Canada’s cyber defence agency is warning that ransomware attacks against critical Canadian businesses and infrastructure are “almost certain” to continue, as Canada has already seen its systems targeted by such attacks in recent years.
“Over the past two years, targeting of industrial processes and ransomware attacks have become regular occurrences resulting in major impacts, including reputational damage, productivity loss, legal repercussions, recovery expenses, and damage to infrastructure and operations,” read a new cyber threat assessment from the Communications Security Establishment’s (CSE) Centre for Cyber Security, which was released on Wednesday.
Ransomware attacks consist of a nefarious cyber actor stealing information which it then holds for ransom, sells or uses to their competitive advantage.
In its report, the CSE warned that these kinds of attacks show no signs of slowing.
“We assess that ransomware directed against Canada in the next two years will almost certainly continue to target large enterprises and critical infrastructure providers,” the report read.
The newly released assessment is the second of its kind, with the first having been released in 2018. The CSE asserts that “much” of what it predicted in its previous report has since come to pass.
In recent years, ransomware attacks have targeted companies with clients in governments, health care, insurance and other sectors, as well as a prominent nursing organization and Canadian Tire.
“These entities cannot tolerate sustained disruptions and are willing to pay up to millions of dollars to quickly restore their operations,” the report explained.
“Many Canadian victims will likely continue to give in to ransom demands due to the severe costs of losing business and rebuilding their networks and the potentially destructive consequences of refusing payment.”
Meanwhile, the coronavirus pandemic has made Canadians even more reliant on the world of cyberspace, raising the stakes even more. That’s according to Doug Jones, the head of the cyber security agency, who detailed his concerns in the early pages of the report.
“The COVID-19 pandemic has illustrated the extent to which the Canadian economy is reliant upon digital infrastructure,” Jones wrote.
“With a sudden increase in the number of Canadians working from home, the protection and security of cyber and telecommunications infrastructure, hardware and software, and the supply chains that support them, is critical to national security and economic prosperity.”
The report also detailed other serious cybersecurity threats Canada could face in the coming years. It cautioned that state-sponsored actors are building their capabilities to target Canada’s power grid — though it tempered the warning with the knowledge that these foreign actors are unlikely to use the power.
It also pointed the finger at state-sponsored programs in China, Russia, Iran and North Korea as constituting major cybercrime threats for the first time.
— With files from The Canadian Press