Canada on high alert for ransomware attacks amid Russia’s invasion of Ukraine

Canada went on high alert for ransomware attacks on Feb. 24, the day Russia invaded Ukraine.

Canada’s Communications Security Establishment (CSE) warned Canadian banks, power utilities and other major firms that day “to take immediate action and bolster (your) online cyber defences.”

Ransomware attacks were already a growing threat to Canadian businesses, hospitals, government agencies and other organizations before Russia-based cybercriminals loyal to Moscow were given additional incentive to attack victims in Western countries that sanctioned Russia to reverse its invasion of Ukraine.

In a landmark survey of Canadian employers conducted last year, Telus Corp., the telecom giant, reported that 83 per cent of the 463 Canadian businesses and other organizations participating in the survey had experienced an attempted ransomware attack.

More than two-thirds were unable to thwart the attempt and suffered the attack. About 44 per cent of those victims paid the ransom demanded by the cybercriminals who had encrypted their data and effectively frozen their computer systems.

The average ransom paid was $140,000. Ransom paid by large organizations reaches into the tens of millions of dollars.

And cybercrime victims in the Telus survey calculate that the ransom they paid was only 10 per cent of their total costs in recovering from an attack.

The additional costs include delays or cancellations of plans to boost the efficiency of IT systems, and loss of employee productivity.

And just over half of respondents who were attacked reported permanent full or partial loss of their data.

We know from reports by the federal Canadian Centre for Cyber Security (Cyber Centre) and other international cybersecurity agencies that data lost in cyberattacks is often posted on open-source websites for all to see.

That stolen data is used in business espionage and intellectual property theft; by other ransomware groups who use it to attack the victim again; and is shared with intelligence agencies of governments hostile to the West.

The threat from ransomware attackers described in this space in June 2021 has since grown worse.

By that point, hundreds of North American organizations large and small…