National Post (Latest Edition)

Ransomware scourge

Locked-up computer systems not only threat

- Colin Perkel

Ashadowy group of cyber criminals that attacked a prominent nursing organizati­on and Canadian Tire store has successful­ly targeted other companies with clients in government­s, health care, insurance and other sectors.

Posts on their Netwalker “blog” indicate the recent infiltrati­on of cloud-services company Accreon and document company Xpertdoc, although only the College of Nurses of Ontario has publicly acknowledg­ed being victimized.

Experts say Netwalker surfaced about a year ago but its attacks took off in March as the criminals exploited fears of COVID and people working remotely. The ransomware, like similar malware, often infiltrate­s computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log- in informatio­n or inadverten­tly download malware.

Earlier ransomware attacks focused on encrypting a target’s files — putting them and even backups out of reach. Increasing­ly, attackers also threaten to publish data stolen during their “dwell time,” the days or weeks spent inside an exploited network before encryption and detection.

The intruders promise to provide a decryption key and destroy stolen records if the organizati­on pays a ransom, often based on what the attackers have learned about its finances, by a given deadline.

To underscore the extortion, Netwalker criminals publish tantalizin­g screen shots of informatio­n they have, such as personnel, financial, legal and health records.

“The data in these cases is extremely sensitive,” said Brett Callow, a Vancouver Island- based threat analyst with cybersecur­ity firm, Emsisoft. “Lots of companies choose not to disclose these incidents, so the individual­s and ( third- party) organizati­ons whose data have been compromise­d never find out.”

In an interview, Richard Brossoit, CEO of Montreal- based Xpertdoc, said this month’s attack was a “little terrifying” at first. Fortunatel­y, he said, damage was limited and no confidenti­al client or personal informatio­n was compromise­d, although some records might be permanentl­y lost.

“Once we were able to isolate the problem and knew it was minimal — that our customers weren’t really affected at all — obviously it was a very big relief,” Brossoit said.

With new computers, his several dozen employees were back up and running within days, he said. Still, Xpertdoc did hire specialist­s to deal with the cybercrimi­nals.

“We were able to negotiate a very low ransom,” Brossoit said.

Morneau Shapell, one of dozens of potential thirdparty victims, said it accepted Xpertdoc’s assurances no sensitive informatio­n had been compromise­d.

Accreon, which has until the first weekend in October to pay up, would not discuss its situation.

Netwalker did recently publish gigabytes of internal data from a Canadian Tire store in Kelowna, B.C. In response to a query, Canadian Tire Corporatio­n said store computers were hit and authoritie­s were investigat­ing.

The nurses’ college, which angered members by taking more than a week to admit the attack discovered Sept. 8, did say it was getting back on its feet, although some services remained down.

“We share our members’ distress and frustratio­n that this has happened,” college CEO Anne Coghlan said in a statement. “Members can rest assured that we will notify them directly if we identify any risk to individual­s.”

The consequenc­es of ransomware can go beyond the financial and reputation­al. This month, a hospital in Duesseldor­f, Germany, was unable to admit a patient for urgent treatment after an apparent cyberattac­k crippled its IT system, authoritie­s said. The woman died.

This year, the University of California San Francisco paid US$ 1.14 million to regain access to encrypted informatio­n on “academic work we pursue as a university serving the public good.”

Lots of companies choose not to disclose these incidents.

 ?? Jonathan Haywa rd / THE CANADIAN PRESS ?? The consequenc­es of ransomware can go beyond
the financial and reputation­al.
Jonathan Haywa rd / THE CANADIAN PRESS The consequenc­es of ransomware can go beyond the financial and reputation­al.

Newspapers in English

Newspapers from Canada