Canadian companies are “lucky” that the world’s largest ransomware attack to date hasn’t affected them more substantially so far, one cybersecurity expert said.
On Friday, IT software provider Kaseya was hit with a ransomware attack that has since affected thousands of companies around the world. Ransomware is when a company’s online system is hijacked and locked unless a ransom is paid.
The ransomware attack that has since been credited to the Russia-based cybergang REvil spread malware to companies that use Kaseya’s services, which ironically are supposed to protect against malware.
The result is the largest global cyberattack the world has yet seen, with at least 17 countries affected, from the U.K. to Mexico — some with real-world impacts.
For example, the payment system of Swedish grocery chain Coop was infected, causing its 800 stores to close for at least three days now and for some perishable items to be trashed.
REvil has launched several ransomware attacks in its existence, most recently against JBS, the world’s largest meat processor, in which it was able to extort $11 million last month.
While REvil is based in Russia, President Vladimir Putin’s spokesperson Dmitry Peskov said Monday that the Kremlin was not aware of the attack and had not yet looked into it.
U.S. President Joe Biden has said that if a connection between the attack and the Kremlin is found, the U.S. would respond.
Kaseya said Monday that fewer than 70 of its 37,000 customers were affected. However, those 70 have multiple downstream customers, making the overall reach to thousands of companies.
It is not currently known exactly how many Canadian companies have been affected by the attack, but Vivek Gupta, a partner and cybersecurity expert with consulting firm BDO, said it could be in the thousands and could reach many different kinds of business, from law firms to grocery chains to health clinics.
He said that small to medium-sized businesses are more likely to be affected by this attack as they would be more likely to have outsourced their IT to Kaseya.
Cybersecurity awareness agency Beauceron Security’s CEO, David Shipley, said that companies often won’t reveal whether they’ve been affected unless it is impossible to hide, such as the situation with the Coop grocery chain, but reports from the FBI and other large security companies have said Canadian companies were impacted.
“I’m aware of companies that had been quite scared Friday because they had used Kesaya’s cloud-based software,” Shipley said. “There were quite a few folks who were spending Friday night frantically refreshing to see if they were affected.”
The fact that Canada hasn’t seen its own Coop grocery situation is due to “pure blind absolute chance,” he said.
“That’s terrifying to think about, when you think about how vulnerable the world really is,” he said. “It doesn’t take much — kicking over a couple of these key companies, and you can wreak massive havoc around the world.”
The consequences of attacks like these can range from a grocery chain becoming temporarily unavailable to great economic losses and can even take years off of lifespans if hospital networks are targeted, according to Shipley. For example, the Irish national health care system was ransomed, which has delayed critical surgeries, he said.
Shipley estimates this attack could cost billions of dollars globally due to economic losses, despite REvil initially asking for $50 million for it to end the siege completely, which was later upped to $70 million.
Adding to that risk is Canada’s underinvestment in cybersecurity, Shiply said, which leaves it more vulnerable “across the board.”
“By most metrics, we’re lagging, and lagging badly,” he said. “The fact that we haven’t suffered anything for this, I do feel pretty strongly, it’s more about luck than any particular good things happening right now.”
To better prepare ourselves for ransomware attacks, Shipley believes that stronger regulation is needed.
Even though Kaseya is a U.S.-based company, he said the Canadian government could set compliances that would need to be met before the company could operate in the country, similar to what is done for other industries, such as automobiles.
In the meantime, if a company does get infected with ransomware, the RCMP does not recommend paying the ransom.
“Paying the ransom does not guarantee that the victimized organization will be able to get its data back,” RCMP spokesperson Cpl. Kim Chamberland said in a statement. “It can qualify the victim as a potential recurrent target.”
Shipley said by paying the ransom you are fuelling the criminals and “making the fire worse.”
He thinks provinces could make it illegal to pay ransoms and ban insurance companies from doing so as well.
“Every time we pay these criminals, we’re giving them more and more money to fuel ever more sophisticated attacks,” he said.
“This attack going on Kaseya, by the sounds of things, was among the most sophisticated anyone’s ever seen yet.”
-With files from the Associated Press