back-up version of the information.
“They will tend to have all of their data stored on storage area networks,” he said. “Those SANs, which are basically big shiny boxes with lots of hard drives in them … have the ability to take snapshots (of data at a given time) and the ransomware can’t actually get to that data.”
Comments