Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

The Globe and Mail

One morning this past May, Jane (not her real name) poured a cup of coffee and opened her laptop for another pandemic-era workday at her kitchen table. A senior employee for a Canadian engineering firm we’ll call Meadowlark Group, she had a management meeting to prepare for and started tapping out an e-mail. But when she hit send, the e-mail just sat there. Soon, her phone rang. A co-worker was on the line, rushing through a story about logging on to Meadowlark’s server and seeing that files had been renamed with a bizarre extension. She’d also clicked on a text file called “read me,” and what she found sent her into a panic.

Jane had to see the note for herself. “All of your files are currently encrypted,” the text file read. “All of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly.” Then came a threat: “YOU SHOULD BE AWARE!” it read. “We’ve downloaded a pack of your internal data and are ready to publish it on [our] news website if you do not respond.” To prove their legitimacy, the authors offered to unlock two files “completely free of charge.”

Jane was too alarmed to finish reading, but she knew the company had been infected with ransomware. A gang of hackers (or “threat actors,” a term she would soon learn) had broken into Meadowlark’s server, encrypted its files so they were inaccessible, and were demanding payment in bitcoin to provide a decryption key to unlock everything. Jane clicked around and saw that not every file had been encrypted. Fearing whatever malicious program had infiltrated the company was still spreading, she shut off the server. (The Globe and Mail is not identifying the company or its employees so they can talk candidly.)

Thwarting cyber criminals from her kitchen table was not how she pictured spending her day – nor, for that matter, the next few weeks. But Meadowlark’s experience is increasingly common. Ransomware attacks soared by 158 per cent in North America last year, according to U.S. cybersecurity firm SonicWall. Universities, municipalities, hospitals, police departments, multinational conglomerates and mom-and-pop shops have all been victims.

In Canada, public and private-sector entities made 3,236 submissions in 2020 to ID Ransomware, a service run by cybersecurity company Emsisoft that identifies different strains, giving some sense of the scale here. Those are self-reported incidents, however, and Emsisoft says the actual figure could be up to four times higher. A survey conducted by security software provider Sophos found 39 per cent of Canadian organizations have been hit by ransomware in the past year, slightly higher than the global average.

Ransoms are rising, too. At the end of 2020, the global average payment totalled US$154,108, up 83 per cent from a year earlier. In some cases, ransoms can soar into the millions of dollars – this past March, U.S. insurer CNA Financial reportedly paid hackers US$40-million. Emsisoft estimates companies handed over about US$18-billion worldwide in ransoms last year (about six times the annual revenue of Shopify Inc.), while downtime added billions more in costs. Many companies have no choice but to pay up. A recent report from Toronto-based law firm Blakes, Cassels and Graydon found 54 per cent of Canadian organizations hit by ransomware did so.

“It’s just off the charts, the number of ransomware attacks we’re seeing,” says Kevvie Fowler, a partner at Deloitte who works with organizations to prevent and respond to such events. Some criminals are bold enough to pre-emptively shake down victims by demanding money to stop them from mounting an attack in the first place. “Believe it or not, people are paying,” he says.

Story continues below advertisement

There are a few reasons for the surge. Ransomware attacks can be simple to carry out, devastatingly efficient and very profitable. Perpetrators are cloaked in anonymity, likely operating abroad (many are believed to be in Russia) and hard to apprehend. Demanding payment in cryptocurrency adds a further layer of anonymity.

The sheer scale of the ransomware industry is prompting a shift in thinking about how these attacks can be stopped. It’s not enough for companies to urge employees to avoid suspicious e-mails. The United States is taking an aggressive approach after a number of high-profile attacks, such as one on Colonial Pipeline Co. that shut down an East Coast gas pipeline for six days. (Colonial ended up paying US$4.4-million to unlock its systems.)

U.S. President Joe Biden has set up a task force, a review board and a reward program, and has moved to establish security standards for software providers. He has also openly denounced Russia for providing safe harbour to cyber criminals. Experts have a host of additional suggestions, from providing government incentives for cybersecurity upgrades to banning insurance coverage for ransoms.

It’s hard to say what any single measure could achieve. What’s clear, critics charge, is Canada’s federal government isn’t doing enough. “It’s not even remotely on the radar,” says David Shipley, chief executive officer of Beauceron Security in New Brunswick, which helps organizations develop cybersecurity awareness programs. Governments have, of course, been gripped with the pandemic – in a cruel twist, the shift to working from home created openings for hackers to exploit – but it’s a problem that can no longer be shoved aside. “This government is either ill-equipped to actually properly deal with it or is focused on other issues,” Mr. Shipley says.

In the meantime, more Canadian companies will fall victim to ransomware, siphoning untold millions out of the economy and into the bitcoin wallets of criminal enterprises. More employees, meanwhile, will find themselves where Jane was that Thursday morning in May, staring at her laptop and wondering how bad things were about to get.


Nature of incidents in Canada

By type, 2020

Business email

compromise:

18%

Ransomware:

67%

Financial

fraud:

10%

Malware/

other:

8%

Does not add up to 100 due to rounding.

THE GLOBE AND MAIL, SOURCE: Blake, Cassels &

Graydon LLP

Nature of incidents in Canada

By type, 2020

Business email

compromise:

18%

Ransomware:

67%

Financial

fraud:

10%

Malware/

other:

8%

Does not add up to 100 due to rounding.

THE GLOBE AND MAIL, SOURCE: Blake, Cassels & Graydon LLP

Nature of incidents in Canada

By type, 2020

Business email

compromise:

18%

Ransomware:

67%

Financial

fraud:

10%

Malware/

other:

8%

Does not add up to 100 due to rounding.

THE GLOBE AND MAIL, SOURCE: Blake, Cassels & Graydon LLP

The ransomware that hit Meadowlark came from a group known as Conti, which the U.S. Federal Bureau of Investigation has linked to more than 400 attacks worldwide, including on hospitals, law enforcement agencies and 911 dispatch centres.

Story continues below advertisement

Whether they know it or not, today’s hackers are following in the footsteps of Joseph Popp, a biologist with a PhD from Harvard University. In 1989, roughly 20,000 public-health researchers received a floppy disk that supposedly contained information about AIDS. Once opened, the disk unleashed malware that eventually locked computers and commanded printers to crank out a ransom note demanding US$189 be sent to a post office box in Panama. Mr. Popp was later apprehended but declared unfit for trial; he had taken to wearing a cardboard box on his head, believing it would protect him from radiation.

Groups such as Conti have taken Mr. Popp’s formula and turned it into a highly profitable business. There are people to write the code, initiate attacks (often as simple as enticing one hapless employee to open a phishing e-mail containing a malicious link or attachment), negotiate with victims and assist with any technical issues. Some illicit organizations run “affiliate programs,” providing encryption software to other bad actors in exchange for a cut of the profits. LockBit 2.0, which was recently used to hit Accenture, claims its encryption software is the fastest in the world and includes a chart on its website comparing its product with competitors. “With our help you can easily get more targets over the weekend than with any other affiliate program,” the group claims. (Accenture said the recent attack had no impact on operations.)

Before perpetrators encrypt a company’s data, they siphon it off and threaten to post it online, giving the victim more incentive to pay up. They maintain websites on the dark web where they dump the stolen data, usually posting a small sample of the purloined material as proof before a full leak.

Canadian companies regularly pop up when scanning these sites. A group called Ragnar Locker posted a “proof pack” of data in July from Gateway Property Management in British Columbia, which manages residential and commercial real estate. The leak appears to contain employee contact information, resident e-mail addresses and internal financial documents. In a statement to The Globe, Gateway president Scott Ullrich said the attack was contained and caused minimal disruption, and that the company notified privacy commissioners, employees and customers whose data “may have been accessed.”

Clop, meanwhile, posted hundreds of gigabytes of data stolen last year from Parkland Corp., a $6-billion publicly traded fuel supplier and convenience-store operator headquartered in Calgary. Screenshots show scans of passports and financial spreadsheets. Spokesperson Simon Scott said Parkland did not pay a ransom and that the “vast majority of data that was stolen was aged and non-personal.” The attack had no material financial impact, nor did it disrupt service, Mr. Scott added. “We have continued to invest in our security infrastructure.”

Smaller companies are victims, too. Another gang called Grief claims to have obtained five gigabytes of data from a family-run financial adviser in Toronto, including client information. Grief even posted a screenshot of a text conversation from the CEO’s phone.

Story continues below advertisement

Ransomware groups are constantly evolving to evade law enforcement. DarkSide, the organization that hit the Colonial pipeline, announced it was shutting down after the attack, citing “pressure” from the U.S.

Experts suspect the gang re-emerged under a new moniker, calling itself BlackMatter. (A representative from BlackMatter told a threat researcher recently that “we are not them,” referring to DarkSide, “although we are intimate with their ideas.”)

Each group has its own method and style. The tagline for a group known as Lorenz is literally: “Nothing personal, it’s strictly business.” Ragnar Locker seems to delight in embarrassing companies, posting data on what it calls the “wall of shame.” They’re not above rubbing things in, either. After negotiations with a seafood company broke off, the group posted reams of data and chastised the CEO for being “much more interested about sailing on the boat.” Some perpetrators are adopting codes of conduct, vowing not to hit hospitals or critical infrastructure.

Many employ a twisted kind of logic to justify their actions, blaming target companies for poor security and accusing them of not caring about personal information if they refuse to pay. Ragnar Locker essentially claims it performs a public service by naming such companies. “We will tell about it for everyone because truth should be told,” the website states.

Only two of the 10 ransomware groups contacted by The Globe through e-mail responded. An outfit called AvosLocker emphasized it was financially motivated and then took an unsolicited shot at law firms, claiming to have obtained gigabytes of private client data. “None of them gave a single shit,” the individual wrote. “Crazy, isn’t it?”

Someone from a group called Everest expressed a prosaic view when asked about the ethics of extorting organizations: “This is a job.”

Story continues below advertisement


Organizations under attacks globally

Per cent of organizations that reported ransomware

attacks, top 15 countries

India

68%

Austria

57%

U.S.

51%

Israel

49%

Turkey

48%

Sweden

47%

Belgium

47%

Switz.

46%

Germany

46%

Australia

45%

Spain

44%

Philippines

42%

Canada

39%

UAE

38%

Brazil

38%

THE GLOBE AND MAIL, SOURCE: sophos

Organizations under attacks globally

Per cent of organizations that reported ransomware attacks,

top 15 countries

India

68%

Austria

57%

U.S.

51%

Israel

49%

Turkey

48%

Sweden

47%

Belgium

47%

Switzerland

46%

Germany

46%

Australia

45%

Spain

44%

Philippines

42%

Canada

39%

UAE

38%

Brazil

38%

THE GLOBE AND MAIL, SOURCE: sophos

Organizations under attacks globally

Per cent of organizations that reported ransomware attacks, top 15 countries

India

68%

Austria

57%

U.S.

51%

Israel

49%

Turkey

48%

Sweden

47%

Belgium

47%

Switzerland

46%

Germany

46%

Australia

45%

Spain

44%

Philippines

42%

Canada

39%

UAE

38%

Brazil

38%

THE GLOBE AND MAIL, SOURCE: sophos

The CEO of Meadowlark first heard about the attack on his company through text message that morning. John (The Globe is only identifying him by his first name) was in disbelief. Why go after us? he wondered. After all, Meadowlark was small fish. John was also struck by a cruel irony – the company was in the midst of a security upgrade. Had the attack occurred a month or so later, it might not have been successful.

Fortunately, Meadowlark was insured, and one of the first calls it made was to its carrier. The insurer set loose a SWAT team of professionals: a cybersecurity response firm to contain the attack, conduct forensics and assist with data recovery; a negotiator to talk to Conti; lawyers specializing in data breaches; a public relations team; and yet another firm to facilitate payment, if necessary.

Telling workers what had happened was another priority. The attack disabled Meadowlark’s e-mail system, so Jane sent a mass text to its 150 employees. “Servers suffered a virus attack last night. Please leave your computers off until further notice,” she wrote. “This is not a test.”

John hoped the damage could be repaired in a couple of days. The insurer’s team worked during the weekend to restore e-mail access, but by Sunday night, it was clear that wasn’t going to happen. Meadowlark posted a message on its website stating its e-mail was down, and employees were instructed to tell clients the company was dealing with “server issues.”

Come Monday, large swaths of employees were unable to access their work. Before the attack, they’d been reminded constantly to save their engineering reports and other technical documents to the server, both for security reasons and to make collaboration easier. With the server down and files inaccessible, some employees opted to take vacation time. Every day the attack dragged on, Meadowlark bled money.

The company had at least two things going for it, though. First, its files were backed up nightly. If the data could be restored, employees wouldn’t lose too much work. The recovery was a slow, grinding process, however, with files restored block by block and analyzed to ensure nothing had been corrupted.

Story continues below advertisement

The other element in Meadowlark’s favour was insurance. Only 17 per cent of TSX-listed companies in Canada have indicated they have cyber coverage, according to a report from Blakes, leaving the rest potentially exposed to huge costs. IBM Security estimates the average ransomware breach costs US$4.6-million ­– and that doesn’t include a ransom payment.

With the explosion in ransomware claims between 2018 and 2020 ­– an increase of roughly 500 per cent for some insurers, according to Aon – premiums have already risen by at least 25 per cent or 30 per cent. Now, insurers are having to re-evaluate their underwriting practices, too. “This time last year, I could probably buy some insurance by only answering six non-technical questions,” says Katharine Hall, senior vice-president of Aon’s national cyber practice. Now, insurers are requesting detailed information about multifactor authentication, response plans, employee training and other security measures.

For Meadowlark, insurance was worth it. Roughly two weeks after the initial attack – which passed in a high-stress blur – the response team had managed to restore data from backups and get e-mail up and running.

There was just one glaring problem: Conti was still threatening to leak the company’s data unless it handed over hundreds of thousands of dollars.


Successful attacks encourage perpetrators to strike again and again, demanding ever-higher ransoms. But disrupting the profitability of ransomware attacks can help alleviate the problem.

The Globe and Mail

There are many things Jason Kotler won’t talk about, including how he learned to negotiate with ransomware hackers. “Experience” is all he’ll say. He won’t reveal how many deals he has negotiated nor even how many people he employs at his Toronto-based company, CYPFER Corp. He certainly won’t talk about his methods.

His job is one that barely existed a few years ago. Mr. Kotler started out as a lawyer before shifting to the tech industry and eventually serving as chief administrative officer for a private equity firm. As part of his role, he rebuilt the company’s infrastructure to boost security, developed cyber-incident response plans and instructed staff not to click on fishy emails.

He founded CYPFER in late 2019, when he sensed the need for a homegrown firm to specialize in ransomware negotiations. Since then, the work hasn’t stopped. “It’s total triage,” says Mr. Kotler, who works alongside forensics firms and legal counsel during negotiations. One thing he will allow about his methods is that he treats each situation differently. “The threat actors don’t care what was done before,” he says. “Just because they gave you a discount yesterday doesn’t mean they’re going to give you the same discount tomorrow.”

Those on the other end are not fond of negotiators. “They can aggressively bring down the amount of the ransom, deceive about the payment date, sniff out information,” the unidentified member of Everest griped to The Globe.

At the same time, the threat actors try to suss out anything they can about the negotiators, looking for patterns that can help them. “This is really dangerous, when the party you’re negotiating with understands your tactics,” says Ed Dubrovsky, managing director with breach response and digital investigation firm Cytelligence in Toronto, who estimates he’s negotiated close to 2,500 cases in the past five years. (Cytelligence was purchased by an insurance company last year and no longer negotiates directly.) “The only way to truly negotiate is to really shake them up.”

In the case of Meadowlark, Conti left a ransom note on its server that included a link to chat directly on the dark web. The U.S.-based ransomware negotiator retained through Meadowlark’s insurer made contact without letting Conti know exactly who he was. Both Jane and John got the impression the negotiator’s role was partly to buy time so the rest of the cyber SWAT team could assess the damage and restore data, reducing the need to pay.

John had no intention of doing so, which lines up with law enforcement’s advice to victims. It’s not an offence to pay a ransom, so long as the criminal entity has not been sanctioned by Canada. (Companies that do business in the U.S. also need to consult American sanctions.) But some believe payment simply fuels more crime.

“You’re just contributing to help the threat actors to be more efficient, to be stronger,” says Inspector Daniel Côté with the RCMP’s National Cybercrime Coordination Unit (NC3). Still, he recognizes the decision is unique to every organization, and some feel there’s no other option – they might not have recent back-ups of their data, the costs of business disruptions could be unsustainable, or there might be truly sensitive information at stake. There’s also the potential fallout to consider, since data breaches can expose companies to fines, class-action lawsuits and reputational damage.

At Meadowlark, John’s thinking changed as the days passed. It wasn’t immediately clear what data Conti had stolen, and the experts advised the company to assume the hackers had gotten their hands on everything. John grew concerned about employees’ personal information, and he didn’t want his people to suffer any consequences. He decided to pay the ransom and spent weeks getting the insurer to sign off.

Some policies do cover ransoms, but the practice is becoming more controversial. “Companies are more likely to pay when the money isn’t coming out of their own pockets,” says Brett Callow, an Emsisoft threat analyst based in B.C.

Successful attacks encourage perpetrators to strike again and again, demanding ever-higher ransoms. But disrupting the profitability of ransomware attacks can help alleviate the problem. Mr. Callow says that could require legislation restricting the circumstances in which companies pay hackers or prohibiting insurers from covering ransoms entirely.

Some carriers have already started pulling back. Axa said earlier this year it would suspend ransom coverage in France because of concerns the practice only encouraged more attacks. Others argue the trend of escalating ransom payments isn’t sustainable for insurers, either. “Provincial regulators here need to have that conversation to say, ‘We need to take this product off the market,’” Beauceron’s Mr. Shipley says. Doing so, he argues, would prevent companies from simply transferring the risk to their insurance carriers and force them to invest in better cybersecurity.

Ms. Hall at Aon isn’t sure a prohibition would make much of a difference. “Organizations still have the funds available, and they still want their information back,” she says. By increasing underwriting standards for cyber coverage, insurers are already nudging companies to better defend themselves, she adds.

As for Meadowlark, its insurer agreed to cover the ransom, which the negotiator had talked down from hundreds of thousands of dollars to tens of thousands, since there was no need to decrypt data. The good guys got some unintentional help from Conti, which confused Meadowlark with another one of its targets during the negotiations, buying the SWAT team more time. Even ransomware groups, it seems, struggle to find talent.


Global ransomware payments

By quarter, in thousands of U.S. dollars

$250

200

150

Avg. payment

100

50

Med. payment

0

Q3

Q4

Q1

Q2

Q3

Q4

Q1

Q2

Q3

Q4

Q1

Q2

2018

2019

2020

2021

2020 Canada ransomware payment

In U.S. dollars

20K-100K

16%

250K+

32%

Under

20K

24%

100K-250K

28%

THE GLOBE AND MAIL, SOURCE: coveware; Blake,

Cassels & Graydon LLP

Global ransomware payments

By quarter, in thousands of U.S. dollars

$250

20K-100K

16%

250K+

32%

200

2020 Canada

ransomware

payment

(USD)

150

Average payment

Under

20K

24%

100

100K-250K

28%

50

Median payment

0

Q3

Q4

Q1

Q2

Q3

Q4

Q1

Q2

Q3

Q4

Q1

Q2

2018

2019

2020

2021

THE GLOBE AND MAIL, SOURCE: coveware; Blake,

Cassels & Graydon LLP

Global ransomware payments

By quarter, in thousands of U.S. dollars

$250

20K-100K

16%

250K+

32%

200

2020 Canada

ransomware

payment

(USD)

150

Average payment

Under

20K

24%

100

100K-250K

28%

50

Median payment

0

Q3

Q4

Q1

Q2

Q3

Q4

Q1

Q2

Q3

Q4

Q1

Q2

2018

2019

2020

2021

THE GLOBE AND MAIL, SOURCE: coveware; Blake, Cassels & Graydon LLP

The odds are slim that whoever attacked Meadowlark will be apprehended. The company never even contacted the police. But Inspector Côté with NC3 says companies should always do so, even if it seems futile. “It’s about making links between crimes,” he says. “Any lead could help us or add a piece to the puzzle.”

Ransomware investigations, he acknowledges, are difficult, lengthy and expensive, and they require extensive international co-operation. Successes do happen, though. In January, law enforcement officials shut down a site on the dark web used by a group called NetWalker to publish stolen data. The U.S. Department of Justice also charged a man from Gatineau, accusing him of using NetWalker’s software to carry out attacks that yielded him more than US$27.6-million.

But arresting hackers is ultimately a game of whack-a-mole. “At the end, we always wonder, ‘Was it worth the effort to take down a group if other affiliates can take over?’” Inspector Côté says.

Law enforcement is only one part of the solution, of course. In April, the U.S. Institute for Security and Technology published 48 recommendations to fight ransomware, drawing from experts that included NC3. The task force suggested applying the “carrot-and-stick” approach to countries harbouring ransomware criminals, more strictly regulating cryptocurrency, mandating that organizations report ransoms and requiring they consider alternatives before paying.

The U.S. has also taken a number of steps this year. Mr. Biden increased the pressure on Russia, communicating directly with President Vladimir Putin. “I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act,” he told reporters in July.

The DOJ, meanwhile, is effectively treating ransomware investigations like terrorism cases, devoting more resources to tracking down perpetrators. In May, the White House issued an executive order that, among other things, established baseline security standards for software used by the federal government and set up a review board to analyze breaches, similar to the National Transportation Safety Board that studies airplane crashes.

Here, the federal government response has been muted. The Prime Minister’s Office referred questions to Public Safety Canada, which highlighted a few recent initiatives related to ransomware, such as a cybersecurity self-assessment tool for critical infrastructure sectors. Along with the RCMP and the Communications Security Establishment, the department held two preparedness exercises with 500 critical infrastructure partners and conducted a webinar with Microsoft Canada to raise awareness of ransomware threats. Public Safety didn’t indicate any forthcoming initiatives, other than a new fraud and cybercrime reporting system scheduled for 2023-24.

“The Government of Canada recognizes that ransomware is a growing threat to Canadians and Canadian businesses,” a spokesperson wrote by e-mail. The department works with multiple organizations, including the Canadian Centre for Cyber Security, and “regularly monitors and proactively shares threat information with Canadian organizations, government partners and industry stakeholders,” the spokesperson added.

The department also pointed to a two-year cybersecurity review initiated by the federal government in 2016 that lead to nearly $1-billion in funding. But the review was completed before the explosion in ransomware. “The government put $1-billion into this, and then sort of washed its hands and walked away,” says Christian Leuprecht, a professor in the political science and economic department at Royal Military College.

The Canadian government, he argues, should set baseline cybersecurity standards for software and internet-connected equipment. Companies could then apply on a voluntary basis for certification and be subjected to regular audits. “What it does is require companies to remedy some of the most egregious vulnerabilities in the products and services they offer,” Mr. Leuprecht says. “It’s also something for the public and the consumer to decide where they want to place their trust.”

Likewise, Mr. Shipley at Beauceron says the government could use tax incentives to encourage companies to invest in cybersecurity, particularly small- and medium-sized firms that might not have the resources to do so otherwise. “That’s how government can get off the bench,” he says.

It might seem self-serving for industry players to suggest policies that result in more business. But Matt Holland, founder of cybersecurity company Field Effect in Ottawa, says some proposed solutions just treat the side effects of ransomware. Insurance coverage for ransoms is merely a by-product, for example, so prohibiting it does little. “What I’d like to see is a shift in government to help encourage small and medium-sized businesses to get good protections in place, because a lot of the attacks that we see are completely preventable,” he says. Smaller firms typically don’t have the budgets for cybersecurity and are “basically sitting ducks.”

At Meadowlark, the disruption caused by Conti’s ransomware attack shaved off about 4 per cent of its annual revenue – not ruinous, but not negligible, either. For all the stress the ordeal caused Jane, it came to a perfunctory end when she received a brief e-mail one day in July. It was from the company that handled the payment to Conti, saying the money had been successfully transferred.

The forensic firm also gave Meadowlark recommendations on how to beef up its security, including multifactor authentication, a management system for software patches, data encryption and a 24-7 threat monitoring service – some of which Meadowlark had already been pursuing. Cybersecurity professionals say it’s not enough to call it a day after making a few upgrades. Employees have to be educated on risks and best practices. Response plans must be drafted in case hackers do manage to get in. And companies must adopt a zero-trust framework, which involves hiving off their most critical assets.

A cloud continues to loom over Meadowlark, however. Its insurer cautioned companies that pay off ransomware attackers are more likely to be hit again, having shown themselves to be easy marks. While some experts quibble with that claim, Jane will never shake the idea that Meadowlark remains a target. It’s not a pleasant feeling – but the company might be better off because of it.

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the author of this article:

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies