Ransomware 101

By CPABC in Focus
Sep 29, 2023
Photo credit: da-kuk/E+/Getty Images

Ransomware continues to be a popular and effective tool for cyber criminals, even as alternative methods of attack are becoming increasingly common. In its 2023-2024 National Cyber Threat Assessment,1 the Canadian Centre for Cyber Security (CCCS) calls ransomware a “persistent threat” to Canadian organizations. And in its 2023 Canadian Cyber Threat Intelligence Annual Report, PwC Canada identifies ransomware as a major cyber threat that is becoming more targeted and more sophisticated.2 Here are some insights from both reports.

What it is

Ransomware is a type of malware that infects your device and holds your data hostage. The infected device displays a message explaining that your data is inaccessible and that you must pay a ransom (in digital currency) to retrieve it.

Why it’s so popular

According to the CCCS, “ransomware-as-a-service” (RaaS) has made ransomware cheaper to buy, easier to use, and more profitable. Here’s how it works:

  • An RaaS provider creates and maintains ransomware variants and sells access to these variants in a cybercrime marketplace or forum.
  • Buyers purchase access to this ransomware by paying upfront, paying a subscription fee, providing a cut of their extortion profits, or all three.
  • This supply chain/service model makes it easier for other threat actors—even inexperienced ones—to launch successful ransomware attacks.

What threat actors can do

As the CCCS explains, once they gain access to your system, ransomware operators can:

  • Sell their access to other cyber criminals;
  • Break or change the encryption of servers and files;
  • Deploy distributed denial-of-service attacks;
  • Steal personal information and other sensitive data; and
  • Threaten your partners and clients.

What this can mean

As noted in the CCCS report, even if you pay the ransom demand, you may still:

  • Lose valuable data;
  • Discover that your data has been sold to other malicious actors;
  • Suffer significant operational downtime;
  • Suffer significant reputational damage; and/or
  • Incur considerable system repair costs.

How threat actors get in

PwC identified the following as the top initial access points for ransomware operators in 2022:

  • Weakly secured external remote services, such as virtual private networks and remote desktop protocols;
  • The exploitation of vulnerabilities in IT and OT infrastructure;
  • Email phishing campaigns that incorporate social engineering.

The biggest targets in 2022

According to PwC, these are the sectors that were most targeted by ransomware operators in 2022:

  • Manufacturing – 24%
  • Services – 24%
  • Construction – 11%
  • Information & Technology – 10%
  • Retail – 8%
  • Public sector – 6%
  • Healthcare – 5%
  • Other – 12%

How to become more resilient

PwC’s recommendations that businesses:

  1. Embed cybersecurity into organizational culture;
  2. Have a cyber crisis communications plan;
  3. Develop a cyber intelligence program;
  4. Test crisis management, disaster recovery, and business continuity plans; and
  5. Consider third-party risks and vulnerabilities.

Online resources

The CCCS offers a variety of resources for individuals and businesses online, including tips on preparing for and preventing ransomware attacks.

You can also find cybersecurity resources on the CPABC website, including articles, podcasts, and short reports on topics such as phishing and business email compromise.

This article was originally published as an infographic in the September/October 2023 issue of CPABC in Focus.


1 Canadian Centre for Cyber Security, National Cyber Threat Assessment 2023-2024.