Our office created the resource, “Ransomware – What Everyone Should Know”, to help individuals and public bodies think about why ransomware attacks happen, what they are, and what can be done to address or prevent them.
Ransomware attacks are not new. The first known instance of ransomware occurred in 1989 when Joseph L. Popp, a Harvard educated biologist, mailed floppy disks to 20,000 individuals containing a program that would encrypt their computers. Victims were asked to mail a $189 payment to a postal box in Panama to receive a second floppy disk containing the encryption key. Since he was a well-known researcher, no one suspected he had sent the floppy disk in bad faith. At the time, no one had heard of ransomware, either. Since then, ransomware has become much more widespread… and much more sophisticated. It has become a multibillion-dollar industry that affects thousands of people around the world.
Statistics Canada reported that in 2021, approximately 20% of Canadian businesses were impacted by cyber security incidents or cybercrimes. Businesses of all sizes were affected, including small ones with less than 50 employees. The most common type of incident involved demands for ransomware payments, followed by threats to steal personal or financial data. Most incidents did not appear to include a motive.
In 2022, the Canadian Anti-Fraud Centre received approximately 71,000 reports, with about half being reports from victims of mass marketing fraud. The top three reported types of fraud included phishing, extortion and personal information scams.
Ransomware evolves quickly. It is important to be aware of the threats and havoc it can create. It can cause temporary – or even permanent loss – of sensitive information, cause financial loss, make files on your computer unusable and disrupt your regular operations. It can also take weeks or more to recover data and get systems back to normal. Ransomware can be stopped, though, by learning what everyone should know.