Disrupting Ransomware in Canada – The Time For Action Is Now

Increased investment in cybersecurity stands to benefit communities across Canada from both job creation and from improved Canadian cybersecurity accessibility and protection. In this blog series, leaders in Canadian technology will give their insight into how businesses and government can better protect our cyberspace.

John Hewie, National Security Officer, Microsoft Canada

The global pandemic has provided a lucrative environment for the ransomware ecosystem to thrive with so many organizations relying on digital and online platforms to keep businesses and governments operational. The Canadian Survey on Business Conditions showed that 1 in 5 Canadian organizations experienced a cyber incident in 2020, an increase from 2019. Today I don’t think anyone would argue that Canada’s critical infrastructure and businesses rely on digital technology. With more targets online, we’ve seen the continued professionalization of the ransomware attack ecosystem including the maturing of payment systems and ransomware as a service (RaaS) offerings with affiliate models that enable more criminals with lower technical skills to inflict harm on more victims.

The Canadian Centre for Cybersecurity – National Cyber Threat Assessment 2020 indicates that “ransomware will continue to be directed at Canadian large enterprises and critical infrastructure providers.” While ransomware will continue to target small and medium-sized organizations, the growing trend is the targeted or what CCCS calls big game hunting ransomware against larger organizations that cannot sustain an outage of their digital systems. Microsoft calls this Human Operated Ransomware where traditional targeted attack techniques are combined with human intelligence, research, and ransomware for potential big payouts.

“From small businesses to big game targets, our threat assessments continue to show that no one is immune from ransomware and that this trend will continue,” says Sami Khoury, Head of the Canadian Centre for Cyber Security. “A strong partnership built on trust, open communication and information sharing between cyber security partners in government and industry is essential to managing this threat and reducing its impact. We work closely with our partners across many sectors to provide tailored advice, guidance and threat information to ensure that everyone is prepared to meet the challenge head on.”

The recent Colonial Pipeline ransomware attack in the US clearly demonstrated the impact when a critical infrastructure provider becomes a victim. Canada is not immune with the Nunavut government, municipalities and hospitals falling victim to ransomware attacks including the most recent at the Humber River Hospital in Toronto. This escalating trend is clear evidence that ransomware has become a real threat to our healthcare systems, public safety and national security in Canada.

In 2020, the Microsoft Digital Crimes Unit created a new Ransomware Analysis and Disruption Program that strives to make ransomware less profitable and more difficult to deploy. It does this by disrupting infrastructure and payment systems that enable ransomware attacks and preventing criminals from using Microsoft products and services to attack our customers. Microsoft also extensively supported all four working groups of the Institute for Security and Technology (IST) Ransomware Task Force and contributed to the development of “Framework for Action” this past spring alongside representatives from the RCMP National Cybercrime Coordination Centre (NC3).

“The RCMP’s NC3 was honoured to participate in the IST Ransomware Task Force as it brought public, private and non-governmental sector entities together to collectively develop solutions in response to ransomware,” said Chris Lynam, Director General, National Cybercrime Coordination (NC3) Unit and Canadian Anti-Fraud Centre (CAFC). “Working collaboratively across these sectors is the only way that ransomware and other cybercrimes can successfully be addressed in Canada and around the world.

The NC3 encourages all organizations, big and small, to enhance their defenses against ransomware and report to law enforcement if they experience a cybercrime. Reporting is crucial as it can provide law enforcement with information that can help the victim, identify linkages and better enable us to combat cybercrime. Anyone who suspects they have been the victim of cybercrime or fraud should report it to their local police and to the Canadian Anti-Fraud Centre’s online reporting system or by phone at 1-888-495-8501.”

What organizations should do now to protect themselves from ransomware

Protecting your organization from ransomware does not require a full technology overhaul. The CCCS provides general best practices on how to prevent and recover from ransomware. Microsoft offers targeted guidance for its customers including a detailed Ransomware Mitigation Project Plan. Top priority recommendations include implementing multi-factor authentication (MFA) for all user accounts,  keeping IT systems current with the latest updates, back up your important data and embrace a Zero Trust security approach designed for the modern world.

A successful effort against the threat of ransomware will require building on the good work that is already ongoing in Canada and internationally, with further action-oriented efforts that include  collaborations with government(s) and private sector. Microsoft looks forward to continuing its cyber defence and disruption partnership work with the Government of Canada and exploring how the Ransomware Task Force recommendations could further enhance efforts in Canada. I personally look forward to leading our work with the Canadian Chamber of Commerce Cyber. Right. Now. Campaign to better protect Canadian businesses and help them thrive in our digital economy.

John Hewie
National Security Officer
Microsoft Canada