Ransomware Attacks in Canada: Find Solutions and Learn How to Address Them

News Mjolnir Security todayJune 29, 2022 106

share close

APT UNC2190 Set Sights on Canadian Targets

Ransomware Attacks Surge Across Canada in 2022

Ransomware attacks in Canada have been a common occurrence as criminal groups look to target and extort victims of all kinds. Hackers have taken great lengths to infect law enforcement agencies, school districts, government entities, and the organizations that manage critical infrastructures including the nation’s pipelines, rail, and road systems. The end goal is to extort large sums of money by encrypting a network’s data, or by publicly shaming and embarrassing prominent public figures including executive team members, police officers, or politicians.

Mjolnir Security has been successful in tracking the movements of these ransomware attacks across Canada, noting a concerning uptick in occurrences that began in the spring of 2022. One small but elusive ransomware group known as 54BB47h (Sabbath), or unc2190, is likely behind such attacks. This team has developed a new model for their criminal extortion techniques, hiring individual and local hackers to deploy unc2190 software onto vulnerable networks that can then harvest sensitive data and hold it hostage.

APT UNC2190 on the rise

With this approach, unc2190 can evade detection from law enforcement and keep a low profile as their hired hacker does much of the legwork. This hacker group has also been known to continuously rebrand itself in an effort to avoid detection from the public. When such an attack occurs, staff and IT professionals are faced with a complex decision, to either pay the ransom or format their entire systems and start from scratch.

What is A Ransomware Attack?

Ransomware attacks, in particular, look to exploit the vulnerabilities in your systems, hold your data hostage, and extort victims for money. A system can be infected with malicious code and run normally for several days, with malicious software collecting any data that isn’t relevant to normal operations. This data is then encrypted, effectively being taken hostage from the target until a ransom is paid.

Some ransomwares can even lay dormant and undetected for several days or weeks, collecting sensitive information from multiple devices including photos, videos, and passwords. This type of information can then be used against victims, as unc2190 has been known to use public forums and popular social media sites to threaten victims with public embarrassment, all in an effort to extort even more money from victims.

Typically, hackers will inform their victims that their systems have been compromised and the only way to access their data again is through payment to a cryptocurrency wallet. Hackers will provide an address to their crypto wallet which will help criminals evade detection from traditional banking systems.

There is, however, no motivation for the hacker to deliver on their promises to return compromised data. IT professionals should assume that once they receive a ransom message, their data is likely lost forever, even if they give in and send payment. Should an IT professional be unable to identify when their systems were compromised, a full restore to a previous backup may not offer a solution to the problem either, as previous backups may also be compromised.

How Should a Business or Company Handle a Ransomware Attack?

Ensuring that your systems are safe from such attacks requires an ongoing commitment to network security, including collaboration with third-party specialists who can offer solutions, but also preventative measures that can mitigate future risks. A strong commitment to system and server maintenance including regular patches and updates may prevent a ransomware attack. Oftentimes, victims of these types of attacks are taking advantage of outdated software or hardware. When your network security or operating system hasn’t been updated for quite some time, or you haven’t installed required security patches, it creates vulnerabilities for hackers to exploit. In other cases, an infection can come from human error, where something as simple as clicking a malicious email link can compromise a much larger network.

Ransomware Resiliency Solutions Offered by Mjolnir Security

Corporate IT employees are faced with the unfortunate truth that their systems are likely vulnerable to ransomware attacks that can put sensitive data at risk, cost your business or institution a small fortune, or publicly shame employees. These attacks have become more complex and coordinated over the years, leveraging the emotions of fear for the sole purpose of extorting money. A ransom message can be frightening in its nature, personalized towards specific people, or reveal personal details about details that were otherwise private.

Corporations, government entities, and public healthcare institutions must rely on third-party vendors that can spot vulnerabilities and ensure that your system is resilient to such attacks. Many third-party specialists have extensive expertise in network and server security and can help corporate IT professionals navigate the complexities of ransomware attacks.

Should your system be the victim of ransomware or financial extortion, contact Mjolnir Security directly to learn more about your options during these attacks and how you can work to prevent them in the future. Contact us today.

Written by: Mjolnir Security

Previous post