Ransomware cyberattacks are increasing in number in Canada, prompting experts to reiterate the importance for organizations to protect themselves in terms of digital security.
Recently, retailer London Drugs, the City of Hamilton, and the Government of Newfoundland and Labrador have all been victims of this type of cyberattack.
However, criminals who sometimes brag about their dark web attacks don’t appear to be picky about their targets, according to a small sample compiled by British Columbia analyst Brett Callow.
According to what he was able to compile, a network of libraries in British Columbia, the province’s First Nations Health Authority and an Ontario charity for children with disabilities were also targeted by hackers.
Cybersecurity experts argue that the wave of attacks has serious consequences for its victims and the public in general, and remind that organizations need protection on several levels.
However, Toronto lawyer Eric Charleston says it’s not that simple. He has also seen cases where a ban would have meant “a punishment for the victims”.
But both agree that potential targets should step up security to prevent any breach of their data.
Mr. Charleston notes that many incidents of ransomware cyberattacks go unreported. It is therefore difficult to accurately assess the extent of the increase in the number of attacks, in which hackers demand payment of a ransom so that they do not disclose sensitive data.
However, the advent of cryptocurrencies has given cybercriminals, who are often based in foreign countries, a way to monetize data theft, he explains.
The potential repercussions of a data breach are considerable, adds Mr. Charleston, who is national cybersecurity co-leader at Borden Ladner Gervais LLP.
The consequences range from financial and reputational damage to possible legal liability in the context of “emerging” cybersecurity standards in Canada, he says.
Targeted companies may also be subject to class action lawsuits for data breaches. In May, victims of a 2019 breach at LifeLabs began receiving payments of $7.86. This may not seem like much, but the total settlement amount was $9.8 million.
Mr. Callow, for his part, even goes so far as to mention that such attacks can indirectly lead to deaths. He cites as an example work by researchers at the University of Minnesota School of Public Health, who estimated that ransomware attacks that disrupted Medicare hospital operations between 2016 and 2021 cost at least 42 lives. American patients.
The police have managed to achieve some victories against cybercriminals, notes Mr. Charleston.
Mr Callow, who works for New Zealand antivirus software company Emsisoft, confirms that operations like the one that targeted LockBit undermine the confidence of cybercriminals.
However, LockBit quickly began operating on a new site, he adds.
According to Callow, LockBit demanded a ransom during the hack that targeted London Drugs in late April. The incident forced the British Columbia retailer to close all of its stores in Western Canada for about a week.
The company later confirmed that data “which may contain employee information” had been leaked, saying it was “unwilling” and “unable” to pay a ransom to the hackers, whom it described as “a sophisticated group of global cybercriminals.”
Mr. Callow, however, is reassuring: in the majority of cases, nothing happens with the stolen data, except that it “remains in the hidden web”.
Ransomware attacks are not the only digital threat to organizations.
In British Columbia, authorities believe a “state or state-sponsored” actor was likely responsible for a series of attacks on the province detected in April.
Canadian government officials, including Public Safety Minister Dominic LeBlanc, issued a joint statement Monday aimed at raising awareness of the threat “posed by malicious cyber activities of foreign states and their affiliates.”
Certain foreign states are carrying out “large-scale and long-term campaigns” to compromise the computer systems of the Canadian government and the private sector, we read in the press release, which names among others China, Russia, Iran and North Korea.
On Tuesday, the Auditor General of Canada released the results of a cybersecurity audit concluding that the federal government does not have enough tools to effectively combat increasingly sophisticated cyberattacks.
It is in this context that Ottawa should launch a new national cybersecurity strategy this year, resulting from the creation of the National Cybercrime Coordination Center in 2020.
A cybersecurity bill is also making its way through the federal legislative process. If adopted, it will provide a framework for protecting online systems vital to national security or public safety, including by empowering authorities to require certain service providers to implement cybersecurity programs.
In Ontario, another bill aims to strengthen the cybersecurity of public sector institutions governed by existing privacy and access to information laws.
The emerging standards will likely become a “road map” for liability and negligence arguments following cyberattacks, Charleston said.
For his part, Mr. Callow believes that cybersecurity should be held to standards similar to the way other sectors are regulated, such as aviation and automobile manufacturing.
But he goes further by calling for an outright ban on the payment of ransoms.
Mr Callow highlights a recent media report suggesting that UK officials should launch a public consultation on proposals to either ban such payments or require victims to report a breach to the government and then apply for a license before making a payment.
Mr. Charleston would advocate a different approach, saying he has seen cybercriminals block access to a system belonging to a company that would likely never have been able to recover its data and resume operations if it had not been allowed to pay the ransom.
Mr Callow admits he is in the “minority” in favor of banning ransoms.
However, both experts agree that some threats that could have serious consequences could be avoided with basic security measures, while emphasizing the importance of multi-layered security, constantly monitoring any abnormal activity.
Charleston reminds us that even though organizations frequently change their security measures, this gives hackers “new landscapes” to explore.
“The way hackers infiltrate is constantly changing, and the battlefield is constantly changing for cybersecurity professionals to keep these organizations secure. »