Why your cyber clients need to keep an eye on ransomware 

Canada was the third most affected country in the world for successful ransomware-as-a-service (RaaS) and extortion attacks in the first and second quarters of 2023, said a report from cybersecurity company Trend Micro. 

The report, LockBit, BlackCat, and Clop Prevail as Top RaaS Groups: Ransomware in 1H 2023, found Canada only behind the U.S. and U.K. for RaaS and extortion attacks.  

Healthcare, education and technology emerged as the Top 3 industries in ransomware file detection in Canada in 2023 1H. 

“The report revealed that many ransomware threat actors are no longer going after ‘big game’ targets, instead focusing on [small- and medium-sized businesses (SMBs)] they presume to be less well-defended,” said a statement on behalf of Trend Micro.

“In Canada, while ransomware file detection at [large] organizations decreased by 69.13% in the second quarter of the year, data shows a 214.29% increase in file detections for SMBs.” 

Findings from Trend Micro’s report align with previous studies on the topic.

The Canadian Centre for Cyber Security called ransomware “almost certainly the most disruptive form of cybercrime facing Canada” because it is pervasive and can have a serious impact on an organization’s ability to function. In a report last month, the centre concluded organized cybercrime will very likely pose a threat to Canada’s national security and economic prosperity over the next two years. 

Pace is increasing

According to Trend Micro, the number of victim organizations around the world surged in the first half of 2023 to reach 2,001. That’s a 45.27% increase compared to the last half of 2022. LockBit, Clop and BlackCat were the three most prominent ransomware groups with the greatest number of successful attacks in 2023 1H. 

Clop threat actors claimed to have compromised 130 organizations, including the City of Toronto, in a massive ransomware attack on Jan. 31, 2023. TechCrunch, an online publication for high-tech and start-up companies, reported the City of Toronto “confirmed that unauthorized access to city data did occur through a third-party vendor. 

“The access is limited to files that were unable to be processed through the third-party secure file transfer system. The City is actively investigating the details of the identified files.” 

Trend Micro said as ransomware attacks become more evolved and complex, it’s not just ransom demands that will increase through the years. Recovery times for victimized organizations are also expected to become longer. “And while SMBs are surely a target, enterprise and consumer [businesses] aren’t far behind.” 

To pay or not to pay a ransomware demand has long been a point of contention.  

Separate research this month from rate-comparison site Compare the Market Australia on the cybersecurity habits of Australians, Canadians and Americans found more than 70% of 1,001 polled Canadians would want a company with their data to pay the ransom if it was hacked. However, more than two-thirds (66.5%) said they would not pay a ransom if they were hacked personally. 

Feature image by iStock.com/Olemedia