This could be the worst year ever for ransomware attacks

Article content

OTTAWA – Recent cyber attacks on Canada’s largest children’s hospital and the country’s largest liquor board could be just the opening act for a year of major cyber and ransomware attacks, with sanctions on Russia and depressed cryptocurrencies motivating hackers to get more aggressive.

Article content

Toronto’s Hospital for Sick Children was hit with a ransomware attack in late December that delayed lab results and shut down phone systems. In January, the Liquor Control Board of Ontario, was hit with “malicious code,” that the agency warned could have been used to steal customer data.

Article content

David Shipley, with the cybersecurity firm Beauceron Security, said a lot of payments in the cyber crime world were facilitated through bitcoin and other cryptocurrencies, which experienced big losses last year. He said hackers are trying to recover some of those losses through ransom attacks.

“They have made hundreds of millions, if not billions of dollars, on the back of ransoms, primarily facilitated through bitcoin,” he said. “They’ve lost a lot of their wealth and they’re gonna have to go back and really work it, and that, I think, is going to prompt new ingenuitive attacks.”

Article content

Shipley also warned that with sanctions mounting against Russia, cyber crime can be one of the significant ways to bring in money. He said a recent FBI raid on Hive, a ransomware group, could slow down the amount of activity, but the barrier to entry for cyber crime is incredibly low and new groups will come into the market.

Sami Khoury, head of the Canadian Centre for Cyber Security, said his organization has definitely noticed things getting worse.

“We’ve seen a growth and sophistication of some of these ransomware events. We’re seeing, also, capabilities that used to be in the nation state category now move into the cyber criminal organization,” he said. “The ransomware, phishing emails of five years ago are not the same as the ransomware emails of today.”

Article content

The cyber centre releases an annual report detailing threats and rated ransomware as the threat most likely to hit Canadians. They found that since March 2020, more than 400 health-care organizations in the U.S. and Canada had been bit by a ransomware attack. They also identified state actors China, Russia, Iran, and North Korea as significant drivers.

Khoury said ransomware can be extremely lucrative and as a result is drawing in criminals to attack any organization that needs to run constantly.

“Unfortunately for ransomware, I would say cyber criminals are indiscriminate and they have no scruples and they think that they can make money by affecting organizations that cannot afford any downtime then they will go after those organizations,” he said.

Article content

Khoury said he is confident the Canadian federal government is adequately secured from cyber attacks, but the tactics are always evolving, forcing the government to adapt.

“There are attempts at penetrating the government to deploy ransomware. But fortunately, we catch them at as many stages of their development because of all of the sensor technology that we have deployed,” he said.

Shirley Ivan, chief information security officer for the Treasury Board of Canada, which oversees the government’s technology upgrades, says the federal government has never paid ransomware. She said the department has good procedures in place to change passwords and to back up systems when they are threatened.

“In general, our policy is not to pay for ransomware. So, again, never say never, but as far as we know, there hasn’t been any payment.”

Article content

But many of the government’s IT systems are decades old, including the system for large programs like Employment Insurance. The EI program runs on COBOL, a program language not widely in use today.

Ivan acknowledges the programs are older, but says updates are underway while ensuring the system remains stable until they are complete.

“There are systems that are older, there are programs in place now to modernize those systems while we continue to deliver services and ensure that the payments are getting made, that the transactions are flowing.”

Article content

Shipley acknowledges the government and the cyber centre do good work keeping government systems operating and secure, but he said they’re like a medieval castle, with the rest of the country outside the walls.

“I can’t paint that picture any clearer. We aren’t inside the walls and the reality is the economy depends on us delivering the goods inside the castle,” he said.

He said he is particularly worried about health care where there isn’t enough incentive to invest in upgrading technology.

“The IT systems are old, and they’d been under invested in because no one wins an election saying we bought new servers for the hospital.”

The Communication Security Establishment, which houses the cyber centre, can engage in offensive actions against cyber criminals, taking down foreign computer networks or servers to prevent those actions. The agency has identified four occasions so far in which it used those powers, including once against a group of cyber criminals, but it was vague on the details of those operations. Shipley said the government should be prepared to use them more often.

“Our Communications Security Establishment has some amazing capabilities and it’s time to build out an offensive cyber capacity,” he said. “Right now. It’s every country for themselves. And if you’re not one of the countries taking this seriously, then you’re an unwanted customer of cybercrime.”

Twitter: RyanTumilty
Email: [email protected]