Paying ransom for data stolen in cyberattack bankrolls further crime, experts caution
Ceding to demands can alert other hackers, with no guarantee access will be granted
When the town of St. Marys, Ont., fell victim to a cyberattack last year, lawyers advised the municipality to pay a ransom of $290,000 in cryptocurrency.
The decision was made after an analysisby firms specializing in cybersecurity. Al Strathdee, mayor of the southwestern Ontario town of about 7,000 residents, saidthe potential risk to people's data was too high not to pay up.
"We could not be certain that there wouldn't be information leaked that would be damaging someone's reputation or something," he told Spark host Nora Young.
Organizations from corporations to small businesses, libraries to hospitals and towns to large governments are facing similar dilemmas as cybersecurity incidents rise. Late last month, five hospitals in southwestern Ontario and the Toronto Public Library (TPL)announced that they were subjected to a ransomware attack.
Confidential patient and staff information was accessed, and electronic medical records and emails remain unavailable, the hospital network said. Meanwhile, many of TPL's online services have been down for weeks, and the personal information of employees, including social insurance numbers, was stolen.
Despite the potential interruptions, cybersecurity experts say ceding to attackers' demands isn't always the solution.
"I think that the payment of the ransom, even if you say this is worth it ... really creates a larger cycle where this continues to be a problem because other criminals are looking at it and saying, 'Oh, this is profitable, I should get in on this,'" said Josephine Wolff, an associate professor of cybersecurity policy at the Fletcher School at Tufts University near Boston
Ransomware as a service
Ransomwareand malware arebecoming easier for bad actors to acquire, as cybercriminals no longer have to write code and figure out how to distribute it on their own.
Providers are offering ransomware as a service similar to paying a monthly subscription to use an app or service on your smartphone which can be easily deployed by those seeking to extort potential targets.
"So you're sort of hiring them to distribute ransomware on your behalf, and then you take some money from the target," Wolff said.The provider then takes a cut of that group's money.
"It's a way of sort of making ransomware more accessible to a larger group of criminals."
In the case of St. Marys, Strathdee saidit's likely the malware, LockBit 3.0, was in themunicipal IT system "for quite some time," and perpetrators claimed to have stolen and encrypted data. The mayor saidthat at the time of the attack in July 2022, the town was in the process of strengthening its security by moving many of its services to cloud-based systems.
Strathdee saidthe municipality had to navigate the attack with limited support.
"You feel like you're on the Titanic when you're starting this," he told Spark.
'Cyber poverty line'
Cybersecurity expert Ali Dehghantanha saidit's no surprise that a town like St. Marys was targeted. Attackers are going afterorganizations whose investmentin cybersecuritymeasures falls below what's known as the "cyber poverty line," he said.
"Attackers are always looking for low-hanging fruit, and usually those organizations who are not having a mature cybersecurity program are the best targets," Dehghantanha, an associate professor of computer science at Ontario's University of Guelph, said on The Current.
"Whether they are private companiesor hospitals or schools, it doesn't really matter for the attackers as long as they can get access and drop the ransomwareand make the user to pay."
Sixty per cent of smalland medium-sized businesses in Canada are below that poverty line, said Dehghantanha, who is also aCanada Research Chair in cybersecurity and threat intelligence.
St. Maryshiredconsulting company Deloitte and a London, Ont., law firm to advise on how to address the attack. An investigation found the threat of stolen data to be credible, and the municipal government was encouraged to pay for a decryption key to regain access.
The attack ultimately cost the town $1.3 million, including the $290,000 ransom payment, according to a report released by the municipality, and led to an overhaulof the local government's IT systems.
'The cavalry didn't come'
Dehghantanha saidthe decision ofwhether to pay a ransom should be made with cybersecurity experts. Even if an organization pays up, he said, there's no guarantee that criminals will provide access to what's been stolen as many have been known to disappear after receiving payment.
Decryptors are often already available for the most common types of ransomware, he said, soorganizations may still be able to unlock their data without assistance from the attackers.
"Those people who are experts in this field can make the judgment call there whether that specific hacking team has a reputation to return back the data, looking at the nature of the ransomware [and] whether it's something that can be even retrieved," Dehghantanha said.
Organizations facing a cyberattack can also consult No More Ransom, an onlineresource dedicated to resolving ransomware threats.
"There's not very widespread awareness of these tools, and there's also a lot of shame and uncertainty around what to do when you're the victim of these attacks," said Wolff of Tufts University.
The threat of cyberattacks isn't going anywhere, experts say. Governments need to do more to support organizations facing threats, they argue, while artificial intelligence tools coming onto the market will provide more proactive monitoring.
Strathdeeof St. Marys said support from governments and law enforcement was limited, and collaboration is essential. He saidgovernments should work together to better support smaller municipalities and organizations from cyberattacks.
"It was like a smash and grab, and there was nobody there to jump in," he said of his town's ransomware experience.
"The cavalry didn't come, and the cavalry still isn't there."
Interviews with Al Strathdee andJosephine Wolff produced by Magan Carty and Sameer Chhabra.Ali Dehghantanhainterview produced by Meli Gumus and Niza Lyapa Nondo.
_(720p).jpg)
 OFFICIAL HD MUSIC VIDEO.jpg)
.jpg)
