What is ransomware?

What is ransomware?

Ransomware is the most common cyber threat Canadians face and it is on the rise, according to the Canadian Centre for Cyber Security (CCCS), though basic cyber security practices prevent the vast majority of incidents.

During a ransomware attack, malicious software is used to encrypt, steal or delete data, then demand a ransom payment to restore it.

Ransomware can have severe impacts including core business downtime, permanent data loss, intellectual property theft, privacy breaches, reputational damage and expensive recovery costs.

According to the National Cyber Threat Assessment 2023-2024 published by CCCS, ransomware is a persistent threat to Canadian organizations.

“Fraud and scams are almost certainly the most common form of cybercrime that Canadians will experience … as threat actors attempt to steal personal, financial, and corporate information via the Internet,” it states.

There were 305 reports of ransomware to the CCCS in 2022, up from about 295 the year before.

“Ransomware almost certainly has more impact on Canadian organizations today than it did in 2020,” the agency states. “Since 2020, the frequency of ransomware attacks worldwide has increased, and payment demands against large organizations have grown.”

What is a double extortion attack?

The document states that most ransomware attacks are double extortion attacks.

“This means that ransomware actors will exfiltrate files before encrypting them and threaten to leak sensitive information publicly if the ransom is not paid.”

It explains that double extortion ransomware is a form of malware that combines ransomware with elements of extortionware to maximize the victim's potential payout.

The report adds that ransom payments have increased since 2020, likely driven in part by increasingly significant demands against large enterprises.

“Even if victims choose to pay the ransom, there are no guarantees that their data will be recovered,” it states. “One survey of Canadian businesses found that only 42 per cent of organizations who paid the ransom had their data completely restored.”

How do I report a ransomware attack?

The CCCS encourages individuals and firms dealing with a ransomware attack to report the incident. However, the agency will not launch an immediate law enforcement response upon receiving the report.

“If you believe a cyber incident is an imminent threat to life or of a criminal nature, please contact your local police services (911) or the RCMP,” it states. “We encourage all victims to report cybercrime activities to law enforcement.

“Reporting a cyber incident helps the Cyber Centre keep Canada and Canadians safe online,” the group explains. “Your information will enable us to provide cybersecurity advice, guidance and services.”

Two-year sentence for ransomware attack

An Ottawa man convicted on charges related to a ransomware attack affecting hundreds of victims was sentenced to two years in jail in January 2024 following a lengthy investigation by the RCMP, the FBI and Europol, according to a news report.

He coordinated ransomware attacks on private citizens, businesses and government agencies in Canada, along with "cyber-related offences" in the United States, the story states. He pleaded guilty to four counts of fraud and fraud-related charges.

The attacks typically began with a "malspam campaign" that sent victims unsolicited emails containing infected attachments, the report states. Once those attachments were opened, he was able to make unauthorized banking transactions and deploy malware and ransomware.

One of his attacks affected 1,133 known victims whose losses totalled $49,200, according to the media report.

What are my legal defences?

Two sections of the Criminal Code deal with computer-based crimes such as ransomware.

• Unauthorized use of a computer: Section 342.1 (1) states that any person who uses a computer with intent to commit an crime is guilty of an indictable offence carrying a maximum penalty of 10 years in prison.
• Fraud: Section 380 (1) states that any person who defrauds another person of any property, money, valuable security or any service faces a maximum 14-year prison sentence where the value of the fraud exceeds $5,000. If the fraud is worth less than $5,000 the maximum penalty is two years in jail.

To charge someone with a ransomware-related offence, investigators must have electronic records that purport to show where the malicious software and ransom demands originated. The accuracy of those records can be challenged by a criminal defence lawyer.

If a computer was seized as part of the ransomware investigation, a lawyer can ensure police had first obtained a proper search warrant. If the suspect’s rights granted under the Canadian Charter of Rights and Freedoms were violated, that can be used as a strong defence since s. 8 of the Charter guarantees that we all have a right to be free from unreasonable search and seizure. If a violation has occurred, it can be argued that any evidence that the police gathered should be excluded from trial.

Contact me for assistance

As an experienced criminal lawyer, I'm ready to strategize your defence, clarify plea implications and look for holes in the evidence against you. Leveraging credible circumstances, I will endeavour to have your charges dismissed. Should a trial proceed, I will fight tirelessly on your behalf. Anyone in the Ottawa area can contact me for a free consultation in French or English.