Advertisement

Canada ‘lucky’ no big hits taken from world’s largest ransomware attack: expert

Click to play video: 'How hackers can exploit vulnerabilities in Canadian companies'
How hackers can exploit vulnerabilities in Canadian companies
WATCH: How hackers can exploit vulnerabilities in Canadian companies – May 10, 2021

Canadian companies are “lucky” that the world’s largest ransomware attack to date hasn’t affected them more substantially so far, one cybersecurity expert said.

On Friday, IT software provider Kaseya was hit with a ransomware attack that has since affected thousands of companies around the world. Ransomware is when a company’s online system is hijacked and locked unless a ransom is paid.

The ransomware attack that has since been credited to the Russia-based cybergang REvil spread malware to companies that use Kaseya’s services, which ironically are supposed to protect against malware.

The result is the largest global cyberattack the world has yet seen, with at least 17 countries affected, from the U.K. to Mexico — some with real-world impacts.

Story continues below advertisement

For example, the payment system of Swedish grocery chain Coop was infected, causing its 800 stores to close for at least three days now and for some perishable items to be trashed.

REvil has launched several ransomware attacks in its existence, most recently against JBS, the world’s largest meat processor, in which it was able to extort $11 million last month.

Click to play video: 'Toronto’s Humber River Hospital under code grey after ransomware attack'
Toronto’s Humber River Hospital under code grey after ransomware attack

While REvil is based in Russia, President Vladimir Putin’s spokesperson Dmitry Peskov said Monday that the Kremlin was not aware of the attack and had not yet looked into it.

U.S. President Joe Biden has said that if a connection between the attack and the Kremlin is found, the U.S. would respond.

Kaseya said Monday that fewer than 70 of its 37,000 customers were affected. However, those 70 have multiple downstream customers, making the overall reach to thousands of companies.

Story continues below advertisement

It is not currently known exactly how many Canadian companies have been affected by the attack, but Vivek Gupta, a partner and cybersecurity expert with consulting firm BDO, said it could be in the thousands and could reach many different kinds of business, from law firms to grocery chains to health clinics.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

He said that small to medium-sized businesses are more likely to be affected by this attack as they would be more likely to have outsourced their IT to Kaseya.

“Kaseya provides a critical piece of infrastructure that a lot of organizations leverage, especially in Canada,” he said. “The number [affected] could certainly grow … the impact is still not fully known.”

Cybersecurity awareness agency Beauceron Security’s CEO, David Shipley, said that companies often won’t reveal whether they’ve been affected unless it is impossible to hide, such as the situation with the Coop grocery chain, but reports from the FBI and other large security companies have said Canadian companies were impacted.

“I’m aware of companies that had been quite scared Friday because they had used Kesaya’s cloud-based software,” Shipley said. “There were quite a few folks who were spending Friday night frantically refreshing to see if they were affected.”

Story continues below advertisement

The fact that Canada hasn’t seen its own Coop grocery situation is due to “pure blind absolute chance,” he said.

“That’s terrifying to think about, when you think about how vulnerable the world really is,” he said. “It doesn’t take much — kicking over a couple of these key companies, and you can wreak massive havoc around the world.”

Click to play video: 'U.S. recovers ‘majority’ of cryptocurrency paid in Colonial Pipeline ransomware attack'
U.S. recovers ‘majority’ of cryptocurrency paid in Colonial Pipeline ransomware attack

The consequences of attacks like these can range from a grocery chain becoming temporarily unavailable to great economic losses and can even take years off of lifespans if hospital networks are targeted, according to Shipley. For example, the Irish national health care system was ransomed, which has delayed critical surgeries, he said.

Shipley estimates this attack could cost billions of dollars globally due to economic losses, despite REvil initially asking for $50 million for it to end the siege completely, which was later upped to $70 million.

Story continues below advertisement

Adding to that risk is Canada’s underinvestment in cybersecurity, Shiply said, which leaves it more vulnerable “across the board.”

“By most metrics, we’re lagging, and lagging badly,” he said. “The fact that we haven’t suffered anything for this, I do feel pretty strongly, it’s more about luck than any particular good things happening right now.”

To better prepare ourselves for ransomware attacks, Shipley believes that stronger regulation is needed.

Even though Kaseya is a U.S.-based company, he said the Canadian government could set compliances that would need to be met before the company could operate in the country, similar to what is done for other industries, such as automobiles.

In the meantime, if a company does get infected with ransomware, the RCMP does not recommend paying the ransom.

“Paying the ransom does not guarantee that the victimized organization will be able to get its data back,” RCMP spokesperson Cpl. Kim Chamberland said in a statement. “It can qualify the victim as a potential recurrent target.”

Click to play video: 'FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline'
FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline

Shipley said by paying the ransom you are fuelling the criminals and “making the fire worse.”

Story continues below advertisement

He thinks provinces could make it illegal to pay ransoms and ban insurance companies from doing so as well.

“Every time we pay these criminals, we’re giving them more and more money to fuel ever more sophisticated attacks,” he said.

“This attack going on Kaseya, by the sounds of things, was among the most sophisticated anyone’s ever seen yet.”

-With files from the Associated Press

Sponsored content

AdChoices