There has been an increase in cyber threats related to the COVID-19 pandemic according to the Canadian Centre for Cyber Security, with a significant portion of cyber threats directed against the country’s frontline healthcare and medical research facilities.
In June, a ransomware attack forced Toronto’s Humber River Hospital to declare a code grey, meaning loss of essential services.
More recently, a cyber attack on Newfoundland and Labrador’s health network data centre resulted in the cancellation of thousands of medical appointments.
Last week, Headwaters Health Care Centre in Orangeville, Ontario, announced its systems had “been subjected to unauthorised access”, and the hospital has since begun working with cyber security experts to help safely restore IT services and launch an investigation into what happened and whether sensitive data was compromised.
According to David Shipley, CEO of Beauceron Security, threat actors have shifted to targeting critical infrastructure intending to cause maximum impact.
“We have never seen this swell of attacks across all sectors, but acutely targeting areas that we feel it the most and causes the most pain, and health care being top of that list,” Shipley said.
While not all of the attacks have been classified as ransomware, the 2018 National Cyber Threat Assessment (NCTA) identified it as the most common form of malware used for extortion against Canadians.
According to NCTA 2020, cyber criminals have more recently been engaging in big game hunting, homing in on “large enterprises that will not tolerate sustained disruptions to their networks”, and are willing to pay bigger ransoms to restore operations swiftly.
The report also points to researchers estimating that the average ransom demand increased by 33 per cent since Q4 2019 to nearly $150,000 in Q1 2020.
On the higher end, Shipley revealed some entities are seeking out millions of dollars.
“I can’t put it any more simply than this: imagine your chemo treatment for your cancer is cancelled because the hospital can’t deliver it, doesn’t even have access to what chemo drugs you were on.”
“This is classic organised crime in 21st century form, and it uses technologies that we use for good every day – encryption – which are the things that we rely on to do our banking securely, to hurt us.”
The money being sought is often transferred as cryptocurrency and security expert Christian Leuprecht added that although it is not impossible to trace, it is more challenging.
“In a ransomware attack, people breach your network in order to compromise your data."
"Usually that means taking your data hostage, essentially encrypting your data and then telling you if you provide a certain amount of money, then we will send you a key to decrypt your data,” Leuprecht explained.
The anonymity of cryptocurrency is a major driver of ransomware according to Leuprecht, and the people responsible tend to be located outside of jurisdictions where Canadian officials can investigate and prosecute.
South of the border, Colonial Pipeline – which found itself the victim of a Russian-based hacker group – paid out $4.3 million. The Justice Department was able to recover the majority of it.
Leuprecht considers the move a shot across the bow.
“If you go after US critical infrastructure, you might get paid, but we’re going to be able to repatriate most of that money, so it’s not going to be worth your while,” Leuprecht concluded.
In July, the Canadian government joined allies in blaming China for a massive hack on Microsoft exchange servers.
The attack put several thousand Canadian entities at risk. Worldwide, around 400,000 servers were affected.