Ransomware Hits Thousands of Canadians Daily

Ransomware Graphic

If you think it won’t happen to you or your organization, think again.  Statistics Canada says that extortion cases reported to police rose 44 percent nationally in 2018 alone.  Ransomware hits thousands of Canadians every day according to the head of the RCMP’s financial and cybercrime unit, Mark Flynn. They’re having trouble keeping up, not only with the volume of cases but with the ever changing behavior of this cybercriminal activity.

In 2018, nearly $120 million was lost in Canada through mass marketing fraud (which includes extortion and phishing), according to The Canadian Anti-Fraud Centre.  According to Flynn, however, any statistics relating to cybercrime could be multiplied by 20 to get to a real number, since these incidents are severely under-reported.  Corporations fear embarrassment, losing customers and public backlash by making these breaches known.

Recent Ontario Published Ranwomware Attacks

April 2018 – Town of Wasaga Beach

Computer systems were shut down for 7 weeks.  They paid a $35,000 ransom to get their data decrypted.  The total cost of this incident to taxpayers was $250,000.

September 2018 – Town of Midland

Hackers shut down their computer systems for 48 hours until the town decided to pay an undisclosed ransom amount.

April 2019 –  City of Stratford

Malware was installed on 8 Servers, locking their data.  After paying more than $75,000 in ransom, their information was unlocked, but normal business operations were stalled for 15 days.

September 2019 – Michael Garron Hospital (formerly Toronto East General)

Malware that entered their systems via a single laptop computer, took down their email systems, made health-care records more difficult to access and caused longer wait times for patients.  Patient information had to be written on paper by hand.

September 2019 – Listowel Wingham Hospitals Alliance

Two hospitals in southwestern Ontario had their IT systems similarly disrupted.

How is this happening and what you can do

How these hospitals were penetrated is uncertain, but the method is usually through a user who opens an infected email attachment or clicks on a malicious email link.  This allows the malicious code to spread through the network that the user’s computer is connected to.

The RCMP’s advice is not to pay any ransom.  You are dealing with criminals so there’s no guarantee your files will be unlocked.  Furthermore, the cyber criminals might increase their ransom demand or at least decide you are a good target for more attacks later on.

According to experts, the best defense against these types of attacks is employee testing and education.  BSC Solutions Group has an affordable solution to provide these services on an ongoing basis.  You can learn more here or contact us to get your questions answered.