An Open Letter on Ransomware from the Canadian Government

RE: Protecting yourself from the threat of ransomware

This letter was taken directly from the Canadian Centre for Cyber Security website.

December 6, 2021

Fellow Canadians,

Since the beginning of the COVID-19 pandemic, we have all been reminded of how crucial the internet is to our way of life. More and more of us have been working and studying from home and conducting business online, and it is therefore more important than ever that we take steps to remain cyber safe.

Across the world, we have seen a marked rise in the volume and range of cyber threats – and Canada is no exception. This includes a surge in ransomware incidents – a tactic wherein threat actors deny access to an organization’s most important informational or vital systems until organizations pay the threat actor, usually in digital currency. This year, we have seen a growing number of ransomware threats targeting Canadian small and medium-sized businesses, health care organizations, utility organizations, and municipalities.

There is, however, good news. By adopting basic but appropriate cyber security practices, we can all help stop the vast majority of cyber incidents targeting Canadians.

You, and your organization, are not alone.

The Communications Security Establishment’s Canadian Centre for Cyber Security (the Cyber Centre) and the Royal Canadian Mounted Police (RCMP) urge all Canadian organizations and businesses to take steps to review and strengthen the cyber security of your networks, systems, and information – and we are here to help.

Together with law enforcement agencies, and other federal and international partners, we are working hard to make threat information more publicly available and provide you with specific advice and guidance to help you stay safe from the impacts of ransomware. Canada is also working closely with our allies to pursue cyber threat actors and disrupt their capabilities. We are also assisting in the recovery of organizations compromised by ransomware, and helping them to be more resilient going forward.

To keep yourselves and all Canadians safe, we’re asking you to take action. Our national cyber security must involve efforts from industry partners, small and medium sized businesses, and all Canadians. Our message is clear: taking basic steps to ensure your organization’s cyber security will pay swift dividends.

Taking action is worth it.

To assist your organization, the Cyber Centre has published best practice guidelines. As Canada’s national technical authority for cyber security, the Cyber Centre provides extensive advice and recommended IT actions to organizations to help mitigate the threat of ransomware. Canadian organizations should invest in these inexpensive but effective baseline cybersecurity controls to limit their exposure to cyber attacks. You can refer to the Ransomware Playbook for specific advice. Once you have implemented these practices, we encourage you to register with the CyberSecure Canada program, thus attesting to your cyber security status and certifying that protective measures are in place.

If your organization is threatened with or falls victim to ransomware, you should implement your recovery plan, seek professional cyber security assistance, and immediately report the incident to the Cyber Centre’s online portal as well as your local police. Timely reporting is critical to help us identify the threat vector and update our guidance, make linkages across separate incidents, launch law enforcement investigations and take action against cybercriminals, and ultimately reduce the risk to other Canadians.

It’s time to think seriously about cyber security. We urge you to take stock of your organization’s online operations, protect your important information and technologies with the latest cyber security measures, build a response plan, and ensure that your designated IT security personnel are well-prepared to respond to incidents.

Your government is here to help.

Together, we can make Canada the most cyber secure place to conduct business and other activities online.

Sincerely,

The Honourable Anita Anand, PC, MP
Minister of National Defence

The Honourable Marco E. L. Mendicino, PC, MP
Minister of Public Safety

The Honourable Bill Blair, PC, MP
Minister of Emergency Preparedness and President of the Queen’s Privy Council for Canada

The Honourable Mary F. Y. Ng, PC, MP
Minister of International Trade, Export Promotion, Small Business, and Economic Development

Where to report cyber crime

Canadian Centre for Cyber Security (Cyber Centre): https://www.cyber.gc.ca/en/incident-management

Canadian Anti-Fraud Centre: 1-888-495-8501 or https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm