Ontario and Quebec hardest hit provinces
TORONTO, Oct. 13, 2022 /CNW/ -- In recognition of Cybersecurity Awareness Month, Palo Alto Networks is sharing insights concerning the ever-present threat that ransomware poses to individuals, businesses and public institutions across Canada. In 2021, over 140 Canadian organizations suffered a ransomware attack, according to the 2022 Ransomware Threat Report recently released by Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader.
The Palo Alto Networks Unit 42 Threat Intelligence team analyzed ransomware leak site data to provide insights into more than 56 ransomware groups leveraging multi-extortion techniques. Multi-extortion is when attackers not only encrypt the files of an organization but also name and shame the victims and/or threaten to launch additional attacks to encourage victims to pay. In 2021, the names and proof of compromise for 2,566 victims were publicly posted on ransomware leak sites, marking an 85% increase compared to 2020. The largest number of victims from dark web leak site data were from the United States (1,217), followed by Canada (141), the United Kingdom (133), France (132), Italy (100) and Germany (100).
Conti, a once-prolific cyber extortion group that Unit 42 followed since 2020, targeted Canadian companies the most heavily in 2021, responsible for 27.7% of the leak site activity monitored by Unit 42. LockBit 2.0 was second (14.2%).
"Ransomware gangs have become more emboldened with their attacks in Canada and around the world, targeting businesses of all shapes and sizes," said Ivan Orsanic, regional vice president and Canada country manager at Palo Alto Networks. "It's not a matter of 'if', but when organizations will be targeted. Being prepared and having the right security strategy, policy, and technologies in place is critical to combatting the latest threats."
In December 2021, the Canadian government posted an open letter in which similar sentiments were shared: "Across the world, we have seen a marked rise in the volume and range of cyber threats — and Canada is no exception." At the time the Canadian government launched several efforts to help combat this threat, including the publication of a Ransomware Playbook to assist organizations with both prevention and response activities.
Organizations in Ontario and Quebec saw the greatest amount of activity on leak sites in 2021, with 52 and 45 victims, respectively, followed by British Columbia with 24 and Alberta with 10. Twenty-seven different ransomware groups posted details on victims in Ontario, the most of any province, followed by Quebec with 12. Unit 42 researchers did not see any leak sites posting breaches of organizations in Nova Scotia, Prince Edward Island, Yukon, Northwest Territories and Nunavut recorded in 2021.
Manufacturing was the most targeted Canadian industry vertical by ransomware gangs, accounting for nearly 20% of all attacks, followed by professional and legal services at just under 20%. Wholesale and retail as well as construction each accounted for 9.3%, with some of the least targeted industries being education and transportation at less than one percent.
Globally, Unit 42 incident response case data revealed that the average ransomware demand rose by 144% in 2021 to US$2.2 million, while the average payment climbed 78% to US$541,010. In addition to the increase in average ransom demands, Unit 42 researchers also observed a rise in the use of "victim shaming," where ransomware groups use leak sites to "name and shame" victims, thereby increasing pressure on the victim to pay the ransom demand. At least 35 new ransomware groups, such as Hive, BlackMatter and BlackCat (ALPHV), threatened to expose data or utilized leak sites in 2021.
"The ripple effect from these ransomware attacks can drastically impact services many of us take for granted, whether grocery shopping, buying gas or obtaining medical care," said Orsanic. "Combatting these threats is a shared responsibility with businesses and citizens needing to improve their cyber hygiene."
- For more information about the 2022 Unit 42 Ransomware Threat Report, please visit this page.
- To learn more about how Palo Alto Networks Unit 42 helps Canadian organizations protect against ransomware attacks, please visit our ransomware investigation page or our ransomware readiness assessment.
About Palo Alto Networks
Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.
At Palo Alto Networks, we're committed to bringing together the very best people in service of our mission, so we're also proud to be the cybersecurity workplace of choice, recognized among Newsweek's Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.
About Unit 42
Palo Alto Networks Unit 42 brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organization that's passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach, and respond to incidents in record time so that you get back to business faster. Visit paloaltonetworks.com/unit42.
For further information, contact [email protected]
SOURCE Palo Alto Networks, Inc.
Share this article