Canada is not immune to online extortion, despite apparently sidestepping a massive attack that temporarily crippled networks around the world, a cybersecurity expert said.
Atty Mashatan, a professor at Ryerson University’s School of Information Technology Management, said it was nothing more than a fluke that Canada appears to have been largely spared from Friday’s ransomware attack that disrupted services in Russia, the U.K., Ukraine, Spain and India.
Attacks like this one, dubbed “WannaCry” for the “WannaCrypt” technology used to execute it, happen when a type of software seizes control of a computer, encrypting its contents and rendering them inaccessible.
“The vehicle that the malware going from one device to the other is spam. The most common way that they do that is via a link in an email,” Mashatan said. “It looks as if it’s from someone you know, in your contacts. You click on it, and bingo. The actual malware, the file, is downloaded.”
The perpetrators then demand hundreds or thousands of dollars to unlock the victims’ computers — essentially holding the documents, photos and other items on the computer for ransom.
“This one wasn’t really a targeted attack at all,” Mashatan said. “They usually run this campaign and hope to infect as many devices as they can.”
“This time around we were lucky,” she said. “There’s so many people who are emailing one another within the U.K., whereas the traffic between the U.K. and Canada is not as much.”
But if the wrong person had clicked on an infected link, they could have spread the ransomware to Canada.
A hospital in Oshawa, Ont. said Saturday it appeared the ransomware threatened its computer system, but a spokesman for Lakeridge Health said the facility’s system was able to deflect the attack.
“Our antivirus software contained the attack and so while we’ve had to reset some of our systems we weren’t affected in the same way that other places were,” said Lloyd Rang, in an interview Saturday.
“Patient care wasn’t affected and neither were any medical records or health records breached in any way.”
Computer users worldwide — and everyone else who depends on them — should assume that the next big “ransomware” attack has already been launched, and just hasn’t manifested itself yet, Ori Eisen, who founded the Trusona cybersecurity firm, told The Associated Press.
The attack appears to be “low-level” stuff, given the amounts of ransom demanded, Eisen said Saturday.
He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.
A representative from Public Safety Canada said the Canadian Cyber Incident Response Centre is aware of the reported attacks, but made no mention on whether any Canadian users were affected.
The Communications Security Establishment, a Canadian intelligence agency, said in a statement Saturday that the federal government’s computer networks do not appear to have been affected by the attack.
In the meantime, Mashatan said it’s important for everyday people to remain vigilant to prevent these attacks from spreading.
She said people should keep their computers’ operating systems up-to-date, because the latest updates often patch up security holes. People should also avoid clicking on suspicious links.
With files by The Associated Press