In 2017, we have noticed a significant increase in attacks on colleges, universities, government, and businesses caused by ransomware.

For example, Cambrian College in Sudbury, Ont., is recovering from a ransomware computer attack, as reported by CBC News.

A virus encrypted a significant portion of the school’s online network last Thursday, according to the administration, and hackers held files hostage in exchange for approximately $54,000 or 30 bitcoins — an electronic currency.

The college has not paid the ransom yet, as the situation is still evolving, said Shawn Poland, associate vice president of college advancement and strategic enrollment.

“Thanks to the tremendous and talented work of our IT team and our cyber security consultants, we’ve been able to assess the damage and bring those networks and files back on stream,” Poland said.

The hack targeted Cambrian’s web portals, grade report and student learning management systems where assignments are submitted.

“It’s kind of frustrating,” police foundation student Allain Lendrum said.

“None of us can see our grades. Also, I’m taking a couple of classes this summer and now I can’t access those.”

Students were supposed to receive their final marks on Wed. May 3, but that date has been pushed back to Sat. May 6 around noon (Stefanovich, 2017).

Chained Hands on laptop

Figure 1 – Image courtesy of IBM Corporation, all rights reserved.

This example is typical of the massive scale disruption that ransomware can cause to an organization.  Many are still dangerously unaware of what is happening in Canada today, but they need to become aware fast or face the consequences.

So, what exactly is ransomware anyway?  Ransomware is a type of malicious software that encrypts files on a user’s computer and asks for money in exchange for unlocking the data.

The ransomware will look for images, documents and programs on your computer and encrypt them so that you can’t access them.

The software will likely threaten to permanently erase all of your data if payment is not handed over (Bogart, 2016).

Ransomware has been a prominent threat to enterprises, small-to-medium sized businesses or SMBs, and individuals alike since the mid-2000s.  In fact, there were more than 7,600 ransomware attacks reported to the Internet Crime Complaint Center (IC3) between 2005 and March of last year, outnumbering the just over 6,000 data breaches reported during the same time period. In 2015, IC3 received 2,453 ransomware complaints that cost victims over $1.6 million.

Those figures, however, represent only the attacks reported to IC3; the actual number of ransomware attack victims and costs is likely much higher.  While difficult to estimate with precise accuracy, Tom’s IT Pro reports on data from Kaspersky indicating that the number of corporate users who have fallen victim to crypto-ransomware (one form of ransomware commonly used today) between April 15 and March 2016 was 718,000, a six-fold increase over the previous 12 month total of 131,000.  Most of these attacks were targeted to SMBs, although ransomware initially targeted primarily individuals – which still comprise the majority of attacks today (Lord, 2017).

Symantec

Figure 2 – Ransomware infections by region – January 2015 to April 2016 (Symantec, 2016)

Consumers are the most likely victims of ransomware, accounting for 57 percent of all infections between January 2015 and April 2016.  While most major ransomware groups tend to be indiscriminate in their attacks, consumers are often less likely to have robust security in place, increasing the possibility they could fall victim to ransomware (Symantec, 2016).

In Canada, 125 respondents reported ransomware attacks and, of them, 33 said they had paid ransoms of between $1,000 and $50,000.  Five of those were from the healthcare industry and indicated they thought lives were placed at risk as a result of the attack.  Patients’ health records are often filed digitally and are needed to plan treatment.

Eleven Canadian respondents said they had to close their businesses to cope with the ransomware infection and it took an average of nine working hours to recover.

The survey found 75 per cent of Canadian firms attacked paid the ransom, 58 per cent in the U.K. paid, 22 per cent did in Germany and only three per cent of U.S. firms paid to have their files unlocked (Desjardins, 2016).

ransomware-canada-stats

Figure 3 – Ransomware attacks per day by country (Symantec, 2016)

It all starts with weak passwords or an employee or student clicking on an attachment within an email from an unknown sender.  In a few cases, the perpetrators have been dropping valuable high capacity USB keys in the employee parking lot only to be found by a worker who is thrilled to discover the USB key and takes their find into the office and uses it.  Later, it is discovered that the USB key has a ransomware program loaded ready to infect the networks once the employee plugs it in.  Employee education to be aware of these tricks and corporate governance to strengthen and validate rotating passwords is critical to protecting your enterprise from ransomware.

Another common cause of ransomware is poor systems design.  For example, IT departments using the open source Elasticsearch search engine for in-house combing of log and other data are being warned of a ransomware campaign that appears to be orchestrated by groups aligned with the recent MongoDB attacks. The problem is poor security:  Elasticsearch clusters that are left open to the Internet for no good reason.

“Whatever you do, never expose your cluster nodes to the Web, warns search technology specialist Itamar Syn-Hershko. “This sounds obvious, but evidently this isn’t done by all. Your cluster should never-ever be exposed to the public web. (Solomon, 2017).

Because of the reluctance of victims to report being struck accurate data is hard to come by. But there is some evidence Canadians are more willing than others to pay up.  According to a survey by Malwarebytes 75 percent of the Canadian respondents who said their organizations were hit during the 12 months ending in June paid ransoms to get their computers unlocked.  By comparison only three per cent of U.S. victim organizations paid, 22 per cent in Germany and 58 per cent in the U.K. (Solomon, 2016).

In Canada, the average cost of a data breach is $6.03 million, according to the Canada-specific study in which 24 local companies participated.

cryptolocker

Figure 4 – Example of a Ransomware locked computer screen (Cannell, 2016)

Hackers constantly scan websites on the Internet, said Rob Moerman, senior manager of the Cyber Intelligence Centre’s operations.

In its latest quarterly threats report released this month, McAfee Labs said its products detected malicious or suspicious activity 49.9 billion times a day. That’s up 2.4 billion from the previous quarter (Sagan, 2016).

So, the threat is real.  The costs are frightening. The impacts to you, and your business are lethal.  New levels of personal education, awareness, and corporate IT diligence are all required to protect ourselves and our organizations from ransomware attacks.  With the right approach, technology, and processes, we can survive in this hostile cyber world.  Just beware!

About the Author:

Michael Martin has more than 35 years of experience in broadband networks, optical fibre, wireless and digital communications technologies. He is a Senior Executive Consultant with IBM Canada’s GTS Network Services Group. Over the past 11 years with IBM, he has worked in the GBS Global Center of Competency for Energy and Utilities and the GTS Global Center of Excellence for Energy and Utilities. He was previously a founding partner and President of MICAN Communications and before that was President of Comlink Systems Limited and Ensat Broadcast Services, Inc., both divisions of Cygnal Technologies Corporation (CYN:TSX). Martin currently serves on the Board of Directors for TeraGo Inc (TGO:TSX) and previously served on the Board of Directors for Avante Logixx Inc. (XX:TSX.V).  He served on the Board of Governors of the University of Ontario Institute of Technology (UOIT) and on the Board of Advisers of four different Colleges in Ontario as well as for 16 years on the Board of the Society of Motion Picture and Television Engineers (SMPTE), Toronto Section.  He holds three Masters level degrees, in business (MBA), communication (MA), and education (MEd). As well, he has diplomas and certifications in business, computer programming, internetworking, project management, media, photography, and communication technology.

References:

Bogart, N. (2016). Ransomware on the rise in Canada: How to protect your data. Global News. Retrieved on May 3, 2017 from, http://globalnews.ca/news/2641249/ransomware-on-the-rise-in-canada-how-to-protect-your-data/

Cannell, J. (2016). Cryptolocker Ransomware: What You Need To Know. Malwarebytes Labs. Retrieved on May 3, 2017 from, https://blog.malwarebytes.com/101/2013/10/cryptolocker-ransomware-what-you-need-to-know/

Desjardins, L. (2016). 33 Canadian firms gave in to ransomware attacks. Radio Canada International. Retrieved on May 3, 2017 from, http://www.rcinet.ca/en/2016/08/03/33-canadian-firms-gave-ransom-attacks/

IBM (2017). Various graphic elements for the title slide and within the body of the article.  IBM Corporation.

Lord, N. (2017). A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time. Digital Guardian. Retrieved on May 3, 2017 from, https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time#4

Sagan, A. (2016). Average cost of data breach in Canada is $6.03M: study. The Canadian Press. Retrieved on May 3, 2017 from, http://globalnews.ca/news/2793414/average-cost-of-data-breach-in-canada-is-6-03m-study/

Solomon, H. (2016). Carleton University recovering from ransomware attack.  IT World Canada. Retrieved on May 3, 2017 from, http://www.itworldcanada.com/article/carleton-university-recovering-from-ransomware-attack/388831

Solomon, H. (2017). Elasticsearch users increasingly targets of ransomware.  IT World Canada. Retrieved on May 3, 2017 from, http://www.itworldcanada.com/article/elasticsearch-users-increasingly-targets-of-ransomware/389886

Stefanovich, O. (2017). ‘None of us can see our grades’: Cambrian College hit by computer malware. CBC News. Retrieved on May 3, 2017 from, http://www.cbc.ca/news/canada/sudbury/cambrian-college-ransomware-hack-1.4093634

Symantec. (2016). An ISTR Special Report: Ransomware and Business 2016. Symantec. Retrieved on May 3, 2017 from, http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf