Canadian healthcare, financial industries top victims of ransomware: Report – Canadian Government Executive

NEWS

SEARCH

HR
RiskSecurityTechnology
healthcare, business, cyberattacks, malwarebytes
August 4, 2016

Canadian healthcare, financial industries top victims of ransomware: Report

The healthcare and financial industries are among the most dependent on access to their business critical information, which makes them prime targets for ransomware-producing cyber criminals, according to a recent report.

Canadian healthcare organizations and businesses in the financial industry are the leading victims or ransomware attacks, according to a recent survey.

A new report released by security software firm Malwarebytes found that more than a third of the survey respondents have been hit by such attacks and at least 75 per cent of the victims paid anywhere from $1,000 to $50,000 to regain access to their data.

Survey firm Osterman Research interviewed 125 Canadian respondents and found that 44 were victims of ransomware attacks over the previous 12 months. Of the victims, 33 paid a ransom in order to regain stolen data.

The report also includes surveys taken in the United States, Germany, and the United Kingdom on ransomware and related issues. However, the focus of the Malwarebytes release were Canadian organizations. In order to qualify for participation in the survey, respondents had to be a CIO, IT manager, IT director, CISO or in a related role; and knowledgeable about security issues within their organization.

The survey found, that five of the victimized Canadian organizations were from the healthcare industry. They said they believed the attacks placed lives at risk. “The fact that healthcare and financial services were the most vulnerable to ransomware attacks comes as no surprise,” according to Osterman Research. “These industries are among the most dependent on access to their

“The fact that healthcare and financial services were the most vulnerable to ransomware attacks comes as no surprise,” according to Osterman Research. “These industries are among the most dependent on access to their business critical information, which makes them prime targets for ransomware-producing cyber criminals.

Cyber criminals, hoping that organizations will not have ransomware detection technologies in place or will not have recent backups of their data from which they can recover, are more likely to target organizations in these industries, particularly for highly targeted, spearphishing-like attacks, the research firm said.

Only 25 per cent have decided not to pay the ransom. Among the nations we surveyed, organizations in Canada were significantly more likely to pay ransom demands than organizations in other countries.

Ransomware attacks can be costly for businesses. Eleven of the targeted companies had to cease operations in order to deal with the attacks.

“The impact of ransomware on Canadian organisations is significant relative to the other nations surveyed in a couple of ways,” according to Malwarebytes.

The company cited to main reasons:

  • Ransomware victims in Canada were much less able to contain the spread of the infection to fewer than one percent of the endpoints when compared to organizations in the United States.
  • Canada is the only other nation surveyed beside the United Kingdom in which some ransomware infections spread to the entire corporate network.

Other findings were:

  • Ransomware attacks among Canadian organisations have had a reasonably significant impact: nearly two-thirds of successful ransomware attacks are able to reach up to 25 per cent of endpoints, and one-third more have impacted up to 50 per cent of endpoints.
  • Canadian survey results show that 22 per cent of attacks impacted mid-level managers or higher, with eight percent of incidents attacking senior executives and the C-Suite.
  • The business impact in Canada was high, with 43 per cent of the organizations surveyed reporting lost revenue and 25 per cent revealing a stop in business operations as a result of a ransomware infection. Eleven per cent claimed that lives were at risk from ransomware, the highest percentage among the regions surveyed.
  • Canadian organizations were the most likely to pay ransom demands (75 percent) and if they didn’t pay, 82 per cent lost files. Globally, nearly 40 percent of ransomware victims paid the ransom.
  • The most heavily targeted industries for ransomware are healthcare and financial services.

“Interestingly and somewhat ironically, Canadian organizations were the most likely to pay ransomware demands and the most likely to lose files if they chose not to pay,” according to an assessment by the Osterman Research. “The fact that files were lost after a decision not to pay a cyber criminal’s ransom demands is not surprising, but the relative proportion in Canada that lost files is a bit perplexing.”

The research firm said there is “rarely” a way to decrypt files without the key provided by the ransomware author, “the likelihood of being able to thwart the ransomware encryption is nil.”

Most organizations back up their endpoints. But these backups are typically performed overnight, and so data created since the last backup can be lost if an endpoint needs to be reimaged in the wake of a ransomware exploit. “In short, organizations that choose not to pay ransomware can count on losing at least some files as a result,” the research firm said.

The research found the highest rate of file loss in Canada (82 per cent), followed by the United Kingdom (32 per cent) and Germany (11 per cent).

How are Canadian organizations dealing with ransomware attacks?

  • Seven out of ten choose to use network segmentation as one of their tools to address ransomware.
  • Regular, on-premises data backup is also used by 60 percent of organizations.
  • Ransomware-detection solutions – both on-premises and in the cloud – are lower priority tools to address the ransomware problem.

Using backups that will help restore endpoints to a known good state is a common tool employed to remediate ransomware attacks in all of the nations surveyed. The method is most common in Germany and the United States.

Air gaps were more often cited by Canadian organizations than others as an anti-ransomware capability. The use of air gaps is a network security measure that isolates a computer network physically from unsecured networks such as the public Internet or an unsecured local area network.

More than one-half of Canadian organizations surveyed place a high or very high priority on addressing the ransomware problem. However, fewer than one-quarter give high or very high priority to investing in education and training about ransomware for their end users, while 38 per cent have established investing in resources, technology and funding to address ransomware as a high or very high priority.

About this author

Nestor Arellano

Nestor is a Toronto-based journalist who specializes in writing about technology and business. He is the editor of Vanguard Magazine and the associate editor of IT in Canada and a regular contributor to CGE.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Risk
 
Risk is always present in any undertaking, no matter the size...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
Canadian healthcare organizations and businesses in the financial industry are the...
 
There’s a fine line between confidence and naivety – a line...
 
A U.S. report by Deloitte looks at how federal agencies can...
 
When it comes to catastrophic manmade or weather-related events, it might...
 
If there’s one thing we talk about all the time in...
 
Wayne Gretzky used to say, “I skate to where the puck...
 
On October 1, 1979 the Ontario Occupational Health and Safety Act...
 
According to the Project Management Institute (PMI), project management is the...
 
Le choix du moment n’est peut-être pas tout, mais cela contribue...
 
Wayne Wouters occupe le poste de secrétaire du Cabinet, greffier du...
 
The term “black swan” has captured the imagination of many a...
 
Your boss encourages you to be innovative, but there is little...
 
Timing may not be everything, but it certainly can sound an...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Risk is always present in any undertaking, no matter the size...

Member Login

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.