State of Ransomware in Canada

Canada, the country named second best place to live in the world, after Germany, has some issues when it comes to IT security. All countries have issues, but our beloved country excels in some unexpected rankings.

Let’s just take a look at this graphic from a study from Osterman Research on cyber-security.

As we can clearly see, compared to our southern neighbor, the United States, Canadians who are victims of ransomware, individuals and companies, end up paying ransom for their data 75% of the time. Looking at the data, I cannot help wonder how valid this data actually is. Of course, we take everything with a grain of salt, this study is based on victims who admitted paying ransom. There are many attacks that are not disclosed as people are too proud or too ashamed to admit that they got breached, that they got blackmailed to get their data back and that they actually paid for it. None the less, due to the lack of specific studies such as this one, we will use this enthralling study published last year on cyber threats.

So why are Canadians more likely to pay a ransom?

One reason would be the fact that they were taken off guard. Although ransomware has been around since early 2012, companies do not seem to grasp the real risk of getting breached, thus they relying on old software, old IT architecture, and not investing much in detection and prevention of such threats. Companies also treat ransomware attacks like random incidents and usually re-image the infected machines and use backup to recover the lost data.

Ransomware attacks are not random incidents, 72% of Canadian companies suffered a security attack in the last 12 months, with more than a third (35%) being hit with ransomware.

Simply re-imaging a computer will not fix the issue. Ransomware has effects beyond just compromising the data on one computer. Canada ranked highest for ransomware penetration with 42% of attacks affecting 26% or more of the corporate network.

Only 8% of incidents were directed towards C-level executives. Here is one of the biggest issues: if they are not directly affected, they often do not realize the dangers their organizations are facing. Canadians pay more for ransomware than other countries do, on top of this we are asked more money when it comes to the ransom amount.

Another main issue that the Canadian businesses are facing is a false sense of security when it comes to cyber threats. With an increase in ransomware-based attacks, the highest penetration rate and business disruption, Canadians have a false sense of security with 51% being “fairly confident” in their ability to stop ransomware. Nope, no! We cannot stop it with the power of our mind, Positive thinking may work in many aspects of life, but when it comes to IT security, pragmatic thinking wins the day.

Canadian companies lack the specialized staff to handle an attack and to organize an effective incident response to a breach. The report states: “First, ransomware victims in Canada were much less able to contain the spread of the infection to fewer than one per cent of the endpoints when compared to organizations in the United States. Secondly, Canada is the only other nation surveyed beside the United Kingdom in which many ransomware infections spread to the entire corporate network.” Bottom line is, and I will try to put it nicely, there is room for improvement.

This study conducted for Malwarebytes, to have a better understanding of the where the North America market stands when it comes to cyber-threats and the conclusion is pretty clear. “The results from this survey further emphasize that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes.

For details references, here is the link of the complete report. https://www.malwarebytes.com/surveys/ransomware/?aliId=13242065

About the author:

Ioan Hipp is not a mathematical genius, he is not a world renowned expert or a prominent figure in the cybersecurity industry. He is just a passionate person on the new cyber world that our IoT is developing into, a storyteller and a contributor to a better society.