Skip to main content

Canadian companies hit by ransomware attacks pay almost half a million dollars on average to perpetrators, according to the results of a new survey.

The survey conducted by Angus Reid for cybersecurity company Palo Alto Networks in September but released Wednesday revealed the average ransom paid by Canadian companies was $458,247, while the average ransom demanded was $449,868.

Nine per cent of respondents said they paid between $500,000 and $1-million, while 8 per cent paid between $1-million and $5-million.

“It’s not out of line with what we’ve seen globally or in the United States, but it’s part of this ongoing trend,” said Ryan Olson, vice-president of Palo Alto Networks’ Unit 42 threat intelligence team.

“Ransoms [are] continuing to tick up and up as ransomware actors continue to put pressure on victims through multiple layers of extortion to ensure that if they are compromised, it’s going to be very, very hard for them to recover without paying the ransom.”

His survey of more than 1,000 businesses found that 55 per cent of respondents said their companies had been the victim of a recent ransomware attack and one in five said it wasn’t the first time their organization had been targeted.

Surveyed companies in Quebec and Ontario reported being targeted by ransomware gangs the most, while those in Newfoundland and Labrador and New Brunswick were least under attack.

Conti, an organization thought to be based in Russia, was the most active ransomware group in Canada, responsible for 31 attacks respondents experienced.

Lockbit 2.0, Avaddon, PYSA and Clop were the next most active groups.

The damage they do is often substantial, Mr. Olson said.

Ransomware gangs used to just infiltrate a single computer and encrypt its files, but now they go further, he said.

“Modern ransomware attacks have an attacker in the network, who spends time … to understand where the most important data for the company is, where are the virtual machines and the databases and everything else that are really driving the company’s business,” Mr. Olson said.

Then, attackers locate backups and find key data they can steal and use for extortion later.

“They spend all that time up front so they can execute the encryption routine, give the ransom note and apply maximum pressure,” he said.

The extensive nature of the attacks means recovery is lengthy because some companies find all their backups have been encrypted or any they held offline are not up to date or will take a long time to restore, Mr. Olson said.

While 41 per cent of Mr. Olson’s survey respondents whose businesses were hit with a ransomware attack were able to recover within a month, 58 per cent say it took more than a month to recover.

Almost 30 per cent say it took more than three months and 9 per cent say it took more than five or six months.

The survey also found nearly half of organizations that didn’t pay a ransom were able to recover within a week, suggesting their companies were prepared for an attack or the attack wasn’t severe enough to warrant paying.

Mr. Olson hopes releasing these findings will spur companies to take cybersecurity seriously, if they aren’t already.

He said, “Organizations all over the world, including Canada, could do more to help ensure that their network won’t be compromised.”

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Your Globe

Build your personal news feed

Follow topics related to this article:

Check Following for new articles