M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on聽 on December 22, 2021.
On December 6, 2021, the federal ministers of Defence, Public Safety, Emergency Preparedness and International Trade, Export Promotion, Small Business, and Economic Development (the Ministers) released an聽聽to Canadians discussing the rise of ransomware attacks and offering guidance for organizations to curb this trend. Among the resources included in the letter, the Ministers refer to a聽聽recently published by the Canadian Centre for Cyber Security (the Cyber Centre).
In the open letter, the Ministers discussed the significant rise of ransomware threats targeting small and medium-sized businesses, health care organizations, utility organizations, and municipalities. During these attacks, threat actors would lock the organization out of its systems and only allow access once a payment is made, usually in a form of digital currency. To assist Canadians in this matter, the Ministers are working to provide the public with specific advice and guidance.
The Cyber Centre鈥檚 Ransomware Playbook is one of the newly released resources for Canadian organizations to better prepare against ransomware. The Playbook provides organizations with a basic understanding of the landscape and guidance on important issues, such as whether they should pay a threat actor鈥檚 ransom. It also includes suggestions on proper measures for organizations to mitigate the impact of these incidents. The Playbook is organized into the following two sections:
- How to聽defend聽against a ransomware attack, such as using
- cyber defence planning strategies like the implementation of backups systems and incident response plans; and
- cyber security controls throughout the organization鈥檚 network to add further protection.
- How to聽谤别肠辞惫别谤听from a ransomware attack, including
- immediate response actions to bring an organization鈥檚 system back under control after an attack; and
- recovery actions that will help an organization successfully rehabilitate its business for the long-term.
In closing the letter, the Ministers urged Canadians to take cyber security seriously and develop a proper protective infrastructure with updated technology measures that will make them well-prepared in their response to such incidents.
