Canada was the third most affected country in the world for successful ransomware-as-a-service (RaaS) and extortion attacks in the first and second quarters of 2003, said a report from cybersecurity company Trend Micro.
The report, LockBit, BlackCat, and Clop Prevail as Top RaaS Groups: Ransomware in 1H 2023, found Canada only behind the U.S. and U.K. for RaaS and extortion attacks.
Healthcare, education and technology emerged as the Top 3 industries in ransomware file detection in Canada in 2023 1H.
“The report revealed that many ransomware threat actors are no longer going after ‘big game’ targets, instead focusing on [small- and medium-sized businesses (SMBs)] they presume to be less well-defended,” said a statement on behalf of Trend Micro.
“In Canada, while ransomware file detection at [large] organizations decreased by 69.13% in the second quarter of the year, data shows a 214.29% increase in file detections for SMBs.”
Findings from Trend Micro’s report align with previous studies on the topic.
The Canadian Centre for Cyber Security called ransomware “almost certainly the most disruptive form of cybercrime facing Canada” because it is pervasive and can have a serious impact on an organization’s ability to function. In a report last month, the centre concluded organized cybercrime will very likely pose a threat to Canada’s national security and economic prosperity over the next two years.
Pace is increasing
According to Trend Micro, the number of victim organizations around the world surged in the first half of 2023 to reach 2,001. That’s a 45.27% increase compared to the last half of 2022. LockBit, Clop and BlackCat were the three most prominent ransomware groups with the greatest number of successful attacks in 2023 1H.
Clop threat actors claimed to have compromised 130 organizations, including the City of Toronto, in a massive ransomware attack on Jan. 31, 2023. TechCrunch, an online publication for high-tech and start-up companies, reported the City of Toronto “confirmed that unauthorized access to city data did occur through a third-party vendor.
“The access is limited to files that were unable to be processed…