Skip to content

Cdn. companies paying almost $500,000 on average to ransomware attackers: survey

TORONTO — Canadian companies hit by ransomware attacks pay almost half a million dollars on average to perpetrators, according to the results of a new survey.
2021120310124-61aa324839bbee2cca0665d1jpeg

TORONTO — Canadian companies hit by ransomware attacks pay almost half a million dollars on average to perpetrators, according to the results of a new survey.

The survey conducted by Angus Reid for cybersecurity company Palo Alto Networks in September but released Wednesday revealed the average ransom paid by Canadian companies was $458,247, while the average ransom demanded was $449,868.

Nine per cent of respondents said they paid even more — between $500,000 and $1 million — while 8 per cent paid between $1 million and $5 million.

"It's not out of line with what we've seen globally or in the United States, but it's part of this ongoing trend," said Ryan Olson, vice-president of Palo Alto Networks’ Unit 42 threat intelligence team.

"Ransoms (are) continuing to tick up and up as ransomware actors continue to put pressure on victims through multiple layers of extortion to ensure that if they are compromised, it's going to be very, very hard for them to recover without paying the ransom."

His survey of more than 1,000 businesses found that 55 per cent of respondents said their companies had been the victim of a recent ransomware attack and one in five said it wasn't the first time their organization had been targeted.

Surveyed companies in Quebec and Ontario reported being targeted by ransomware gangs the most, while those in Newfoundland and New Brunswick were least under attack.

Conti, an organization thought to be based in Russia, was the most active ransomware group in Canada, responsible for 31 attacks respondents experienced.

Lockbit 2.0, Avaddon, PYSA and Clop were the next most active groups.

The damage they do is often substantial, said Olson.

Ransomware gangs used to just infiltrate a single computer and encrypt its files, but now they go further, he said.

"Modern ransomware attacks have an attacker in the network, who spends time...to understand where's the most important data for the company is, where the virtual machines and the databases and everything else that are really driving the company's business," Olson said.

Then, attackers locate backups and find key data they can steal and use for extortion later.

"They spend all that time up front so they can execute the encryption routine, give the ransom note and apply maximum pressure," he said.

The extensive nature of the attacks mean recovery is lengthy because some companies find all their backups have been encrypted or any they held off-line are not up to date or will take a long time to restore, said Olson.

While 41 per cent of Olson's survey respondents whose businesses were hit with a ransomware attack were able to recover within a month, 58 per cent say it took more than a month to recover.

Almost 30 per cent say it took more than three months and nine per cent say it took more than five or six months.

The survey also found nearly half of organizations which didn’t pay a ransom were able to recover within a week, suggesting their companies were prepared for an attack or the attack wasn't severe enough to warrant paying.

Olson hopes releasing these findings will spur companies to take cybersecurity seriously, if they aren't already.

He said, "Organizations all over the world, including Canada, could do more to help ensure that their network won't be compromised."

This report by The Canadian Press was first published Dec. 8, 2021.

The Canadian Press