Skip to main content

A security officer stands watch at a data center in Las Vegas, May 11, 2010.

ETHAN PINES/NYT

Canada and its "Five Eyes" intelligence alliance are mounting a major effort to track cybercriminals who are using a type of malware known as ransomware to hold sensitive data as hostage in return for ransom payments, generally in untraceable bitcoins.

The problem is global in scale and security experts estimate such ransoms total hundreds of millions of dollars a year.

Ransomware in real time: How hackers infiltrate secured systems

Story continues below advertisement

"The Five Eyes ... have gathered intelligence and co-ordinated, and the trend seems to be the industrialization of cybercrime," said RCMP Chief Superintendent Jeff Adam.

"It is no longer the kid in the basement doing to it to a couple of his friends. It is systematic. It is organized. It is international and it is actually loosely knit," Chief Supt. Adam said.

It is the first acknowledgment that the Five Eyes club, which also includes the U.S., the U.K., Australia and New Zealand, is using its secretive electronic-intelligence-gathering assets to go after cybercriminals. Normally the alliance targets and searches for suspected terrorist plots, traditional state-to-state espionage and state-sponsored cyberattacks.

The Canadian Cyber Incident Response Centre (CCIRC) is aware of 1,762 cybersecurity-related incidents last year, including thefts of intellectual property from foreign governments and a significant rise in the use of ransomware.

"Ransomware encrypts all the information on an affected system, demanding a ransom be paid in exchange for the key to decrypt the information," Colleen Merchant, director-general at CCIRC, recently testified before the Senate committee on national security and defence. "These attacks are likely to increase in frequency, as the payouts are lucrative for the malicious actors behind this activity."

The recent surge in ransomware has reached such levels that the U.S. and Canadian governments released a rare joint statement in March to educate individuals and businesses about the growing threat.

"Infections can be devastating to an individual or organization and recovery can be a difficult process that may require the services of a reputable data-recovery specialist," according to an alert distributed by the CCIRC and the U.S. Department of Homeland Security.

Story continues below advertisement

Chief Supt. Adam, director of the RCMP's technical investigative services, said cybercriminals – usually based abroad – go after soft targets such as hospitals, dentists, law firms and doctors.

"We are seeing ransomware as a worldwide problem," Chief Supt. Adam said. "We have some in the United States, for example, and a couple of incidents in Canada where organizations have been targeted, have had all of their operational or business interest files rendered encrypted and were unable to decrypt them without … backup processes, rebuilding them from scratch or, in some cases, paying ransom."

In some cases, Chief Supt. Adam said some cybercriminals will use ransomware to hack into personal computers and threaten to destroy family photos unless they are paid off in bitcoin.

It's difficult to nab many of these cybercriminals, who may use a decoder in Malaysia while the command and control centre could be in Germany.

A report by the Cyber Threat Alliance said ransomware was responsible for 406,887 attempted infections between January and November, 2015, and accounted for $325-million in ransom payments around the globe. Ransom payments must be paid in bitcoin, a digital currency which allows the cybercrooks to remain anonymous.

The Ottawa Hospital acknowledged in March that hackers used ransomware to attack four of its computers but no payments were made after its IT department was able to wipe each computer driver. In February, Hollywood Presbyterian Medical Center in Los Angeles paid a ransom in bitcoins equivalent to about $17,000 (U.S.) to hackers who infiltrated and disabled its computer network.

Story continues below advertisement

In 2013, the RCMP received over 4,400 reported incidents of cybercrime: an increase of more than 40 per cent from 2011. In the U.S. last year, there were 2,453 reported ransomware incidents in which victims paid about $24.1-million.

RCMP Sergeant Guy Paul Larocque said Canada doesn't have accurate figures on how much ransom money has been paid to cybercriminals because he estimates only about 5 per cent of crimes are reported to the police.

"We don't encourage anybody who has been targeted or victimized to pay the ransom," said Sgt. Larocque, who handles major fraud. "If someone decides to pay there is no guarantee that your files will get unlocked and there is also the risk that if the infection is not gone from your computer, the encryption of your files can occur at a later day and you will have to pay another ransom."

The best protection against ransomware is to frequently back up the data to an external device, updating computer software protection and avoid clicking on unknown links.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter