Ransomware attacks on critical Canadian businesses ‘almost certain’ to continue: report

Click to play video: 'Understanding personal cyber security'
Understanding personal cyber security
You have all the ‘smart’ online access devices, but how cyber smart are YOU? October is Cyber Security Awareness Month. The OPP’s Kerry Schmidt takes us through just some of the frustrations, accesses, and very high costs of Cyber Crime. Do you know what steps you can take right now to protect yourself against scheming, insistent and creative cyber criminals? – Oct 28, 2020

Canada’s cyber defence agency is warning that ransomware attacks against critical Canadian businesses and infrastructure are “almost certain” to continue, as Canada has already seen its systems targeted by such attacks in recent years.

“Over the past two years, targeting of industrial processes and ransomware attacks have become regular occurrences resulting in major impacts, including reputational damage, productivity loss, legal repercussions, recovery expenses, and damage to infrastructure and operations,” read a new cyber threat assessment from the Communications Security Establishment’s (CSE) Centre for Cyber Security, which was released on Wednesday.

Ransomware attacks consist of a nefarious cyber actor stealing information which it then holds for ransom, sells or uses to their competitive advantage.

In its report, the CSE warned that these kinds of attacks show no signs of slowing.

Story continues below advertisement

“We assess that ransomware directed against Canada in the next two years will almost certainly continue to target large enterprises and critical infrastructure providers,” the report read.

The newly released assessment is the second of its kind, with the first having been released in 2018. The CSE asserts that “much” of what it predicted in its previous report has since come to pass.

Click to play video: 'Saint John dealing with ransomware virus in weekend cyberattack'
Saint John dealing with ransomware virus in weekend cyberattack

In recent years, ransomware attacks have targeted companies with clients in governments, health care, insurance and other sectors, as well as a prominent nursing organization and Canadian Tire.

“These entities cannot tolerate sustained disruptions and are willing to pay up to millions of dollars to quickly restore their operations,” the report explained.

“Many Canadian victims will likely continue to give in to ransom demands due to the severe costs of losing business and rebuilding their networks and the potentially destructive consequences of refusing payment.”

Story continues below advertisement

Meanwhile, the coronavirus pandemic has made Canadians even more reliant on the world of cyberspace, raising the stakes even more. That’s according to Doug Jones, the head of the cyber security agency, who detailed his concerns in the early pages of the report.

“The COVID-19 pandemic has illustrated the extent to which the Canadian economy is reliant upon digital infrastructure,” Jones wrote.

“With a sudden increase in the number of Canadians working from home, the protection and security of cyber and telecommunications infrastructure, hardware and software, and the supply chains that support them, is critical to national security and economic prosperity.”

Click to play video: 'Cyber security experts say ransomware data breach in health care sector is a lesson for everyone'
Cyber security experts say ransomware data breach in health care sector is a lesson for everyone

The report also detailed other serious cybersecurity threats Canada could face in the coming years. It cautioned that state-sponsored actors are building their capabilities to target Canada’s power grid — though it tempered the warning with the knowledge that these foreign actors are unlikely to use the power.

Story continues below advertisement

It also pointed the finger at state-sponsored programs in China, Russia, Iran and North Korea as constituting major cybercrime threats for the first time.

— With files from The Canadian Press

Sponsored content