Canada was no exception to the ballooning number of ransomware attacks worldwide in the first half of 2021, a new report by Canadian cybersecurity authorities said. Of the 235 ransomware incidents hitting Canadian targets from January 1 – November 16, 2021, more than half of the victims were critical infrastructure providers, such as energy, health, and manufacturing, according to Canada’s Centre for Cyber Security in a cyber threat bulletin.
And, the worst may be yet to come. The Cyber Centre, a unit of the country’s Communications Security Establishment (CSE), expects “ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure.” As it is, many ransomware groups targeting enterprises and critical infrastructure owners and operators are demanding “exorbitant” ransoms. Last May, insurer CNA Financial reportedly coughed up $40 million to restore its networks, the largest ransom payment in history.
Here are some additional figures from the study:Small- and medium-sized businesses accounted for two-thirds of Canadian organizations victimized by cyber hijackers leaking their sensitive data publicly as blackmail to force ransom payments during the period January 1, 2020 to June 30, 2020. Since March 2020, nearly 25 percent of Canadian small businesses have experienced some type of malware attack. That figure is likely higher than reported, officials said. In Canada, the estimated average cost of a data breach, a compromise that includes but is not limited to ransomware, is C$6.35M. By the Centre’s figures, the global average total cost of recovery from a ransomware incident (the cost of paying the ransom and/or remediating the compromised network) more than doubled to C$2.3 million in 2021 from C$970,722 in 2020. Worldwide, while known ransom payments increased from 2019 to 2020, the demand amounts appear to have stabilized at roughly $200,000 in 2021.
“We assess that ransom payments are likely reaching a market equilibrium, where cyber criminals are becoming better at tailoring their demands to what their victims are most likely to pay given the growth of recovery cost and the risk of reputational damage from public data leaks,” the report said.
The Centre paints an uncertain future for security teams and governments pushing back on ransomware operatives. “We assess that ransomware will continue to pose a threat to the national security and economic prosperity of Canada and its allies in 2022 as it remains a profitable activity for cybercriminals,” the report said. Mitigating the damage will require a national effort in Canada and a coordinated international initiative to improve cybersecurity defenses and “harden critical systems,” officials said.
Canada again pointed to Russia as a safety net for ransomware hijackers. “Russian intelligence services and law enforcement almost certainly maintain relationships with cyber criminals, either through association or recruitment, and allow them to operate with near impunity—as long as they focus their attacks against targets located outside Russia and the former Soviet Union,” the report said.