Canadian healthcare, financial industries top victims of ransomware: Report 

Canadian healthcare organizations and businesses in the financial industry are the leading victims or ransomware attacks, according to a recent survey.

A new report released by security software firm Malwarebytes found that more than a third of the survey respondents have been hit by such attacks and at least 75 per cent of the victims paid anywhere from $1,000 to $50,000 to regain access to their data.

Survey firm Osterman Research interviewed 125 Canadian respondents and found that 44 were victims of ransomware attacks over the previous 12 months. Of the victims, 33 paid a ransom in order to regain stolen data.

The report also includes surveys taken in the United States, Germany, and the United Kingdom on ransomware and related issues. However, the focus of the Malwarebytes release were Canadian organizations. In order to qualify for participation in the survey, respondents had to be a CIO, IT manager, IT director, CISO or in a related role; and knowledgeable about security issues within their organization.

The survey found, that five of the victimized Canadian organizations were from the healthcare industry. They said they believed the attacks placed lives at risk. “The fact that healthcare and financial services were the most vulnerable to ransomware attacks comes as no surprise,” according to Osterman Research. “These industries are among the most dependent on access to their

“The fact that healthcare and financial services were the most vulnerable to ransomware attacks comes as no surprise,” according to Osterman Research. “These industries are among the most dependent on access to their business critical information, which makes them prime targets for ransomware-producing cyber criminals.

Cyber criminals, hoping that organizations will not have ransomware detection technologies in place or will not have recent backups of their data from which they can recover, are more likely to target organizations in these industries, particularly for highly targeted, spearphishing-like attacks, the research firm said.

Only 25 per cent have decided not to pay the ransom. Among the nations we surveyed, organizations in Canada were significantly more likely to pay ransom demands than organizations in other countries.

Ransomware attacks can be costly for businesses. Eleven of the targeted companies had to cease operations in order to deal with the attacks.

“The impact of ransomware on Canadian organisations is significant relative to the other nations surveyed in a couple of ways,” according to Malwarebytes.

The company cited to main reasons:

• Ransomware victims in Canada were much less able to contain the spread of the infection to fewer than one percent of the endpoints when compared to organizations in the United States.
• Canada is the only other nation surveyed beside the United Kingdom in which some ransomware infections spread to the entire corporate network.

Other findings were:

• Ransomware attacks among Canadian organisations have had a reasonably significant impact: nearly two-thirds of successful ransomware attacks are able to reach up to 25 per cent of endpoints, and one-third more have impacted up to 50 per cent of endpoints.
• Canadian survey results show that 22 per cent of attacks impacted mid-level managers or higher, with eight percent of incidents attacking senior executives and the C-Suite.
• The business impact in Canada was high, with 43 per cent of the organizations surveyed reporting lost revenue and 25 per cent revealing a stop in business operations as a result of a ransomware infection. Eleven per cent claimed that lives were at risk from ransomware, the highest percentage among the regions surveyed.
• Canadian organizations were the most likely to pay ransom demands (75 percent) and if they didn’t pay, 82 per cent lost files. Globally, nearly 40 percent of ransomware victims paid the ransom.
• The most heavily targeted industries for ransomware are healthcare and financial services.

“Interestingly and somewhat ironically, Canadian organizations were the most likely to pay ransomware demands and the most likely to lose files if they chose not to pay,” according to an assessment by the Osterman Research. “The fact that files were lost after a decision not to pay a cyber criminal’s ransom demands is not surprising, but the relative proportion in Canada that lost files is a bit perplexing.”

The research firm said there is “rarely” a way to decrypt files without the key provided by the ransomware author, “the likelihood of being able to thwart the ransomware encryption is nil.”

Most organizations back up their endpoints. But these backups are typically performed overnight, and so data created since the last backup can be lost if an endpoint needs to be reimaged in the wake of a ransomware exploit. “In short, organizations that choose not to pay ransomware can count on losing at least some files as a result,” the research firm said.

The research found the highest rate of file loss in Canada (82 per cent), followed by the United Kingdom (32 per cent) and Germany (11 per cent).

How are Canadian organizations dealing with ransomware attacks?

• Seven out of ten choose to use network segmentation as one of their tools to address ransomware.
• Regular, on-premises data backup is also used by 60 percent of organizations.
• Ransomware-detection solutions – both on-premises and in the cloud – are lower priority tools to address the ransomware problem.

Using backups that will help restore endpoints to a known good state is a common tool employed to remediate ransomware attacks in all of the nations surveyed. The method is most common in Germany and the United States.

Air gaps were more often cited by Canadian organizations than others as an anti-ransomware capability. The use of air gaps is a network security measure that isolates a computer network physically from unsecured networks such as the public Internet or an unsecured local area network.

More than one-half of Canadian organizations surveyed place a high or very high priority on addressing the ransomware problem. However, fewer than one-quarter give high or very high priority to investing in education and training about ransomware for their end users, while 38 per cent have established investing in resources, technology and funding to address ransomware as a high or very high priority.