Agency reports 235 ransomware attacks on Canadian targets this year, half of which were key infrastructure providers.
Global ransomware attacks increased by 151 percent in the first half of 2021 compared with 2020, Canada’s signals intelligence agency has reported, as hackers become increasingly brazen.
Key Canadian infrastructure has regularly been targeted in ransomware attacks in which hackers essentially hold computer information hostage until they are paid, the Communications Security Establishment (CSE) said in a report published on Monday.
The agency said it knew of 235 ransomware incidents against Canadian targets from January 1 to November 16 of this year. More than half were critical infrastructure providers, including hospitals.
“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” said the report issued by the Canadian Centre for Cyber Security, a unit of CSE.
The average total cost of recovery from a ransomware incident more than doubled to $1.8m globally in 2021, the Reuters news agency reported.
CSE reiterated that actors from Russia, China and Iran posed a serious threat to the cyber-infrastructure of countries such as Canada.
“Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity as long as they focus their attacks against targets located outside Russia,” CSE said.
SolarWinds hack anniversary
The Canadian government report came as a US cybersecurity firm warned that attacks by elite Russian state hackers have barely eased up since last year’s massive SolarWinds cyber-espionage campaign targeting US government entities, including the Justice Department, and companies.
On the anniversary of the public disclosure of the SolarWinds intrusions, US cybersecurity firm Mandiant said hackers associated with Russia’s SVR foreign intelligence agency continued to steal data “relevant to Russian interests”.
The hacking campaign was named SolarWinds after the US software company whose product was exploited in the first-stage infection of that effort. Moscow has repeatedly denied responsibility for the hack.
While the number of US government agencies and companies hacked by SVR was smaller this year than last, when some 100 organisations were breached, assessing the damage is difficult, said Charles Carmakal, Mandiant’s chief technical officer.
Carmakal said “not everybody is disclosing the incident[s] because they don’t always have to disclose it legally”, complicating the damage-assessment process. But the overall effect is quite serious. “The companies that are getting hacked, they are also losing information,” he said.
Mandiant did not identify individual targets or describe what specific information may have been stolen but did say unspecified “diplomatic entities” that received malicious phishing emails were among the targets.
The administration of US President Joe Biden imposed sanctions last April in response to the SolarWinds hack, including against six Russian companies that support the country’s cyber-efforts.