Canada Ranks Third – Among Countries Hit by Ransomware and Online Extortion

By: Lee Rickwood

October 25, 2023

Canada ranks third in the world among countries hit by successful RaaS (ransomware as a service) and extortion attacks. We’re not the third largest economy (our GDP puts us about ninth); we’re not the third largest population (try #38 or so).

But we are the third highest ranked country in terms of number and frequency of online extortion and ransomware attacks. Big enterprise organizations are being targeted, sure, but it’s small and medium-sized businesses in Canada that are disproportionately represented in the statistics: security research data shows a whopping 214.29 per cent increase in malignant file detections among SMBs here.

Affected businesses often work in growing sectors like technology, healthcare and education, where ransomware file detection was most prevalent in the first half of the year.

Among the many disconcerting stats cited in the latest ransomware report from Trend Micro, the fact that Canada is now the top third country affected by successful RaaS and extortion attacks in the first and second quarters of 2023, just behind U.S. and the U.K. Trend Micro is a Japanese cybersecurity software company with international operations.

The report’s authors say that many ransomware criminals are not necessarily going after “big game” targets, but rather looking at small and medium sized businesses which are presumed to be less well-defended. Findings also revealed that globally, small businesses make up about half of all ransomware victims so far this year. Worldwide, more than eighty percent of ransomware attacks were targeted at companies with less than a thousand employees; about half of ransomware attacks were on businesses with fewer than one hundred employees.

Specific attack tools and ransomware programs are also being used to attack Canadian IT infrastructure: Canada is included in the top countries worldwide in terms of the ransomware known as BlackBasta; likewise, malware called LockBit, BlackCat and Clop are used in many successful attacks; Canada was unfortunately cited as a leading country for Clop’s successful attacks in terms of victim organizations in the first half of this year.

The existence of such (unfortunately, widely available) tools points to the fact that ‘ransomware-as-a-service’ is a growing criminal industry; sophisticated hacking tools are used by criminals who may not have developed them, may not even understand them, but rather use them for a fee, almost like a subscription.

According to the Canadian Anti-Fraud Centre, fraud and cybercrime resulted in more than $530 million in losses last year; that’s a 40 per cent increase over the year before, and the trend is likely to continue.

Greg Young, VP Cybersecurity at Trend Micro

Canada is ranked number three because “[W]e have advanced technology in the country, an official infrastructure, and ample financial resources. These factors, combined with a high rate of Internet usage, make us a target.  Small- and medium-sized business are being disproportionately targeted,” described Greg Young, VP Cybersecurity at Trend Micro. “Recognizing that they do not always have the same level of protection, they are seen as easier targets with natural disadvantages.”

Of course, having back-ups of important files and company data is important component of data safety and protection for small business; the implementation of multi-factor authentication when accessing company IT assets can also help deflect attacks and reduce their impact.

But, as Young explained, many smaller organizations may not have the capacity or expertise for fully developing and implementing an attack surface risk management plan with appropriate response capabilities. Staff seniority may be lower; staff turnover may be higher in a small versus a large organization. Resources and experience levels are not the same.

Deflecting attacks on AWS infrastructure will require a certain expertise; protecting against Azure attacks another. Different vulnerabilities can affect networks, target stand-alone computers and infiltrate portable devices; they all can be targeted.

So, businesses need to up the risk management measures they use: making sure you’re patched, backing stuff up, those are the basics steps but they are incomplete without making sure you have as much visibility as possible.

“Visibility may not be the most exciting term,” Young continued, “but I am really excited about it; it’s an important thing to consider, maybe the most important in today’s multi-cloud, software as a service world. If you have blind spots, you won’t be able to know where or when to apply the other remedial steps.”

Visibility helps organizations identify potential IT risks, anomalies or incidents. It’s a key step to making informed decisions regarding IT cybersecurity, data privacy and protection measures, as well as maintaining an efficient IT environment.

Visibility is linked directly to security and privacy, but it also sits right alongside traditional enterprise concerns about interdisciplinary communication and organizational productivity.

And alongside traditional concerns like budget and cashflow. But Young says the good news here is that the costs of adequate protection and visibility are not proportional. The risk of cyberattacks and ransomware-based extortion is increasing dramatically, but not so the cost of prevention, he says. “Fortunately, it is not that kid of math.”

If ransomware activity doubles, the cost of protection does not need to. In fact, just throwing more dollars at security can make it worse, Young says, if products turn into shelf ware because they are not used, or not used properly. The best solution is one that’s future-proofed, with a strong central component easily supported by multiple tools from vendors.

As ransomware attacks become more evolved and complex, it’s not just ransom demands that will increase: recovery times are also expected to be longer. And while SMBs are surely a target, enterprise and consumer aren’t far behind.

As one way of responding, Trend Micro unveiled new updates and additions to its unified cybersecurity platform, Trend Vision One, at SecTor 2023 this week. The company describes how artificial intelligence is being used to enhance cybersecurity, streamline response times, all while bringing added insight about cyber risks to the business world.

Canada may not like being ranked so high in this particular contest. But as Greg Young put it, “We can’t change the fact we’re number three, but we can react to it.”


# # #

Canada ranks third in the world among countries hit by successful RaaS (ransomware as a service) and extortion attacks.



Leave a Reply

Your email address will not be published. Required fields are marked *