Ransomware Archives - IPOsgoode /osgoode/iposgoode/tag/ransomware/ An Authoritive Leader in IP Thu, 17 Mar 2022 16:00:59 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Hackers aren't only in Movies?! The Rise of Ransomware Incidents in Canada and what Canadians can do about it /osgoode/iposgoode/2022/03/17/hackers-arent-only-in-movies-the-rise-of-ransomware-incidents-in-canada-and-what-canadians-can-do-about-it/ Thu, 17 Mar 2022 16:00:59 +0000 https://www.iposgoode.ca/?p=39290 The post Hackers aren't only in Movies?! The Rise of Ransomware Incidents in Canada and what Canadians can do about it appeared first on IPOsgoode.

]]>
Emily Xiang is an is an IPilogue Writer, President of the Intellectual Property Society of Osgoode (IPSO), and a 2L JD Candidate at Osgoode Hall Law School.

Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLPwhopractices in the areas of intellectual property and information technology law.

This article was on the OBA’s Information Technology and Intellectual Property Law Section’s .

The threat of cyber attacks is no longer restricted to TV shows and movies, with cyber security incidents like ransomware attacks becoming far more frequent in daily life. While the COVID-19 pandemic may have slowed many aspects of society, ransomware has seen a marked increase in recent years around the globe – and Canada is no exception.

THE GROWING RANSOMWARE THREAT

Ransomware incidents involve threat actors infiltrating an organization’s defenses and deploying malware to prevent the company from accessing its information. Though the specific tactic may differ between threat actors, users will ultimately find themselves unable to access vital data and key systems unless the organization pays a ransom to the threat actors, usually in the form of digital currency. During the incident, threat actors may also extract data from the company’s network, which can have serious privacy consequences for the organization and its customers. Not only will their data be in the hands of an unknown party, but in many cases, threat actors may threaten to publish the exfiltrated information online if the organization refuses to provide them with payment.

Ransomware saw record-breaking numbers last year. By the end of the first half of 2021, global ransomware attacks hadby 151% as compared to the previous year, with ransom payments of up to CAD$48.4M being paid out to hackers. In Canada, the Canadian Centre for Cyber Security (the Cyber Centre) has knowledge of at leastthat occurred over the course of 2021 (though, it is important to note that the majority of ransomware attacks go unreported). Out of the known ransomware incidents that were reported to the Cyber Centre, more than half involved critical infrastructure providers. However, the Office of the Privacy Commissioner of Canada (the OPC) stressesfrom an attack, as incidents of ransomware have occurred indiscriminately since 2020 in not-for-profit, professional, financial, transportation, manufacturing, and retail sectors.

The increase in ransomware incidence and scope in recent years is partly attributed to the growing sophistication with which cyberattacks may now be conducted. A number ofin ransomware have arisen, and are rapidly changing the cybercrime landscape. For instance, ransomware-as-a-service (RaaS) is a model that allows developers to sell and/or lease ransomware to cybercriminals whilst being paid a percentage of the profit. These kinds of schemes allow an increased number of unskilled threat actors to get a hold of sophisticated ransomware technology, while providing skilled attackers the opportunity to profit from the mass distribution of their work. The world has also seen an increase in victims of high-impact targeting, wherein more targeted attacks are being launched at supply chains and essential services in order to maximize potential victims and profits. For instance, many threat actors have leveraged the COVID-19 pandemic to aim at high-impact targets that have become especially vital in current circumstances, such as emergency medical services and law enforcement agencies. As stated by chief information officerat UTHealth in Houston, “[a]ttackers [targeting hospitals] understand that we’re talking about life and death. There’s a great incentive to just pay and get the thing unlocked so we can treat patients.” In finding more opportune ways to breach vulnerable organizations, threat actors are demonstrating that their targeting schemes are becoming increasingly sophisticated, as well as strategic.

SEVERE FALLOUT FROM ATTACKS

Ransomware attacks may have far-reaching implications on company operations. On May 7th, 2021, American oil companyfell victim to a ransomware attack that immobilised several of its computerized equipment systems. As a result, operations for the largest fuel pipeline in the US were temporarily suspended, resulting in price spikes and fuel shortages for millions of Americans. Even more recently, global human resources company Ultimate Kronos Groups (UKG) was also hit with a ransomware attack on December 11th, 2021, resulting in a worldwide shutdown of their cloud services. The incident impacted millions of users, with employees who relied on UKG’s cloud system reporting paychecks short by, as their employers struggled to find alternative means for managing payroll. Kronos is known totens of thousands of organizations – including half of the Fortune 100 – and more than 40 million people in over 100 countries everyday, including businesses in Canada.

A CALL FOR ACTION

The Cyber Centrethat ransomware will continue to pose a threat to national security and economic prosperity in 2022. They also predict that threat actors utilizing ransomware will likely become increasingly aggressive in their operations and targeting schemes. Similarly, the OPCthe potential harm that can result from this type of attack and considers such incidents to meet the real risk of significant harm threshold under thePersonal Information Protection and Electronic Documents Act. As part of an ongoing, national effort to mitigate the effects of ransomware and related cyber threats, theto take this matter seriously and address it head-on through adopting proper security measures.

PREPARING FOR RANSOMWARE ATTACKS

Cyber Security Preparations

To assist organizations in their cybersecurity preparation, the Cyber Centre recently released a(the Playbook) with guidance on how to defend against and recover from cyberattacks. It recommends that businesses implement cyber defence planning strategies, such as preparing multiple backup systems ahead of time. Backup systems provide organizations with a copy of their data, which can then be used for restoration activities in the wake of a ransomware attack. When developing a plan for implementing backup systems, it may be useful to contemplate the frequency and extent that the data should be backed up and storage considerations for the backup systems. The Cyber Centre advises that backups stored online within the organization or on a cloud platform are more commonly susceptible to ransomware attack, while backup systems stored offline, in a separate physical location from the main business site and disconnected from its networks, offer the most protection against ransomware incidents.

In addition to preparing backups, the Playbook has details on different cyber security controls that can be implemented as part of the organization’s defenses. For example, having multi-factor authentication (MFA) in place on company devices may assist in thwarting off threat actors. It may also serve to hinder threat actors from gaining full access to target systems in the event thattheyaresuccessful in getting past initial IT defenses. In addition to MFA, businesses may want to consider having a system that can continuously monitor their network and establish an acceptable baseline of activity. This can be used to flag anomalies in activity patterns and sound the alarm when there is a potential risk to the organization.

Planning Ahead

Apart from having technical controls, it may be prudent to consider creating plans that serve as reference guides during ransomware incidents. The Cyber Centrecreating an incident response plan that is geared towards cyber defense strategy, including detecting and responding to an attack. The incident response plan can include the objectives, stakeholders, responsibilities, communication methods, and escalation processes that are involved in the response strategy. To formulate this plan, organizations may want to conduct a risk assessment of their assets and identify the potential consequences that would result from them being compromised, so as to discern the business’ response priorities. When drafting the incident response plan, it may be beneficial to keep the plan simple and flexible, so that it can be easily adapted to the circumstances of the actual event.

To compliment the incident response plan, businesses could consider developing a disaster recovery plan that focuses on resuming operations after a ransomware incident. The Cyber Centrethat an effective plan should identify the entity’s critical information (e.g. financial records, proprietary assets, etc.), their most essential systems that are required for business continuity, and their most vital business functions. Once a plan is formulated, multiple trial runs should be conducted to determine potential areas for improvement.

More Options

In addition to the above ransomware-specific guidance, themay offer insight for organizations looking to improve their cybersecurity foundation. This program is mainly aimed at small and medium-sized businesses, but welcomes enrolment from all organizations in Canada. As part of the program, businesses are required to adopt measures in certain baselinethat reflect industry-accepted best practices and target key considerations for the organization’s systems and employees. Furthermore, implementing these controls has the added benefit of fulfilling prerequisites for the Government of Canada’s. The certification is valid for two years and can beat the organization’s physical location and on its website to let others know that their business has met the standard.

CYBER INSURANCE

When preparing for ransomware attacks, organizations may want to consider how they would fund response efforts in the event that a threat actor manages to get through their defences. Though a business is already insured, traditional insurance policies may provide limited or no coverage for cyber attacks. Reviewing one’s current insurance policy and acquiring adequate cyber coverage where it is lacking is a crucial step that should not be left out of any discussion on ransomware preparation.

MOVING FORWARD

In our current technological landscape, ransomware attacks and other cyber security incidents have unfortunately become a daily reality of doing business in Canada and around the world. In light of the rising threat, organizations are encouraged to approach the matter with equal tenacity. By taking the appropriate proactive measures, we can better safeguard our activities and mitigate the impact of ransomware attacks on our businesses.

The post Hackers aren't only in Movies?! The Rise of Ransomware Incidents in Canada and what Canadians can do about it appeared first on IPOsgoode.

]]>
The U.S. Department Of The Treasury’s Office Of Foreign Assets Control Releases Updated Advisory On Sanctions Regarding Ransomware Payments /osgoode/iposgoode/2021/10/14/the-u-s-department-of-the-treasurys-office-of-foreign-assets-control-releases-updated-advisory-on-sanctions-regarding-ransomware-payments/ Thu, 14 Oct 2021 16:00:12 +0000 https://www.iposgoode.ca/?p=38414 The post The U.S. Department Of The Treasury’s Office Of Foreign Assets Control Releases Updated Advisory On Sanctions Regarding Ransomware Payments appeared first on IPOsgoode.

]]>
M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on on October 13, 2021.

Ransomware attacks are on the rise, with the Federal Bureau of Investigation reporting a nearly 21% increase in reported ransomware cases and a 225% growth in associated losses from 2019-2020. On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued anto highlight the sanctions risks associated with ransomware payments to malicious cyber actors and proactive steps that companies can take to mitigate those risks.

OFAC has designated some malicious cyber actors in its cyber-related sanctions program and other sanctions programs to discourage payments of cyber ransom or extortion demands to these parties.

According to the advisory, U.S. persons are generally prohibited from engaging in transactions with those on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), other blocked persons, and those covered by country or region embargoes. Furthermore, any transaction that may violate the International Emergency Economic Powers Act (IEEPA), including a transaction by a non-U.S. person that causes a U.S. person to violate an IEEPA-based sanction prohibition, is also banned.

In response to sanctions violations, OFAC may hold such persons civilly liable even if they were unaware that the transaction was prohibited under sanctions laws and OFAC’s regulations at the time. The OFAC’s Economic Sanctions Enforcement Guidelines describe the department’s enforcement policies, as well as mitigating factors that may be considered by OFAC, including:

  1. meaningful measures taken to improve cybersecurity practices and reduce the risk of extortion by sanctioned actors; and
  2. the reporting of ransomware attacks to government agencies and cooperation with law enforcement.

If those factors are present, OFAC’s resolution could be limited to a “no action” or a “cautionary” letter, rather than a public response. Businesses that fall under OFAC’s regulation should aim to revise their cybersecurity incident response plans to better align with the recommendations in the updated advisory.

The post The U.S. Department Of The Treasury’s Office Of Foreign Assets Control Releases Updated Advisory On Sanctions Regarding Ransomware Payments appeared first on IPOsgoode.

]]>
Cyber Horrors: Ransomware and You /osgoode/iposgoode/2021/08/12/cyber-horrors-ransomware-and-you/ Thu, 12 Aug 2021 16:00:34 +0000 https://www.iposgoode.ca/?p=37997 The post Cyber Horrors: Ransomware and You appeared first on IPOsgoode.

]]>
Photo by: (Unsplash)

Natalie BravoNatalie Bravo is an IPilogue Writer and a 2L JD Candidate at Osgoode Hall Law School.

Do you ever get weird emails that are poorly-veiled attempts? Strange requests for payments? These phishing attempts are occurring more frequently, but they are just the tip of the ransomware iceberg. Cybersecurity breaches are a serious concern and the ever-evolving technological landscape is an endless playing field for dedicated malicious actors. Widespread breaches exemplify the need to updated software and security policies across all sectors which use online services. With the pandemic and many working from home, these attacks are on the rise. The Canadian Centre for Cybersecurity reported that ransomware is an and

Many Canadians have not heard of , a malicious software (“”) that attacks computers by user files so that malicious actors can request monetary ransom to decrypt or unlock the files. These are typically, though not always, carried out by an unauthorized or unknown transfer of a Users may download and/or open a file that appears legitimate and unknowingly infect the operating system with malware. Accompanying ransom demands are usually requested in the form of Bitcoin due to the presumed anonymity of the transactions. The use of Bitcoin is rampant in these types of attacks – so much so that they have impacted (“K۰”) . Sometimes hackers . In a recent report, McCarthy Tétrault’s Cyber/Data Group estimated that Canadian organizations . Ransomware attacks damaging more than finances as they can disrupt operations and corrupt or destroy sensitive data. During the pandemic, hospitals are of utmost concern. The click of an ad, a visit to a website, or a simple file download could risk your data.

In 2017, a high-profile ransomware attack named devastated various organizations worldwide. The automatically spread throughout networkers and did not require users to open or download any files. It encrypted user files and demanded Bitcoin ransom payments to decrypt them. WannaCry targeted “end of life” or outdated versions of and exploited certain vulnerabilities within the software. Operating systems must frequently be updated to implement security patches that prevent such exploits. However, updates for older computers are usually discontinued as technology progresses. Microsoft quickly released further following the mass attack. The international event was and reported to have impacted more than 200,000 computer systems and caused an estimated hundreds of millions to billions of dollars in damage. The WannaCry attack affected organizations such as factories, telecommunication companies, hospitals, governments, and delivery systems. Years later,

WannaCry was terrifying when it happened, but many more concerning high-profile cybersecurity attacks have occurred within the past year . Just imagine . Some alarming events in the past three months include the following:

  • In May 2021, the largest petroleum pipeline in the United States, Colonial Pipeline is reported to have been hacked via a . The password had access to the company’s internal network and was also unfortunately leaked on the dark web. The hackers utilized the credential to attack and extort Colonial Pipeline. The systems started to shut down and the ransom demanded was $4.4 million in payment. The company stated they had no choice but to
  • In June 2021, one of the largest meat producers in the US, JBS made the difficult decision to pay the $11 million USD ransom in Bitcoin to resume plant operations.
  • On July 4th, 2021, the ‘,’ allegedly conducted by Russian-associated hackers REvil, hit during the US holiday weekend. Kaseya, a software firm, was targeted in the . Supply-chain attacks, in brief terms, involve compromising a trusted supplier therefore sabotaging the distribution system. The Kaseya attack largely affected US businesses, but Canada was also impacted. Between 800 and 1,500 organizations across the globe were impacted and essentially paralyzed. They demanded from affected users/companies and expressed some willingness to .

It is difficult to know what will happen next with technology, computers, and software. It is best to be proactive and cautious. I have compiled some tips, supported by and the , to help keep your data and your employer’s networks safe:

  • Check your computer(s) for updates frequently, and make sure your operating system is still receiving new updates.
  • Back up your data periodically and preferably offline. If you are targeted and your data becomes inaccessible, you will feel so much better knowing you had a back-up or two handy.
  • Make sure you are running a trusted anti-virus program, sometimes they are installed on your computer.
  • Understand how to your data in the event of a breach and practice the recovery methods.
  • Keep your passwords safe and unique - reusing passwords is never a good idea.
  • Familiarize yourself with common types and methods of malware. You can find a handy list .
  • Contact your organization’s IT department whenever you see anything suspicious, just in case.

Stay safe, don’t interact with strange emails, and always update and backup if possible! Feel free to comment below any tips or advice you may have.

The post Cyber Horrors: Ransomware and You appeared first on IPOsgoode.

]]>
COVID-19 & Cybersecurity Risks /osgoode/iposgoode/2020/11/18/covid-19-cybersecurity-risks/ Wed, 18 Nov 2020 15:53:40 +0000 https://www.iposgoode.ca/?p=36153 The post COVID-19 & Cybersecurity Risks appeared first on IPOsgoode.

]]>
On November 2nd and 3rd, I was given the opportunity to attend the Canadian Technology Law Association (CAN-TECH) . , I learned more about the legal aspects of technological COVID-19 responses, proposed frameworks for digital identity, financing and start-ups in the current environment, working from home and its impact on diversity, and the latest legal developments related to privacy, cybersecurity, video games, and artificial intelligence. I particularly enjoyed the plenary session on “Cybersecurity: Shielding Your Clients from Expanding Threats” because of my interests in cybersecurity and privacy law.

In the cybersecurity plenary session, the experts discussed the recent cybersecurity threats in the midst of the COVID-19 pandemic. The global COVID-19 pandemic has been said to add “ to the threat environment leading to a drastic increase in the volume of cyberattacks and breaches during the past 12 months in Canada. In Canada, of businesses experienced a cybersecurity breach that negatively impacted their operations. For instance, refer to hackers infecting a computer or network with viruses that encrypt and hold the data “hostage” until a ransom is paid. Ransomware attacks cost Canadian companies around when downtime costs are factored in.

Moreover, hacking groups, like and , are increasingly conducting attacks where hackers exfiltrate and download sensitive data before launching a ransomware attack. The attackers can maximize their chance of getting the companies to pay the ransom by . Most of these cyber attackers demand the ransom in , making it very difficult for law enforcement agencies to track and investigate the crimes.

The attackers choose different sized businesses and organizations for various reasons. For instance, health care providers, law firms, government organizations and large companies are often targeted by (APT) attacks, which require the attackers to carefully research and choose their victims over a long period. Executing an APT attack usually than other attacks and is typically done by experienced and financially-backed cybercriminals. Cybercriminals might choose to attack to demand greater ransom payments.

Cybercriminals also choose small and medium-sized organizations and businesses because they are seen as soft targets who do not have . Moreover, small and medium-sized companies often outsource their IT needs to third parties, creating another cyber risk level for small-sized companies to mitigate. Consequently, small and medium-sized companies must get which will allow them to access resources that may otherwise not be accessible to them. Cyber insurance may also provide coverage and protection for liability regarding .

Though having cyber insurance is extremely important, cybersecurity risk mitigation and management practices are critical to minimize breaches' harm. It has been said that of successful breaches are initiated through phishing emails, malicious attachments, unpatched systems or “vulnerabilities,” or lack of two-factor authentication systems. To mitigate an attack, best cybersecurity practices, such as having a detection plan, threat intelligence, disaster recovery, training, fire drills and having sufficient back-ups, must be in place prior to the attack. Adopting and applying the best cybersecurity practices is incredibly important during the pandemic for those who in an environment that might not have the same formal cybersecurity protections and processes in place. This is true, especially for who have to meet their professional responsibilities such as the obligation of confidentiality, privilege, and the duty of technological competence. It is very important to know and meet these professional and ethical responsibilities even as a law student. Hence, I am very happy that I was given the opportunity to attend this conference, as it taught me a tremendous amount about the most recent and significant developments in Canadian and international technology law.

Written by Elif Babaoglu. Elif is a contributing IPilogue editor and an avid privacy and tech-law enthusiast with a particular focus on artificial intelligence.

The post COVID-19 & Cybersecurity Risks appeared first on IPOsgoode.

]]>