According to cybersecurity company Emsisoft, ransomware demands increased by more than 80 per cent globally in 2020, and it’s estimated that hundreds of millions of dollars have been paid out in Canada alone. In the country-by-country breakdown, the report estimated that Canada had experienced more than 4,000 ransomware incidents in 2020. The minimum cost estimate was $164,772,274, and the maximum cost estimate was $659,246,267.
The majority of ransomware attacks—which entail attackers gaining access to a victim’s data, encrypting it and then demanding ransom for the return of and access to the unencrypted data—are made using the cryptocurrency Bitcoin as the medium for payment. Bitcoin is known for being easily accessible yet hard to trace, making it difficult to identify cybercriminals.
According to Statistics Canada, while 21 per cent of Canadian businesses have been impacted by cybersecurity incidents, only 12 per cent have reported these incidents to police. Businesses were reported to have spent a total of $7 billion directly on measures to prevent, detect and recover from cybersecurity incidents in 2019.
A number of factors may leave organizations vulnerable to ransomware attacks, including outdated software, inconsistent backups and insufficient attention to cybersecurity. To better prevent a ransomware attack, organizations and their employees should:
- Never click on unsafe links: Don’t click on links in spam messages or on unknown websites. Malicious links can initiate automatic downloads that could lead to data being compromised.
- Avoid disclosing personal information: Do not reply to calls, text messages or emails from untrusted sources requesting personal information. Personal information can be later used by cybercriminals to tailor phishing messages directly to the victim.
- Avoid opening suspicious email attachments: Ransomware can access devices through email attachments. Pay close attention to the sender and check that the email address is correct before opening any email attachments.
- Keep programs and operating systems up to date: Updates give programs and operating systems the latest security patches. Regularly updating makes it harder for cybercriminals to exploit vulnerabilities.