NEWS RELEASE
ONTARIO PROVINCIAL POLICE
*************************
Ransomware is the most common type of cyber threat affecting Canadians. May 12th was Anti-Ransomware Day, which was an opportunity for the Canadian Anti-Fraud Centre (CAFC), the National Cybercrime Coordination Unit (NC3) along with other partners to focus on preventing, educating and reporting ransomware incidents.
The CAFC and the NC3 have a close working relationship given the strong and evolving links between fraud and cybercrime. The two programs provide distinct services to the law enforcement community to combat crimes related to these domains and will increasingly provide highly coordinated services when there is a connection between fraud and cybercrime activities.
Ransomware typically involves criminals gaining access to a network or device and encrypting data to make either the system or data inaccessible to users. Cybercriminals demand the payment of ransom in order for victims to be able to decrypt their data or regain access to their networks.
Ransomware can impact a range of devices, from personal mobile devices through malicious applications to entire corporate networks. Cybercriminals may also attempt to extort victims by threatening to leak victim data online, and harass victim customers and employees to extort ransomware payments from victim organizations. It can vary in technical sophistication and level of compromise, and can target organizations of all sectors and types.
Most ransomware incidents start with an email phishing campaign. The email will contain an attachment which can be an executable file, an archive or an image or a link. Once the attachment is opened or the link is clicked, the malware is then released onto the user's system. The malware can remain dormant for many days or months before files or systems are encrypted or locked. Other ways networks and devices can be affected are:
• Visiting unsafe, suspicious or compromised websites;
• Inserting an infected external device (USB drive) into a device;
• Exposing the systems to the internet unnecessarily or without robust security and maintenance measures.
Anti-Ransomware Day 2
Why you should report Ransomware to local police and the CAFC
In order for law enforcement to combat fraud and cybercrime, it is essential that those who experience, or fall victim, report it to their local police and the CAFC. Local police are positioned to respond to victims in their jurisdictions and the CAFC supports law enforcement by sharing information collected through theses reports to the NC3 and its partners.
Reasons to report to the CAFC:
• Information could link a number of crimes together, in Canada and abroad;
• Information could progress or complete an investigation;
• Reports show crime trends and allows for crime forecasting;
• It helps law enforcement, private and public sector organizations learn about these crimes and supports prevention and awareness efforts.
Warning Signs - How to protect yourself
• Be cautious of any unsolicited email;
• Do not respond to suspicious emails and do not click on any links in them;
• Ensure a backup plan for your data that is consistent and frequent;
• Have multi-factor authentication and anti-malware software;
• Ensure regular software and system updates/patches as well as frequent system-wide password changes;
• Publish and enforce an employee security policy;
• Work with law enforcement when developing and testing an incident response plan;
• Report, report, report!
• Visit the CAFC for more tips and tricks for protecting yourself;
• Visit the Canadian Centre for Cyber Security for additional information on ransomware and cyber security advice, guidance and services.
Anyone who suspects they have been the victim of cybercrime or fraud should report it to their local police and to the CAFC's online reporting system or by phone at 1-888-495-8501. If not a victim, you should still report the incident to the CAFC.
*************************