Global ransomware attacks rocketed by 151 per cent this year

The Communications Security Establishment (CSE) cites major attacks such as one against the Colonial Pipeline which stretches across the north-east coast of the US, as well as against healthcare facilities.

The hack against the pipeline, which is the largest in the US, caused a full shutdown leading to price spikes and fuel shortages for millions of Americans.

The report from the Canadian Centre for Cyber Security, which is a unit of the CSE, echoes similar findings made by the UK’s National Cyber Security Centre last month, which said it had defended the UK from a record number of cyber-attacks in 2021 including those targeted at Covid-19 vaccine research centres.

This year has also been marked by the highest ransoms and the highest payouts, the CSE reports. In Canada, the estimated average cost of a data breach, a compromise that includes but is not limited to ransomware, is $6.35m CAD (£3.78m).

The Cyber Centre said it knew of 235 ransomware incidents against Canadian victims from 1 January to 16 November 2021.

More than half of these victims were critical infrastructure providers. It is important to note, however, that most ransomware events remain unreported. Once targeted, ransomware victims are often attacked multiple times.

It also found that an increasingly common tactic by ransomware operators is to publicly release a victim’s data if they do not pay the ransom.

In May 2021, details relating to 520 patients of Ireland’s Health Service Executive were published online following a Conti ransomware attack.

The increased impact and scale of ransomware operations from 2019 to 2021 has been largely fuelled by the growth of the 'ransomware as a service' (RaaS) business model, by which developers sell or lease ransomware to other cybercriminals.

These schemes provide skilled attackers with the ability to distribute ransomware campaigns, with the developer behind the ransomware receiving a percentage of each victim’s ransom payment.

“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” the report states.

“Ransom payments are likely reaching a market equilibrium, where cybercriminals are becoming better at tailoring their demands to what their victims are most likely to pay,” CSE said.

The agency reiterated previous statements that actors in Russia, China and Iran posed a major threat.

“Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity as long as they focus their attacks against targets located outside Russia,” it said.