As many of us continue to work from home, individuals and businesses alike need to ensure that they are protecting their data. Cyber attackers are taking advantage of the fact that users are increasingly working from home. As we conduct more of our communication via email, the risk of phishing attacks increases. Those working from home are also more likely to engage in ‘riskier’ behaviour, such as visiting insecure websites, downloading risky apps, or sharing devices and networks with those outside their workplace. Many are also operating from home computers without the latest security software or from unsecured home networks that are more exploitable than the corporate-level security infrastructure used in office. Once an attacker has encrypted a home user’s device, they can swiftly infiltrate other devices connected on the same internet or corporate VPN. At this time, one of the most common forms of cybercrime in Canada is ransomware. It is a major threat facing organisations across the country.
What is Ransomware?
Ransomware is a type of malicious software – or malware – that encrypts the data on a particular device and prevents the victim from accessing their files. Ransomware can also spread to other connected devices on the same network. The attacker demands a ransom from the victim in order to restore access to the data. The attacker may also threaten to publish the victim’s data if the ransom is not paid. Typically, attackers will demand payment of the ransom to be in the form of a digital currency, such as in Bitcoin, to limit the ability of tracing the transfer.
Recommendations to Prevent an Attack
While the threat of a ransomware attack may seem quite daunting, you can take steps to prepare for and prevent an attack. The Canadian Centre for Cyber Security (CCCS) recommends ensuring that all devices have a backup that is stored offline, such as on an external hard drive. For those using a cloud service provider, users should ensure that the backup is not being stored on the same network as the device. Although this step will not prevent a malware attack, it can limit the damage significantly and ensure continued access to your data and files. With a secure backup, victims of a ransomware attack can safely wipe their device (including the malware) and restore their data without paying a ransom. Unaffected devices can also open backed-up files.
Second, it is crucial to ensure that operating systems are up to date. The most common way cyber attackers are able to get into a system are by exploiting known vulnerabilities. Users should keep their operating systems and third party apps patched with the newest updates at all times.
Third, users should beware of opening suspicious attachments. Another common method of cyber-attacks is to spread ransomware through infected Microsoft Office attachments. In this method, the ransomware generally prompts the user to enable macros in order to see the content of the document. If enabled, the ransomware will automatically download to the device. The CCCS, therefore, recommends that users disable macros by default, be suspicious of any prompts to enable macros, and never open attachments or links from senders that they do not know.
Finally, businesses should provide cyber awareness training for employees as an important step to prevent against cyber attacks. They should train employees to recognize phishing emails, and be aware of any procedures in place to report ransomware attempts or successful attacks to their organisation’s IT department. Businesses should also practice their recovery procedures and simulate a ransomware event in order to determine how long it would take to get back online and identify any deficiencies in their recovery system.
The Lerners Privacy, Information and Data Security Group can assist with responses to ransomware attacks, as well as provide training on how to avoid ransomware traps.
 Phishing refers to the form of cyberattack, usually via email, in which attackers trick users into revealing or entering sensitive information such as passwords and financial information. Including a document or link within the email is also a common method of distributing ransomware. This spreads the malware to the affected device.
 Canadian Centre for Cyber Security, “Ransomware: Don’t Get Locket Out: (11 August 2020), online: <www.cyber.gc.ca/en/ransomware-dont-get-locked-out> [CCCS].
 Canadian Centre for Cyber Security, “Ransomware: How to Prevent and Recover: (06 October 2019), online: <www.cyber.gc.ca/en/ransomware-dont-get-locked-out>.
 CCCS, supra note 1.