Skip to content

Take steps to fend off ransomware attacks, federal ministers urge Canadians

Known ransom payments, after increasing rapidly from 2019 to 2020
A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on December 19, 2012. THE CANADIAN PRESS/Jonathan Hayward

Citing a dramatic increase in ransomware attacks on organizations — including health providers and vital utilities — federal ministers are urging Canadians to bolster their cybersecurity.

In an open letter Monday, the ministers encouraged people to adopt the latest security measures, build a response plan and ensure information technology staff are well-prepared to respond to incidents.

Canada is among the top countries affected by ransomware attacks, when cybercriminals hold crucial information hostage until victims pay a fee, often in digital currency.

“To keep yourselves and all Canadians safe, we’re asking you to take action,” the letter said. “Our message is clear: taking basic steps to ensure your organization’s cybersecurity will pay swift dividends.”

The letter was signed by Emergency Preparedness Minister Bill Blair, Public Safety Minister Marco Mendicino, Defence Minister Anita Anand and Small Business and Economic Development Minister Mary Ng.

It said this year has seen a growing number of ransomware threats targeting Canadian small- and medium-sized businesses, health-care organizations, utilities and municipalities.

The Canadian Centre for Cyber Security has published a new ransomware playbook that outlines the most effective steps against ransomware and what to do if an attack occurs.

The letter said organizations hit by ransomware should implement their recovery plan, seek professional cybersecurity help, and immediately report the incident to the federal Cyber Centre’s online portal as well as local police.

In an updated threat bulletin, the Cyber Centre said Monday it was aware of 235 ransomware incidents against Canadians this year through mid-November.

“More than half of these victims were critical infrastructure providers,” the threat bulletin said. “It is important to note, however, that most ransomware events remain unreported. Once targeted, ransomware victims are often attacked multiple times.”

This year has also been marked by the highest ransoms and payouts, the centre said.

Known ransom payments, after increasing rapidly from 2019 to 2020, appear to have stabilized around $200,000 this year, the bulletin said.

The global average total cost of recovery from a ransomware incident — paying the fee and rebuilding the compromised network — more than doubled this year to $2.3 million, the centre added.

“The Cyber Centre continues to regularly observe high-impact ransomware campaigns that can cripple businesses and critical infrastructure providers,” the assessment said.

“The impact of ransomware can be devastating, and the severity of the financial consequences related to a ransomware attack can be profound.”

Russian intelligence services and law enforcement “almost certainly” maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity, as long as they focus their attacks abroad, the bulletin said.

Among the other trends cited by the centre:

— Threats by the ransomware operator to publicly release a victim’s data if they do not pay the amount demanded;

— the ransomware-as-a-service business model, through which developers sell or lease ransomware to other cybercriminals;

— increased targeting of emergency medical services and law-enforcement agencies struggling to manage the COVID-19 pandemic;

— demands that ransom payments be made using cryptocurrencies, which are difficult to trace.

“Despite a temporary lull following international action, we assess that ransomware will continue to pose a threat to the national security and economic prosperity of Canada and its allies in 2022 as it remains a profitable activity for cybercriminals,” the bulletin said.

But it stressed that while ransomware attacks will likely continue to increase in scale, frequency and sophistication, the vast majority can be prevented by implementing basic cybersecurity measures.

Information and federal resources can be found at

Jim Bronskill, The Canadian Press

Like us on Facebook and follow us on Twitter.