Cyber Security Awareness Month prompts warning of ransomware trends
As part of Cyber Security Awareness Month, we are educating businesses and the public about ransomware attacks.
Generally speaking, cybercrime reports specifically involving incidents of fraud are vastly underreported, however, reported incidents have continued to grow more than 70 per cent since 2017. The Calgary Police Service has received 19 reports of ransomware attacks so far this year.
What is a ransomware attack?
A ransomware attack is a type of malicious cyberattack where criminals encrypt the victim’s files and then demand a ransom in the form of cryptocurrency in exchange for a decryption key. Currently, most ransomware attacks incorporate a second method of extortion where data is stolen before it’s encrypted, and the criminals threaten to release the stolen data publicly unless the victim pays the ransom demand.
Ransomware attacks continue to be one of the largest cyber security threats to individuals and businesses around the globe that require extensive collaboration by law enforcement, government agencies and cyber security professionals across multiple jurisdictions, due to the complexity and international nature of these attacks.
Ransomware attacks affect individuals and corporations both large and small. In many cases, it’s not about whether a business suffers from a ransomware attack, but rather, a matter of when. It’s important that businesses have a response plan in place so that, in the event of an attack, IT professionals can respond quickly to minimize the impact of the attack.
“Though these offences often happen in different cities and across international borders, these crimes have very real and severe impacts on local Calgarians,” says Staff Sergeant Graeme Smiley of the Calgary Police Service Cyber/Forensics Unit. “This year we have announced participation in multiple partnerships that will allow for the creation of training opportunities and increase investigative capacities for various cybercrimes.”
The Calgary Police Service has the following recommendations for citizens and businesses who suffer a ransomware attack:
- If you are a victim of a ransomware attack, report it immediately. Alerting local law enforcement and financial institutions is key so that action can be taken quickly to prevent further fraudulent activity.
- Seek alternatives to paying the ransom. Paying a ransom does not guarantee that victim data will be unencrypted or that data will not be leaked by ransomware operators. Ransomware payments also directly fund and support criminal activity, encourage perpetrators to target more victims, and offer an incentive for others to get involved in this illegal activity.
- Limit access to accounts: Most individuals do not need access to all data on a network and do not need administrative privileges. Only give permissions and access to individuals that is required for their function. Limit administrative privileges to those who are required to manage the network.
- Do not click on suspicious links or attachments. If you receive unsolicited messages prompting you to click on links or enter personal information or download new software, verify the legitimacy of the request first.
- Have segregated and offline backups that are up to date. Network-attached backup solutions are good for recovering from hardware failures, however, most ransomware criminals will either destroy network-attached backup solutions or encrypt data on the backup drives as well.
- Utilize multi-factor authentication. Multi-factor authentication for accounts and remote access to network data can offer an extra level of protection.
- Educate employees about cyber safety. Training employees to identify malicious links, emails and websites is a critical step in protecting your network.
The Calgary Police Service encourages anyone who has suffered a financial loss as a result of fraud or extortion to report it to police by calling the non-emergency number at 403-266-1234.
If you have received a fraudulent text message, email or phone call but have not sustained a financial loss, please report it to the Canadian Anti Fraud Centre.
Tips can also be submitted anonymously to Crime Stoppers through any of the following methods:
APP: P3 Tips