Canada’s cyber defence agency says more than half of Canadian ransomware victims in 2021 were in critical sectors like health care, energy and manufacturing.
Now, the Communications Security Establishment (CSE) and the RCMP are urging Canadian businesses to upgrade their cyber security — and to report any ransomware attacks, even if they decide to pay the hackers.
New data from the CSE suggests ransomware attacks around the world increased dramatically during the COVID-19 pandemic, while many Canadians have been stuck working from home and critical operations have gone virtual. The frequency of the attacks — where hackers lock down computer systems and data until a ransom is paid — increased by 151 per cent worldwide between 2020 and 2021.
The average cost of recovering from such attacks has increased even more dramatically — from $970,000 in 2020 to $2.3 million in 2021, the agency said.
While upgrading cyber security defences can be costly, an open letter signed by four Liberal cabinet ministers, addressed to “Fellow Canadians” suggested it “will swiftly pay dividends.”
“It’s time to think seriously about cyber security. We urge you to take stock of your organization’s online operations, protect your important information and technologies with the latest cyber security measures, build a response plan, and ensure that your designated IT security personnel are well prepared to respond to incidents,” the letter states.
The Canadian Centre for Cyber Security, CSE’s public-facing cyber defence wing, “has knowledge” of 235 ransomware attacks against Canadian organizations between January and November 16, 2021. According to the centre, more than half of the victims were critical infrastructure providers like the health, energy and manufacturing sectors.
But only some of the largest attacks — such as the recent targeting of Newfoundland and Labrador’s health care networks — make headlines. Federal authorities don’t have hard numbers on the actual scale of the threat, and local authorities often lack resources or ability to fully investigate the crimes.