Paying ransom for data stolen in cyberattack bankrolls further crime experts caution CBC Radio

pWhen the town of St Marys Ont fell victim to a cyberattack last year lawyers advised the municipality to pay a ransom of 290000 in cryptocurrencyppThe decision was made after an analysis by firms specializing in cybersecurity Al Strathdee mayor of the southwestern Ontario town of about 7000 residents said the potential risk to peoples data was too high not to pay upppWe could not be certain that there wouldnt be information leaked that would be damaging someones reputation or something he told Spark host Nora YoungppOrganizations from corporations to small businesses libraries to hospitals and towns to large governments are facing similar dilemmas as cybersecurity incidents rise Late last month five hospitals in southwestern Ontario and the Toronto Public Library TPL announced that they were subjected to a ransomware attackppConfidential patient and staff information was accessed and electronic medical records and emails remain unavailable the hospital network said Meanwhile many of TPLs online services have been down for weeks and the personal information of employees including social insurance numbers was stolenppDespite the potential interruptions cybersecurity experts say ceding to attackers demands isnt always the solutionppI think that the payment of the ransom even if you say this is worth it really creates a larger cycle where this continues to be a problem because other criminals are looking at it and saying Oh this is profitable I should get in on this said Josephine Wolff an associate professor of cybersecurity policy at the Fletcher School at Tufts University near BostonppRansomware and malware are becoming easier for bad actors to acquire as cybercriminals no longer have to write code and figure out how to distribute it on their ownppProviders are offering ransomware as a service similar to paying a monthly subscription to use an app or service on your smartphone which can be easily deployed by those seeking to extort potential targetsppSo youre sort of hiring them to distribute ransomware on your behalf and then you take some money from the target Wolff said The provider then takes a cut of that groups moneyppIts a way of sort of making ransomware more accessible to a larger group of criminalsppIn the case of St Marys Strathdee said its likely the malware LockBit 30 was in the municipal IT system for quite some time and perpetrators claimed to have stolen and encrypted data The mayor said that at the time of the attack in July 2022 the town was in the process of strengthening its security by moving many of its services to cloudbased systemsppStrathdee said the municipality had to navigate the attack with limited supportppYou feel like youre on the Titanic when youre starting this he told SparkppCybersecurity expert Ali Dehghantanha said its no surprise that a town like St Marys was targeted Attackers are going after organizations whose investment in cybersecurity measures falls below whats known as the cyber poverty line he saidppAttackers are always looking for lowhanging fruit and usually those organizations who are not having a mature cybersecurity program are the best targets Dehghantanha an associate professor of computer science at Ontarios University of Guelph said on The CurrentppWhether they are private companies or hospitals or schools it doesnt really matter for the attackers as long as they can get access and drop the ransomware and make the user to payppSixty per cent of small and mediumsized businesses in Canada are below that poverty line said Dehghantanha who is also a Canada Research Chair in cybersecurity and threat intelligenceppSt Marys hired consulting company Deloitte and a London Ont law firm to advise on how to address the attack An investigation found the threat of stolen data to be credible and the municipal government was encouraged to pay for a decryption key to regain accessppThe attack ultimately cost the town 13 million including the 290000 ransom payment according to a report released by the municipality and led to an overhaul of the local governments IT systemsppDehghantanha said the decision of whether to pay a ransom should be made with cybersecurity experts Even if an organization pays up he said theres no guarantee that criminals will provide access to whats been stolen as many have been known to disappear after receiving paymentppDecryptors are often already available for the most common types of ransomware he said so organizations may still be able to unlock their data without assistance from the attackersppThose people who are experts in this field can make the judgment call there whether that specific hacking team has a reputation to return back the data looking at the nature of the ransomware and whether its something that can be even retrieved Dehghantanha saidppOrganizations facing a cyberattack can also consult No More Ransom an online resource dedicated to resolving ransomware threatsppTheres not very widespread awareness of these tools and theres also a lot of shame and uncertainty around what to do when youre the victim of these attacks said Wolff of Tufts UniversityppThe threat of cyberattacks isnt going anywhere experts say Governments need to do more to support organizations facing threats they argue while artificial intelligence tools coming onto the market will provide more proactive monitoringppStrathdee of St Marys said support from governments and law enforcement was limited and collaboration is essential He said governments should work together to better support smaller municipalities and organizations from cyberattacksppIt was like a smash and grab and there was nobody there to jump in he said of his towns ransomware experienceppThe cavalry didnt come and the cavalry still isnt thereppInterviews with Al Strathdee and Josephine Wolff produced by Magan Carty and Sameer Chhabra Ali Dehghantanha interview produced by Meli Gumus and Niza Lyapa NondoppJournalistppJason Vermes is a writer and editor for CBC Radio Digital originally from Nova Scotia and currently based in Toronto He frequently covers topics related to the LGBTQ community and previously reported on disability and accessibility He has also worked as an online writer and producer for CBC Radio Day 6 and Cross Country Checkup You can reach him at jasonvermescbccappAudience Relations CBC PO Box 500 Station A Toronto ON Canada M5W 1E6 ppTollfree Canada only 18663064636ppIt is a priority for CBC to create products that are accessible to all in Canada including people with visual hearing motor and cognitive challengesppClosed Captioning and Described Video is available for many CBC shows offered on CBC Gemppp