Ransomware now stealing data, warns Ontario cybercop

ORILLIA, Ont. -Ransomware’s ability to encrypt entire volumes of data is a nightmare scenario for many infosec pros. Their only comfort may be the hope their backups are secure and data can be restored, with few side effects.

However, Ontario’s top cybercrime cop warns recent variants also include the ability to exfiltrate data.

“That’s scary,” Det. Sgt. Vern Crowley, head of the Ontario Provincial Police’s cybercrime investigations team, told infosec pros Tuesday at the annual security conference of the Ontario division of the Municipal Information Systems Association.

MISA members work in the IT departments of villages, towns and cities.

In the last four weeks, Crowley said his unit has responded to an outburst of cyber attacks, including ransomware.

The most recent victim was the city of Woodstock, Ont.

Not only is ransomware now stealing corporate data, Crowley said versions like Ryuk also come with the Emotet and Trickbot credentials-stealing malware.

For those who don’t realize, Ryuk in effect works backwards: It first tries to encrypt backups on the network, then servers, and finally endpoints. It also covers its tracks, wiping out shadow volumes and security event logs.

This makes it more important than ever, Crowley said, to keep logs as long as possible for forensic purposes.

Roughtly 80 per cent of ransomware is delivered through email phishing attacks, he said. However, recently his team has also seen criminals access networks through brute force attacks on open remote desktop protocol ports. RDP it shouldn’t be open to the internet, Crowley warned.

He insisted two-factor authentication to protect logins is “an absolute must … It will go a long way to protecting your systems.”

Having off-line backups that can’t be infected is another vital defence, he added.

Crowley also urged organizations to report all cyber incidents to local police – after all, it’s a crime — and not simply by saying ‘We’ve been hit by a virus.’ For investigative and data collection purposes police need to know what happened and what systems were affected. (For example, it may impact the ability to pay employees.)

Crowley doesn’t like when organizations pay ransoms, because it only rewards criminals. However, he admitted that if a firm doesn’t have a clean backup and free decryption keys aren’t available from security vendors it will have its back to the wall.

One problem, he said, is that there are still companies and municipalities that don’t believe they’ll be hit – they think ‘I’m too small.’

However, in an interview Crowley shied away from blaming management. The problem, he said, is hackers are creating sophisticated malware and phishing attacks that some people fall for.

“You could have the strongest IT at the end of the day people are your weakest link.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now