Question Period Note: Ransomware

Ransomware is a growing public safety and national security threat that compromises the safety of our citizens, the security of the online environment, and the prosperity of our economy.

• The Government of Canada recognizes that secure and reliable connectivity is a necessity for our daily lives and our collective safety and security because it underpins the delivery of critical services, such as health care, financial transactions, safe transportation, and emergency communications.
• Ransomware has become an increasingly common and significant risk to government, businesses, and individuals.
• The Canadian Government encourages all individuals and businesses that have experienced a ransomware incident to report it to law enforcement as soon as the incident is detected.
• The Government of Canada will continue to work to protect Canadians from malicious cyber actors, and specifically from the physical, economic, operational, and reputational damage of ransomware.
• The Government of Canada is committed to collaborating with all levels of government and other domestic partners to share lessons learned and best practices for the development of ransomware policy and an effective and coordinated response to ransomware threats.
• On the international stage, Canada is working with our allies to identify common issues, articulate potential solutions and coordinate efforts to combat ransomware threats.
• Combatting ransomware is not just a government effort. Many cyber incidents are preventable. We encourage all businesses to immediately review their risk management and business continuity plans with the ransomware threat in mind.

Ransomware is defined by the Canadian Centre for Cyber Security (CCCS) as a type of malware (malicious software) that denies a user’s access to files or systems until a sum of money is paid. It is the most common form of malware used for online extortion against Canada and Canadians.
Ransomware is a growing cyber threat that compromises the safety of our citizens, the
security of the online environment, and the prosperity of our economies. Not only is it criminal, it may also pose a threat to national security. Every year, ransomware campaigns affect hundreds of Canadian businesses and critical infrastructure providers, including multiple hospitals and police departments, as well as municipal, provincial and territorial governments.
Evolving Threat Environment

According to the Cyber Centre’s 2020 National Cyber Threat Assessment, ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers, as well as organizations of all sizes. As Canadians continue to adopt new technologies and embrace more Internet-connected devices, malicious cyber threat actors will have a greater number of attack vectors that they can exploit to the detriment of Canada’s national security and economic prosperity.

As with other malicious cyber activity, ransomware is not constrained by borders, and the
international reach of cyber threats poses challenges to investigating ransomware offences,
and ultimately, identifying those responsible. Generally, the methods and tactics used by cybercriminals are evolving. As such, long-term and repeated compromises of profitable targets are increasing. Furthermore, recent ransomware strains have data stealing capabilities in addition to data encryption. These types of double-extortion ransomware threaten to publish stolen data unless the ransom is paid.

Ransomware is commonly used to target Canada’s critical infrastructure sectors, such as health, as there is an increased likelihood that affected organizations will pay the ransom to avoid lengthy shutdowns of their critical systems and resultant impact on citizens.

Example Case in Canada

Ransomware incidents are a growing national security threat. For example, according to media reporting in February 2020 the province of Prince Edward Island (PEI) discovered an active ransomware incident within the government computer network. The malware had begun the process of encrypting files and exfiltrating data when it was discovered. Although the malware was detected quickly and eliminated within 90 minutes, the personal data of some PEI residents (including names, Social Insurance Numbers, and audit information) was stolen and subsequently leaked by the threat actors.

This specific incident highlights just how significant these incidents can be and the threat that they pose to businesses, individuals, and government networks. Should cyber criminals obtain more sensitive data, it could pose a significant national security threat and lead to other crimes, such as fraud.

Government of Canada Response

Internationally, Canada works collaboratively with a number of partners, including Five Eyes partners, to address ransomware by actively sharing lessons learned by aligning policies, activities, public messaging, and industry engagement.

Domestically, the Canadian government is working closely across ministries, across all levels of the government, and with the Royal Canadian Mounted Policy (RCMP), to advance policy that helps protect, and strengthen the cyber resilience of, Canadian individuals, businesses, and critical infrastructure.

For individual Canadians, the Canadian government has created resources for Canadians through the Cyber Centre to inform them about how to prepare for, prevent, and recover from a ransomware incident.

For Canadian businesses, the Cyber Centre has developed e-learning modules to help business owners and employees learn about cyber security risks and threats, and how to be more cyber secure. It has also developed the Baseline Cyber Security Controls for Small and Medium Organizations, which lists a number of lower-cost and lower-burden security controls that businesses can implement to thwart cyber threat actors, reduce exposure to cyber threats, and get the most out of their cyber security investments. Additionally, the CyberSecure Canada Certification helps small and medium-sized organizations implement certification requirements so they can defend themselves against cyber incidents to protect their business, their clients, and partners.

Public Safety Canada, in close collaboration with the Communications Security Establishment and the Cyber Centre, developed the Canadian Cyber Security Tool (CCST) to help critical infrastructure organizations assess their own cyber security quickly and easily. The CCST is available to all critical infrastructure sectors in Canada to conduct a voluntary cyber security self-assessment.

None