9 minute read
Not on My Dime
Cyber security officials urge vigilance in wake of uptick in ransomware attacks
BY JAMIE ZACHARY
Advertisement
In what appears to be a perfect storm for business owners, the pandemic has turned out to be a feeding ground for cyber criminals who are using ransomware to attack organizations at a crippling pace.
And with most businesses adopting more long-term remote or hybrid work arrangements, experts are concerned the threat of this digital warfare will only proliferate unless there is increased vigilance around cyber security best practices.
“Ransomware has always fairly prevalent, but in the last couple of years we have all seen a significant increase in cyber activity,” says Naheed Shivji, president of Rafiki Technologies, a Calgary-based IT support and computer services company that works with small and medium-sized business in Alberta and Ontario.
“And this is largely because of the rise in remote working. Something as simple as an employee connecting to unsecured home networks can expose a company to a cyberattack.
“Very simply, remote workers are now a major target for cyber criminals who see them as vulnerable.”
BBB: Marketplace expertise now and into the future
Your BBB of Southern Alberta and East Kootenay continues to use recent months to take stock and plan for the future.
“As a legacy organization, which has thrived for more than 100 years, we know better than almost anyone else that we must constantly review our practices to stay relevant,” says Mary O’Sullivan-Andersen, President and CEO of BBB.
She adds, “As a vibrant organization with an international network of more than 100 offices located across North America we are well attuned to the latest trends and best practices in the marketplace.”
In addition to the dedicated local staff, with the majority based in Calgary, the organization is connected to leaders at the international office with advanced knowledge in managing data, marketing and communication.
“All of these resources are marshalled on behalf of the more than 3,600 Accredited Businesses located in Calgary and across southern Alberta and East Kootenay,” says O’Sullivan-Andersen.
When a business goes through the stringent process of becoming accredited by BBB they earn the privilege of using the BBB seal,” she says. “This can be in the form of a dynamic element on their website or even a sticker on the door of a business or on a vehicle. No matter what form the seal manifests it signifies the BBB brand which is known and respected across North America.”
Other activity that occurs in close concert with Accredited Businesses is ongoing education and training with every business that is onboarded connected with an Accredited Business Coach that helps every business maximize their relationship with BBB.
BBB also has a robust consumer engagement program which provides specialized presentations to seniors, youth and new Canadians.
“The interest in these presentations–which include cybersecurity and fraud prevention–is enormormous says O’Sullivan-Andersen. “We partner with postsecondary institutions, newcomer organizations, senior centres and more to provide trustworthy and reliable information they can take with them to thrive as successful citizens.” BBB also has a robust consumer education program with valuable information about potential scams and fraud delivered through media partners on a monthly basis reaching millions of consumers every year.
“Just recently we were included in a television news item that focused on crypto assets,” says O’Sullivan-Andersen. “There is a buzz about this topic. At BBB we want to separate fact from hype and deliver timely information that consumers can count on.”
Adds O’Sullivan-Andersen, “BBB has survived and thrived because we offer unbiased and trustworthy information to consumers and businesses. We are a bedrock organization the community can count on now and long into the future.”
Mary O’Sullivan-Andersen, President and CEO of BBB.
Ransomware is a form of a malware in which the attacker accesses an organization’s most important informational or vital systems and encrypts it until a ransom is paid – typically in some form of crypto currency.
Industry estimates note a 151 per cent increase globally in such attacks during the first half of 2021 from the year prior. One of the most notably was the Colonial Pipeline attack in the U.S. this past May when a ransomware attack caused a shutdown of the largest fuel pipeline in the country, leading to price spikes and fuel shortages for millions of Americans.
Yet these attacks are also happening close to home. The Town of Didsbury was among those targeted by cyber criminals in the past year, as well as businesses such as Calgary-based Professional Excavators and Construction, which reportedly incurred costs in excess of $100,000, and Ronmor Holdings, which controls Ronmor Developers.
“The size or location of the company does not matter,” says Shivji. “We’ve seen companies with one employee working in their basement here in Calgary to multinational companies be victims to these attacks.”
One of the more high-profile local cases came in 2016 when the University of Calgary paid $20,000 after a cyberattack on its system. The FBI would later charge two men in Iran as part of the “SamSam”” ransomware, which hacked networks in Atlanta, San Diego and Newark, N.J., as well as major health-care providers and the University of Calgary.
Const. Leonard VanWoudenberg of the Calgary Police Services’ Cybercrime Teams says these attacks are not only prevalent in Calgary but are often under-reported. It’s estimated that only five to 10 per cent of all cybercrimes and fraud are reported to police.
“We often find out about ransomware attacks after they’ve happened,” he says. “I credit that to two things: First, companies don’t think we can do anything about it. Second, they don’t want any more publicity around it.” Terry Rowsell, president of Calgary-based IT service provider Frontier Solutions, has personal experience with ransomware as many of his clients have been threatened with such attacks – particularly in the last four years.
“Fortunately, we’ve never paid a ransom. We’ve always been able to go to our off-site encrypted backups,” he says. “But ransomware has evolved where the primary goal is no longer about encrypting data. It’s about exfiltrating data, meaning stealing the data with the threat of publicly sharing it if a ransom is not paid.”
This, in turn, has led to increased concerns around other costs associated with ransomware, such as reputational damage or loss of competitive advantage.
“The risk in reputation damage is so high right now, especially with many of our clients who are more the legal sector,” says Rowsell.
VanWoudenberg adds to this, noting a new form of attack in the last year and a half where hackers will post on dark websites about victims who are not willing to pay the ransom.
The Canadian Centre for Cyber Security reported 235 “known” ransomware incidents against Canadian victims in 2021 through to mid-November, with more than half of these victims being critical infrastructure providers.
“The impact to either Canadians, small or medium enterprises or critical infrastructure has been immense,” says Rajiv Gupta, associate head of the cyber centre, noting the estimated average cost of a data breach, a compromise that includes but is not limited to ransomware, is $6.35 million. That can include factors such as downtime, recovery of information and infrastructure rebuilding.
“There’s a whole recovery initiative that has to happen,” says Gupta. “Once there’s malware on your systems and your organization has been compromised, there’s a clean-up and remediation effort that is significant.
“And paying the ransom is not a ‘get out of jail’ card. There’s no guarantee that these criminals who have held your data hostage are even going to respect the payment.”
How do these attackers get the data to hold hostage in the first place?
Most often, it’s through phishing emails in which employees are tricked into clicking on a link or opening an email that then downloads malicious software. Once in the system, the attackers infiltrate the system, encrypt files and bar access to the entire network.
“I would say (attackers) are getting more sophisticated in finding new vulnerabilities to exploit,” says VanWoudenberg. “Phishing attacks continue to be a major problem, and they seem to be getting very professional-looking. Gupta also notes, “More recently, we’re seeing criminal ecosystems emerge where ransomware developers are licensing their software to affiliates to use them.”
This past November, Calgary police announced its involvement in a global investigation led by Europol dubbed Operation GoldDust that led to multiple arrests of members from several high-profile ransomware “families” that were behind 7,000 infections worldwide – including 600 in Canada.
The Canadian component, headed by several RCMP units and the Calgary Police Service Cybercrime Team, targeted a syndicate known as REvil, or the Sodinokibi family, which provided malware to affiliates in exchange for payment.
Other increasingly more common tactics range from attackers using stolen credentials purchased from the dark web to “brute force” their way into businesses’ systems, to attackers exploiting weaknesses within the system such as outdated security patches.
Much like Shivji, Rowsell attributes the rise of cyberattacks in recent years – particularly the past two – to increased adoption of the remote workplace model.
“The most common situations we see are when there are open ports on firewalls that have not been secured properly, and typically that’s through providing remote access to employees and staff,” he says.
“Or security parameters that should have been in place were bypassed to get up and running as quickly as possible. But there’s a real danger in just plugging the holes. You put yourself at great risk.”
When it comes to mitigating the risk of ransomware attacks, both Shivji and Rowsell suggest simple tactics can go a long way to projecting businesses: 1. Do not click on unsafe links in emails.
2. Avoid disclosing personal information including passwords.
3. Do not open suspicious email attachments.
4. Enable multi-factor authentication (also known as MFA) for all applications including email and VPN.
5. Create on-site and cloud backups, and ensure backups are frequently tested for successful restore.
6. Provide employee training and education.
“The threat is out there, but there are things you can do to protect yourselves,” adds Gupta. “If attacked by ransomware, this could be one of the worst days of their lives if you’re not properly prepared.”
Do you own shares in a Canadian Controlled Private Corporation (CCPC)? If so, donating private company preferred shares in-kind has the potential to provide significant additional tax benefits.
For more information on this and other tax e cient donation options, visit abundance.ca or call 1.800.772.3257 to speak with a Gift Planning Consultant.
Generosity changes everything
Abundance Canada is a public foundation, registered with the Canada Revenue Agency (CRA). We are authorized to receive charitable donations, issue o cial donation receipts and distribute funds to registered charities and qualified donees through our donor-advised model. Charity Registration No: 12925-3308-RR0001.
