Ransomware is a bigger threat – to businesses and beyond – than many realize
One of the least reported – and most harmful – phenomena in Canada is the ransomware attack.
Recent high-profile ransomware attempts, the most common form of cyberattack, have obscured the scale of the problem and the urgency to better guard against it.
It is estimated that in Canada this year there will be such an attack every 11 seconds. Most of them go unreported to law enforcement and the problem will worsen if this continues.
A ransomware attack occurs when cybercriminals install malware on your computer network that encrypts your data so that you can no longer access it. They then demand a ransom, usually payable in Bitcoin or some other cryptocurrency, to ‘unlock’ it.
Until recently, almost all ransomware victims in Canada were small and medium-sized enterprises (SMBs). In fact, a 2019 survey of Canadian SMEs found that each had experienced a cyber threat, and 58% reported that their data systems had been breached. (Some of the main protections for SMBs against ransomware appear near the end of this article.)
Three major changes in ransomware activity are now underway.
First, cyber thieves are raising their heads. They target large corporations – in the public, private and nonprofit sectors – and average ransom demands have skyrocketed from an average of $ 5,000 in 2019 to the $ 82 million ransom paid in 2020 by attack victim United Health Services Inc., one of America’s largest hospital chains.
Second, ransomware attackers no longer just encrypt data, but steal it as well. This way, if the victim refuses to pay the ransom, the attacker can threaten to black market your data or publish it all over the internet.
This, in turn, opens the door to regulatory censorship and class actions against the victim for his failure to protect sensitive data about customers, suppliers, financial institutions and others with whom they do business. Victim data in the wrong hands is not only a problem for the victim, but for countless third parties whose own data, entrusted to the victim, has also been compromised.
And third, Information Technology (IT) and Operational Technology (TO) systems, once separated, have been increasingly merged for efficiency. Computer systems are the backbone of the computer network. OT systems manage the network on a day-to-day basis. Merging them together makes it easier for ransomware attackers to shut down an entire business.
A malware attack, whether you pay the ransom or not, will disrupt your operations for an average of 19 days. Erasing and reloading a single computer, to make sure all the ransomware has been removed, can take three to four hours, and chances are there is data you will never recover.
Fortunately, cybersecurity is one of the fastest growing areas of expertise today.
Agencies like the federal Canadian Center for Cyber Security, the FBI and the growing global network of cyber detectives to which they belong are developing increasingly effective ways to prevent and resolve such attacks.
This network also includes the major software and hardware manufacturers, who spend billions of dollars each year researching new methods of preventing ransomware and other malware attacks, as well as the growing ranks of independent cyber detectives who protect data systems and restore crippled ones.
But these people have their work cut out for them.
An old expression applies here: the police are always one step behind the crooks, who keep finding new ways to do harm.
At the time of this writing, there are already at least 100 variations of the basic software tools used by cyber attackers.
And those who deploy malware are increasingly targeting basic physical and social infrastructure that provides essential services to millions of people.
The first wave of these large-scale attacks, in 2020 and this year, shut down hospitals, airports, universities, municipal transportation systems, law enforcement agencies, local and regional governments and multinational corporations.
Among the most prominent victims of ransomware are the largest fuel pipeline in the United States (Colonial Pipeline Co.); the world’s largest meat packer (JBS SA, including its plant in Brooks, Alberta, the largest meat packer in Canada); CNA Financial Corp., one of the largest insurers in the United States; the largest hospital network in Ireland; and the Washington, DC Police Department.
Closer to home, primary victims of ransomware attacks include Humber River Hospital, City of Saint John (which paid a $ 17 million ransom), Vancouver TransLink ($ 7.5 million), regional governments of Stratford, Ontario, and the Okanagan Valley, and the College of Nurses of Ontario.
As critical infrastructure, including electric utilities and power grids, is now under threat, FBI Director Christopher Wray was asked, during testimony in Congress this month, to equate the threatens ransomware in the attacks of September 11.
Last month, Chris Krebs, the former senior cybersecurity official at the US Department of Homeland Security under the Trump administration, told Congress that “we are on the cusp of a global digital pandemic, driven by greed, a vulnerable digital ecosystem and a growing criminal enterprise.
Now that ransomware is a national security issue, there is a risk that less attention will be paid to the security needs of SMBs. And they are still under attack. In Canada, the number of ransomware attacks against small and medium-sized businesses is estimated at over 4,000 in 2020, with a total cost to victims of up to $ 5 billion.
It is therefore imperative that SMEs themselves take measures to protect themselves.
The Canadian Center for Cyber Security (CCCS) publishes a must-read guide for SMBs on how to protect against ransomware attacks and how to respond to them. It is also worth checking the CCCS regularly. home page for updates on new threats and protective measures.
The following recommendations are taken only from CCCS Attack Prevention Guidelines. As CCCS says, “Ransomware protection is essential because the cost of recovery is too high. ”
- Hire an IT professional to install a program that automatically fixes software and computers. The patches fill the loopholes that allow malware to enter the system. System users typically ignore or delay prompts to install patches from trusted hardware and software vendors. The CCCS reports that in about 40% of cases, data breaches can be attributed to unpatched systems. Royal Bank of Canada offers a control List on what a small business should look for in an IT cybersecurity vendor.
- Train employees in “cyber hygiene” and prevention. This includes not opening suspicious emails, clicking on pop-up windows, and avoiding questionable websites. They all can, and usually do, greedily collect proprietary data (phishing) and install malware, including ransomware.
- Data should be backed up daily or, for a small business, at least every few weeks. And this data backup storage must be disconnected from the network, or it might also be compromised.
- Finally, remove the administrator rights from the computers. All computers come with full permission rights to install software, a gateway to users who inadvertently install ransomware and other malware. Permissions should be removed from computers before they are assigned to users, so that only IT staff and external IT contractors have administrative rights.
Be well. And stay safe from COVID-19 and malware, infections that spread like wildfire.