Canadian Cyber Security Journal
Filed under: Featured, News

Canada ‘lucky’ no big hits taken from world’s largest ransomware attack: expert

Canadian companies are “lucky” that the world’s largest ransomware attack to date hasn’t affected them more substantially so far, one cybersecurity expert said.

On Friday, IT software provider Kaseya was hit with a ransomware attack that has since affected thousands of companies around the world. Ransomware is when a company’s online system is hijacked and locked unless a ransom is paid.

The ransomware attack that has since been credited to the Russia-based cybergang REvil spread malware to companies that use Kaseya’s services, which ironically are supposed to protect against malware.

The result is the largest global cyberattack the world has yet seen, with at least 17 countries affected, from the U.K. to Mexico — some with real-world impacts.

For example, the payment system of Swedish grocery chain Coop was infected, causing its 800 stores to close for at least three days now and for some perishable items to be trashed.

REvil has launched several ransomware attacks in its existence, most recently against JBS, the world’s largest meat processor, in which it was able to extort $11 million last month.

While REvil is based in Russia, President Vladimir Putin’s spokesperson Dmitry Peskov said Monday that the Kremlin was not aware of the attack and had not yet looked into it.

U.S. President Joe Biden has said that if a connection between the attack and the Kremlin is found, the U.S. would respond.

Kaseya said Monday that fewer than 70 of its 37,000 customers were affected. However, those 70 have multiple downstream customers, making the overall reach to thousands of companies.

It is not currently known exactly how many Canadian companies have been affected by the attack, but Vivek Gupta, a partner and cybersecurity expert with consulting firm BDO, said it could be in the thousands and could reach many different kinds of business, from law firms to grocery chains to health clinics.

He said that small to medium-sized businesses are more likely to be affected by this attack as they would be more likely to have outsourced their IT to Kaseya.

“Kaseya provides a critical piece of infrastructure that a lot of organizations leverage, especially in Canada,” he said. “The number [affected] could certainly grow … the impact is still not fully known.”

Cybersecurity awareness agency Beauceron Security’s CEO, David Shipley, said that companies often won’t reveal whether they’ve been affected unless it is impossible to hide, such as the situation with the Coop grocery chain, but reports from the FBI and other large security companies have said Canadian companies were impacted.

“I’m aware of companies that had been quite scared Friday because they had used Kesaya’s cloud-based software,” Shipley said. “There were quite a few folks who were spending Friday night frantically refreshing to see if they were affected.”

Shipley estimates this attack could cost billions of dollars globally due to economic losses, despite REvil initially asking for $70 million for it to end the siege completely, which was later dropped to $50 million.

Adding to that risk is Canada’s underinvestment in cybersecurity, Shiply said, which leaves it more vulnerable “across the board.”

To better prepare ourselves for ransomware attacks, Shipley believes that stronger regulation is needed.

Even though Kaseya is a U.S.-based company, he said the Canadian government could set compliances that would need to be met before the company could operate in the country, similar to what is done for other industries, such as automobiles.

In the meantime, if a company does get infected with ransomware, the RCMP does not recommend paying the ransom.

“Paying the ransom does not guarantee that the victimized organization will be able to get its data back,” RCMP spokesperson Cpl. Kim Chamberland said in a statement. “It can qualify the victim as a potential recurrent target.”

Enjoy this article? Don’t forget to share.