Ransomware has brutally impacted critical infrastructure worldwide, and now Canada is currently experiencing cyberattacks that are doing the same.
Canada saw two confirmed ransomware attacks and another possible ransomware attack recently, which have impacted the country's critical infrastructure, including hospitals, public transit, and a real estate developer.
- One attack on the Newfoundland and Labrador healthcare system interfered with the hospital appointment system and left workers using paper backups.
- Another attack took down key parts of Toronto's transit system, from which it is still recovering.
- Real estate developer Ronmor Holdings confirms it was a victim of REvil, the notorious ransomware gang.
SecureWorld News breaks down what we know about these alleged ransomware attacks.
Province's largest healthcare services impacted by ransomware
Newfoundland and Labrador's healthcare system may have fallen victim to a ransomware attack, through a third party, which completely damaged the network's data center.
According to officials, healthcare staff were forced to cancel thousands of appointments and only accept patients on an emergency basis. Workers had to rely on an archaic paper-based system in place of the computer network. Further, patients cannot register for healthcare, and email contact is currently unavailable.
As the COVID-19 health crisis continues, this cyberattack added to challenges by crippling the healthcare system's ability to provide standard care.
"It's been a difficult few days," said David Diamond, Eastern Health's CEO.
Eastern Health's region appears to have suffered the most, but hospitals across the province were affected.
Canada's Health Minister John Haggie does not currently have a timeline for how long it will take to get systems back online.
"They are hoping for days, but we just have to bear in mind that that's a hope, and continue to work on mitigation from the front-line point of view, to deal with the impacts on patient care," Haggie said.
Canadian government leadership also questioned why it was taking so long to bring the systems back online and whether the healthcare institutions had been appropriately prepared for a cyberattack of this caliber.
"This is worrisome to all of us. We need to know the severity of the situation and we need to get a handle on exactly how we're going to address this," said Progressive Conservative (PC) Opposition leader David Brazil.
Evan Koronewski, a spokesman for the Communications Security Establishment, told The Canadian Press he is seeing cybercriminals shift towards targeting larger entities in what he describes as "big game hunting" or "targeted ransomware."
"We assess that cybercriminals will almost certainly continue to jeopardize patient outcomes and wider public health efforts by deploying ransomware for financial gain against a vulnerable health sector, including the COVID-19 vaccine supply chain," Koronewski said.
Early on Wednesday, Eastern Health reshared a tweet with a link to a livestream event providing "an update on the IT outage."
Investigation into this matter is ongoing, with unconfirmed reports the system outage was due to ransomware.
Toronto Transit Commission's network downed by cyberattack
Another ransomware attack that impacted critical infrastructure hit the public transit system in Canada's largest city, the Toronto Transit Commission (TTC).
It detected a ransomware attack at the start of the weekend.
"The TTC has business continuity plans in place, but as you know, cyberattacks are evolving very quickly," said Head of Corporate Communications Shabnum Durrani, who declined to comment on whether she had been in contact with the bad actors.
Vehicle operators were forced to use radio for communication, and as of Tuesday, the online appointment booking systems were not online. However, operator communications and vehicle tracking is available again, according to reporting by IT World Canada.
Initially, the cyberattack knocked the online booking system for Wheel-Trans, a mini-bus taxi service, offline, which proved frustrating for employees and riders.
Jennifer Conroy told Global News Canada the incident interfered with her being able to get to her eye doctor's appointment. Conroy said it was an inconvenience, "especially when you are going to a medical appointment and I rely on Wheel-Trans to get me there."
TTC is currently leading an investigation into this ransomware attack.
Ronmor Holdings CEO confirms REvil ransomware attack
And ransomware also hit the real estate vertical in Canada.
Ronmor Holdings is a Calgary-based real estate company. Its CEO, Dallas Wingerak, publicly confirmed REvil was behind a ransomware attack, which took place at the end of September.
"We immediately launched a comprehensive investigation into this data breach and have retained a highly experienced group of third-party cybersecurity experts to support our efforts. While this investigation is still in its early stages, it currently appears that some private and confidential company data was compromised in this attack," Wingerak said.
Last month, REvil posted a comment to a Dark Web forum claiming it had downloaded more than 700 GB of data from the company's website.
Wingerak did not disclose any additional information about the cyberattack in his statement, nor did he confirm or deny paying a ransom to the well-known cybercrime group.
"We have been working around the clock to ascertain what happened, contain the impact and determine exactly what data may have been stolen. As our investigation continues, we plan to individually contact those tenants, partners, and vendors whose data may have been compromised in this breach, so that we can provide further information and offer appropriate support," he continued.
These stories will continue to be updated as additional details become available.
[RELATED] Lawsuit Attributes Baby's Death to Ransomware
[RESOURCE] Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will host 5 Things You Should Know About Ransomware Before It's Too Late. In this webcast, which is eligible for CPE credit, Grimes will present methods for preventing, detecting, and mitigating ransomware threats.
