Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

Michael J. Armstrong and Tejaswini (Teju) Herath are associate professors in the Goodman School of Business at Brock University.

October is Cyber Security Awareness Month and started with tantalizing reports that Internet giant Yahoo was secretly searching customer e-mails on behalf of American spy agencies. But in recent press releases from the FBI, Ontario Provincial Police and Interpol, it is the soaring frequency and sophistication of ransomware that is highlighted.

Typical hackers obtain their ill-gotten gains by stealing valuable data such as credit card numbers or passwords. They then find customers to buy that data.

Story continues below advertisement

Ransomware hackers instead sell data back to the owners. If ransomware infects your computer, it encrypts your files to render them inaccessible until you pay a ransom. This simplifies cybercrime by replacing theft with extortion.

This summer, ransomware forced the University of Calgary to pay $20,000 to unlock its employee e-mail system. And last month, a U.K. software services provider reportedly paid $31,500 to decrypt one of its servers.

Since CryptoLocker, a program that targets computers using Microsoft Windows, first appeared in 2013, ransomware attacks have soared. Cybersecurity firm Kaspersky Lab found ransomware on 50,000 corporate computers in 2015, double that of 2014.

The FBI estimated more than $209-million was paid in U.S. ransoms in the first three months of 2016, versus only $25-million for all of 2015. Check Point Software reported a 30 per cent increase in ransomware attempts in August alone.

A survey of 540 international firms conducted this summer by Osterman Research on behalf of anti-ransomware provider Malwarebytes found that nearly 40 per cent had paid ransomware in the previous year.

About 37 per cent of ransom demands fell between $1,000 and $10,000, and 25 per cent exceeded $10,000. Canadian managers apparently felt the most confident about countering ransomware; but once infected, Canadian firms were three times more likely to pay the ransom.

Ransomware's sophistication is growing alongside its frequency. Ransomware "worms" like ZCryptor can spread themselves across networks, rather than needing a ride on infected e-mails.

Story continues below advertisement

Some ransomware specialists are selling their services to organised crime. This crime-as-a-service business model allows criminals to outsource their technology needs.

What might come next? Imagine ransomware combining with state-sponsored hacking. Host countries might give, or sell, permission for ransomware hackers to attack rival countries' computers. These cyber privateers could plunder commerce abroad, without the host country's direct involvement. Think of regional rivals like Israel and Iran, or North and South Korea.

The Internet of Things might expose physical targets to ransoming. Control systems for factories and utilities are increasingly online. What if ransomware locked them off? If businesses begrudgingly pay thousands to recover e-mails, imagine what they'd pay to restart assembly lines.

Or how about virtual protection rackets? Instead of one-time ransoms to remove encryption, users might be "convinced" to pay ongoing fees for the "service" of avoiding encryption.

To defend themselves, computer users need to do the basics. Run antivirus programs to detect threats. Keep operating systems and applications updated. Think before clicking on unexpected e-mail attachments.

Users should also backup files regularly. If ransomware strikes, backups allow ransom-free system recovery. But keep them on removable drives, to prevent their infection too.

Story continues below advertisement

Infected users can also try decrypting files with tools from sites like NoMoreRansom.org. But these might work only on the simplest cases.

Software makers should do more to facilitate these safe-computing practices. For example, Windows now offers self-updating antivirus protection by default. That's great, but unfortunately the system also makes it harder to create backups on removable drives.

Business insurers could also play a role by requiring that corporate systems be updated and backed-up to qualify for coverage.

Because ransomware ignores borders, law enforcement needs to co-operate across jurisdictions. Last month's Interpol-Europol Cybercrime conference was a good step in this direction. If foreign hackers can effectively "tax" domestic businesses, ransomware will become a national security issue. So governments may need to negotiate agreements similar to those covering seaborne piracy.

Finally, firms might consider keeping key systems physically disconnected from the Internet, as some military computers always have been. Just because anything can be online doesn't mean everything should be. Remember, there are all kinds of yahoos out there.

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies