💰💣

Canadian Centre for Cyber Security Security Incident

2020 2091 days ago Resolved

Incident Overview

Situation Description

The Canadian Centre for Cyber Security released a bulletin detailing the evolution of ransomware, its impact on Canada, and emerging trends, noting that ransomware attacks are increasingly sophisticated and target critical infrastructure.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Critical Infrastructure

Geographic Scope

National (Canada)

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

Operational / System Data

Primary Impacts

Operational Disruption Financial Loss Data Exposure

Key Decisions Made

Assess that it is almost certain that a majority of ransomware attacks against Canadian victims are unreported to authorities.; Judge that, almost certainly, ransomware directed against Canada in the next 12 months will continue to target large enterprises and critical infrastructure providers.; Assess that it is almost certain that cybercriminals will continue to scale up their ransomware operations and attempt to coerce larger payments from victims by threatening to leak or sell their data online.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

Evil Corp Trickbot FIN6 Ryuk

Additional Information

Alternate format : Cyber threat bulletin: Modern ransomware and its evolution (PDF,428KB) About this document Audience This Cyber threat bulletin is intended for the cyber security community. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see https://www.first.org/tlp/ Contact For follow up questions or issues please contact Canadian Centre for Cyber Security (Cyber Centre) at contact@cyber.gc.ca Table of contents Introduction Key ransomware variants and operators A brief history of ransomware The enabling factors of modern ransomware Emerging trends: Ransomware in 2020-2021 How states use and benefit from ransomware Ransomware activity against Canada Footnotes Assessment base and methodology The key judgements in this assessment rely on reporting from multiples sources, both classified and unclassified. The judgements are based on the knowledge and expertise in cyber security of Cyber Centre. Defending the Government of Canadas information systems provides Cyber Centre with a unique perspective to observe trends in the cyber threat environment, which also informs our assessments. CSEs foreign intelligence mandate provides us with valuable insight into adversary behavior in cyberspace. While we must always protect classified sources and methods, we provide the reader with as much justification as possible for our judgements. Our judgements are based on an analytical process that includes evaluating the quality of available information, exploring alternative explanations, mitigating biases and using probabilistic language. We use terms such as we assess or we judge to convey an analytic assessment. We use qualifiers such as possibly, likely, and very likely to convey probability. The contents of this document are based on information available as of 13 August 2020. Estimative language The chart below matches estimative language with approximate percentages....

... (truncated for display)

Quick Facts

Company:: Canadian Centre for Cyber Security
Date:: 2020
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 13/08/2020

Source Information

Original Query

comparative analysis of operational downtime costs for paying vs not paying ransom

View Original Source

Timeline

Information Published

13/08/2020

Incident Occurred

2020 (2091 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats