Ransomware on the rise: A look at how Canadian businesses respond to attacks

Malware that blocks access to your own data and holds it for ransom is called ransomware. In Canada, everyone from local government to small businesses has been hit. Is there no choice for victims other than to pay cybercriminals? Let's take a look at some real-world examples of how Canadians have been responding to recent ransomware attacks.

Response #1: Pay off the hacker

Unfortunately, even local government agencies have succumbed to hackers’ ransom demands. Midland, a town less than two hours north of Toronto, lost full access to its data on Sept. 1, 2018, according to CTV News. Weeks went by before the town finally decided to pay the hackers. During the downtime, its financial processing system was critically compromised, making it unable to accept credit and debit card payments. Despite this, Midland’s mayor assured his constituents: “As far as we know, there’s been no information revealed.”

Prior to this, Wasaga Beach, Ontario suffered a similar hack and paid its attacker three Bitcoins worth approximately $34,000 to resume operations and prevent further losses. Operations setbacks, consultation fees, and new hardware purchases cost Wasaga over $250,000, with $50,000–$60,000 in additional costs to be covered in its 2019 budget.

The Wasaga incident actually incited Midland to obtain an insurance policy for ransomware attacks and to upgrade its firewall, but Midland was attacked before its defenses were completed. As of this writing, both towns have system restorations under way, coupled with cybersecurity upgrades. Of course, details are redacted from public records to keep cybercriminals in the dark about the defenses they put up.

Response #2: Deny the attack ever happened

While the employees of Recipe Unlimited — a conglomerate of popular restaurant chains such as East Side Mario’s, Milestones, Montana’s, and Swiss Chalet — claimed that hackers held data hostage, the company stated that it was a severe malware outbreak that caused the system outages that adversely affected the operations of its restaurants.

In some branches, customers complained about slow service, inoperable debit and credit card terminals, and having a hard time ordering online. In more severe cases, other franchises had to shut their doors.

Malware is a blanket term for all types of software that are made to damage and compromise a computer system, whereas ransomware is a subcategory of malware that locks away a system’s files, with the key for regaining access costing the victim money. This type of attack is devastating, especially when it is applied to companies such as healthcare providers that need data to keep their patients alive. Admitting to being assaulted by ransomware therefore means claiming that one’s clients and employees are directly threatened. Needless to say, this is very bad for business.

In an email, a Recipe Unlimited spokesperson denied that the company was infected with ransomware. She claimed that "we maintain appropriate system and data security measures" and assured stakeholders that "we have no indication that this limited malware incident has resulted in any data breach."

Response #3: Revert to manual operations while recovering systems

With the right disaster recovery and backup systems in place, you can resist hackers' demands. VON Canada, a home-based healthcare organization, went so far as to shut down all its computer systems and revert to manually exchanging patient information and scheduling caregiving operations. The firm then got cybersecurity technicians to scan, clean, and certify that the ransomware infection was gone so that their computer systems could be brought back online. It was an impressive response, but the situation could have been less dire if a managed IT services provider like XBASE Technologies was there to help defend against the infection in the first place.

There are lessons that can be learned from these attacks:

• It’s better to have a proactive defense rather than a reactive response.
• Backups are essential to recovering from ransomware. Identify critical applications and ensure they are appropriately backed up. This may mean daily, hourly or up-to-the minute depending on the nature of your business.
• Ensure your security is comprehensive and up-to-date: proper firewalls, antimalware for all of your endpoints (i.e. work devices such as laptops and smartphones outside of your corporate firewalls that staff use to connect to your central network), and anti-spam protection for your email.
• Continually give your users security training. People are both the weakest link as well as the best defense against a ransomware attack; everyone needs cyber security training.
• Make sure that your Disaster Recovery (D/R) plan includes a ransomware attack scenario – what does your company need to do to run on “manual” during your recovery?

XBASE technologies can help you with all of these issues in order to reduce the risk of a ransomware attack.

Ransomware attacks in Canada have gone beyond big businesses to victimize government agencies and SMBs as well. In fact, 1 in 5 businesses in Canada were victims of cyberattacks in 2017. Protect your business from cybercriminals — talk to XBASE about your cybersecurity needs today.