Canadian energy, health, manufacturing sectors were major targets of ransomware attacks: cyber spy agency

More than half of the known ransomware victims in Canada this year were critical infrastructure providers, according to a new threat assessment from Canada's cyber spies, and the number is likely even higher.

As part of a push a new awareness campaign, the Communications Security Establishment (CSE), Canada's foreign signals intelligence agency, released a ransomware bulletin Monday looking at the key trends of ransomware in 2021.

"Brazen, sophisticated, increasing in frequency, and, for the cybercriminals, very profitable," assessed CSE's Cyber Centre in its report.

"The impact of ransomware can be devastating, and the severity of the financial consequences related to a ransomware attack can be profound."

Ransomware is a form of malware used by threat actors and criminals who encrypt files on a device then demand a ransom in exchange for decryption. Once successfully hacked, ransomware victims are often attacked multiple times.

CSE said it's aware of 235 ransomware incidents against Canadian victims from Jan. 1 to Nov. 16 of this year and more than half of those targets were critical infrastructure providers, including those in the energy, health and manufacturing sectors.

The number is likely higher, as the agency said most ransomware events go unreported. 

"The COVID-19 pandemic has made organizations like hospitals, governments and universities more mindful of the risks tied to losing access to their networks and often feeling resigned to pay ransoms," notes the report.

"Cybercriminals have taken advantage of this situation by significantly increasing the value of their ransom demands."

Newfoundland and Labrador is still reeling after a cyber attack hit its health-care system, cancelling thousands of medical procedures ranging from chemotherapy to X-rays.

Sources have told CBC the security breach is a ransomware attack, but so far government officials have not confirmed the nature of the cyberattack and will not say if they have received a ransom demand.

This summer Humber River Hospital in the Toronto area was forced to shut down its IT systems in order to prevent a ransomware attack. 

Staff were unable to access electronic patient records and diagnostic test results leading to long waits in the emergency department and prompting the hospital to cancel clinics and redirect some ambulances to other hospitals.

CSE said it expects high-impact targeting to continue.