I have spent a majority of this summer writing about Cyber-attacks that are occurring here in the United States. I think I might have written something here and there about things going on in Europe, but probably nothing too substantial on it.
Well today, we are going to examine some Cyber-attacks that have occurred to our neighbor to the north, which is of course Canada. This country also has been hit some major Cyber-attacks, and we will now examine them along with the Canadian approach on how to combat Cyber terrorism.
*Several services in the Ontario municipality of Wasaga Beach were paralyzed by a Ransomware attack on April 30, 2018. It was reported back in July that the Cyber attackers had initially demanded 11 bitcoins, which is worth approximately $144,000 (in Canadian Dollars) in order to release the 11 servers that were hijacked. Although they were recommended not to pay the ransom, the organization did go ahead and paid the ransom, and luckily for them, the Cyber attackers relinquished control of these servers. Keep in mind that most Cyber attackers do not actually relinquish control of victim computers and the associated files even after they have been paid. So, in this case, Wasaga Beach was very lucky to have such “kind” Cyber attackers. For instance, about seven weeks after the Cyber-attack, the municipality reached an agreement with the Cyber attackers, paying them three bitcoins (for a total of $35,000 [CAN]) in exchange for access to four of its servers. Fortunately, there was no personal data on the residents of Wasaga Beach that was compromised.
*The Quebec Taxi Intermediary Reunion (RITQ) also suffered a ransomware attack that occurred on July 21, 2018. An email was sent on July 24 to the RITQ with a set of demands from the Cyber attackers. This investigation into this Cyber-attack was then turned over to the Quebec Police Service (SPVQ). This case has still yet to be resolved, the Cyber attackers have not been paid yet, and the company is still suffering from great impacts by this Ransomware attack.
*In terms of attack on Healthcare based organizations, Care Partners was also a victim of a major Cyber attack back in June of this year. In the end, there were 627 confirmed patient records that were stolen, along with 886 employee records as well. However, it is believed by Cyber security investigators that the total number of records breached (both employee and patient data) could be well over 80,000. It is still unclear as to whether or not a Ransom was actually paid in this Cyber-attack.
OK, now that we have outlined in some detail what has happened, how do the Canadian authorities tell people what to do? In other words, how do they tell their own citizens on how to avoid in being a victim of a Cyber-attack? Here are some of their recommendations:
*Have multiple levels of Security in place, both from a Logical and Physical Access Entry standpoint;
*Keep a daily rotation of backups on all critical files. It is important to keep backups both in the Cloud and on the physical media;
*Make use of backup media that is both not rewritable or reusable. If you can’t change what’s written there, then the Cyber attackers cannot either.
*Have an overall process and/or plan that your organization can activate in case you do become the victim of a Cyber-attack. This includes notifying customers, your Disaster Recovery plan, your Incident Response Communications plan, etc.
*Never pay a Ransom to the Cyber attacker. Thus, this stresses the importance of having backups in place, and relying upon your Cloud Provider as well to see how much can be restored.
My thoughts on this?
Well, this sounds like the usual laundry list of items that the FBI would also tell you, and perhaps other law enforcement agencies as well. But, there are two key areas of difference I have noticed between these Canadian recommendations and the United States recommendations:
*Making use of both physical and Cloud based storage mediums for your daily backups;
*Making use of media that is not rewritable or reusable.
So, I add these two items to the laundry list as well. But keep in mind one very important aspect: If you choose to use physical based media for your backups, make sure that you store them offsite as well, not in the direct, physical premises of your business or corporation!!!
Finally, this should prove that the Cyber attacker knows no geographic bounds. He or she will attack anywhere in the world, as long as they can get a hold of one of these two items, or even both:
*Personal information and data.