[BreachExchange] Rise of Ransomware Attacks in Canada: Businesses Beware

Audrey McNeil audrey at riskbasedsecurity.com
Mon Dec 12 18:41:28 EST 2016


http://www.jdsupra.com/legalnews/rise-of-ransomware-attacks-in-canada-18438/

Cybersecurity attacks through the use of ransomware are an increasing
threat to Canadian businesses.1

Ransomware is a malicious software that is secretly installed on a target’s
computer and encrypts files, making them inaccessible to users unless they
are unlocked with a code. Ransomware can attack a sole computer, or infect
several computers on the same network.

While the United States is reported to be the most affected region for
ransomware attacks over the last year, Canada ranks a close second.2 For
2017, ransomware attacks in Canada are forecasted to increase within the
public, legal and financial services sectors.3

Businesses–and particularly their directors–must be aware of this risk in
order to defend against it and be prepared if it does materialize.

How Does Ransomware Work?

Ransomware is most commonly spread by emails with contagious attachments or
hyperlinks to fraudulent websites.4 The emails and websites are disguised
as authentic communications, however once clicked or accessed, the
ransomware encrypts files and blocks access until the ransom is paid.
Typically, the hacker responsible for the ransomware threatens to
permanently erase all of the user’s data if the ransom is not paid within
24–72 hours.5

Increasing Attacks on Businesses

Of 125 anonymous Canadian organizations which participated in a global
ransomware survey this year, 72 percent reported being the victim of a
cyber-attack in the previous 12 months, and of those, 35 percent were
identified as ransomware attacks.6

In April 2016, the United States Department of Homeland Security and the
Canadian Cyber Incident Response Centre issued a joint cyber alert warning
of the increase in ransomware attacks. The alert stated that it was issued
due to the rising attacks on business and governmental agencies, including
hospitals, worldwide.7

A 400 percent increase in ransomware attacks against U.S. businesses in
2017 is predicted by Beazley Group, a worldwide provider of data breach
insurance.8 It is reasonable to expect that the forecast for the U.S. is
informative of the increasing risk for Canadian businesses.

What to Do If Hit with a Ransomware Attack?

The best defence to ransomware attacks is to take preventive measures.
However, even the best line of defence is not immune from a successful
attack.

Businesses should have a detailed plan in place for dealing with
cybersecurity threats, including ransomware attacks. Do not wait for a
cyber-attack to occur before planning how to handle this business risk. The
cybersecurity plan should be developed in consultation with experienced
legal counsel.

There is no precise formula for how to deal with any one ransomware attack.
Ultimately, businesses under attack by ransomware may have limited options
due to the deadline for responding to a hacker’s ransom demand. Options may
include attempting to decrypt data via third-party specialists, reporting
the attack to authorities, and/or paying the demanded ransom.

Retaining experienced legal counsel upon learning of the attack is
important in order to mitigate the consequences of an attack by ensuring
the following is done quickly and efficiently:

directors and/or officers are fully advised on best practices in the
particular circumstances of the attack;
all available options are canvassed;
technical resources are being utilized appropriately;
the business is in compliance with legal reporting obligations; and
the risk of potential fall-out litigation against the business has been
factored in to the decision of how to handle the ransomware attack.

In handling a ransomware attack, businesses and their directors must be
mindful of the potential legal implications of their business strategy
decisions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161212/b32a8e8a/attachment.html>


More information about the BreachExchange mailing list