Cyber Horrors: Ransomware and You

Photo by: FLY:D (Unsplash)

Natalie BravoNatalie Bravo is an IPilogue Writer and a 2L JD Candidate at Osgoode Hall Law School.

 

Do you ever get weird emails that are poorly-veiled phishing attempts? Strange requests for Bitcoin payments? These phishing attempts are occurring more frequently, but they are just the tip of the ransomware iceberg. Cybersecurity breaches are a serious concern and the ever-evolving technological landscape is an endless playing field for dedicated malicious actors. Widespread breaches exemplify the need to updated software and security policies across all sectors which use online services. With the pandemic and many working from home, these attacks are on the rise. The Canadian Centre for Cybersecurity reported that ransomware is an increasing threat and the cyber threat most likely to affect Canadians.

Many Canadians have not heard of ransomware, a malicious software (“malware”) that attacks computers by encrypting user files so that malicious actors can request monetary ransom to decrypt or unlock the files. These exploits are typically, though not always, carried out by an unauthorized or unknown transfer of a Trojan file. Users may download and/or open a file that appears legitimate and unknowingly infect the operating system with malware. Accompanying ransom demands are usually requested in the form of Bitcoin due to the presumed anonymity of the transactions. The use of Bitcoin is rampant in these types of attacks – so much so that they have impacted Know Your Customer (“KYC”) policies in the U.S. Sometimes hackers double-dip by requesting more than one ransom from the same target. In a recent report, McCarthy Tétrault’s Cyber/Data Group estimated that Canadian organizations lost $4 billion USD in paid ransoms  in 2020 alone. Ransomware attacks damaging more than finances as they can disrupt operations and corrupt or destroy sensitive data. During the pandemic, hospitals are of utmost concern. The click of an ad, a visit to a website, or a simple file download could risk your data.

In 2017, a high-profile ransomware attack named WannaCry devastated various organizations worldwide. The cryptoworm automatically spread throughout networkers and did not require users to open or download any files. It encrypted user files and demanded Bitcoin ransom payments to decrypt them. WannaCry targeted “end of life” or outdated versions of Microsoft Windows operating systems and exploited certain vulnerabilities within the software. Operating systems must frequently be updated to implement security patches that prevent such exploits. However, updates for older computers are usually discontinued as technology progresses. Microsoft quickly released further patches following the mass attack. The international event was unprecedented and reported to have impacted more than 200,000 computer systems and caused an estimated hundreds of millions to billions of dollars in damage. The WannaCry attack affected organizations such as factories, telecommunication companies, hospitals, governments, and delivery systems. Years later, some computers may still be vulnerable.  

WannaCry was terrifying when it happened, but many more concerning high-profile cybersecurity attacks have occurred  within the past year . Just imagine hospital shutdowns in the middle of a pandemic. Some alarming events in the past three months include the following:

  • In May 2021, the largest petroleum pipeline in the United States, Colonial Pipeline is reported to have been hacked via a single password. The password had access to the company’s internal network and was also unfortunately leaked on the dark web. The hackers utilized the credential to attack and extort Colonial Pipeline. The systems started to shut down and the ransom demanded was $4.4 million in payment. The company stated they had no choice but to pay the large ransom.
  • In June 2021, one of the largest meat producers in the US, JBS, was targeted in a ransomware attack that disrupted its operations. JBS made the difficult decision to pay the $11 million USD ransom in Bitcoin to resume plant operations.
  • On July 4th, 2021, the ‘biggest ransomware attack,’ allegedly conducted by Russian-associated hackers REvil, hit during the US holiday weekend. Kaseya, a software firm, was targeted in the supply-chain attack. Supply-chain attacks, in brief terms, involve compromising a trusted supplier therefore sabotaging the distribution system. The Kaseya attack largely affected US businesses, but Canada was also impacted. Between 800 and 1,500 organizations across the globe were impacted and essentially paralyzed. They demanded millions in payment from affected users/companies and expressed some willingness to negotiate.

It is difficult to know what will happen next with technology, computers, and software. It is best to be proactive and cautious. I have compiled some tips, supported by the Canadian Centre for Cybersecurity and the Federal Bureau of Investigation, to help keep your data and your employer’s networks safe:

  • Check your computer(s) for updates frequently, and make sure your operating system is still receiving new updates.
  • Back up your data periodically and preferably offline. If you are targeted and your data becomes inaccessible, you will feel so much better knowing you had a back-up or two handy.
  • Make sure you are running a trusted anti-virus program, sometimes they are installed on your computer.
  • Understand how to recover your data in the event of a breach and practice the recovery methods.
  • Keep your passwords safe and unique – reusing passwords is never a good idea.
  • Familiarize yourself with common types and methods of malware. You can find a handy list here.
  • Contact your organization’s IT department whenever you see anything suspicious, just in case.

Stay safe, don’t interact with strange emails, and always update and backup if possible! Feel free to comment below any tips or advice you may have.