Cyberattacks on the Rise Globally Due to Profitability, Says Cyber Security Expert

Cause of major cyberattack on Newfoundland and Labrador's health-care system still unknown
By Andrew Chen
Andrew Chen
Andrew Chen
Andrew Chen is an Epoch Times reporter based in Toronto.
November 9, 2021 Updated: November 15, 2021

There is still no official word on the cause of a major cyberattack on Newfoundland and Labrador’s health-care system, but authorities have been in touch with officials from Ireland, which was hit with a ransomware attack earlier this year.

Thomas Keenan, a professor at the University of Calgary who specializes in cyber security and high-tech crimes, said major cyberattacks have increased in frequency because they’ve become highly profitable.

“This is a business that makes a lot of money,” Keenan said in an interview.

“In the Irish case … if the Irish government had given in to the demand, $20 million in Bitcoin would have been paid to the bad guys. So we’re going to see more and more of this.”

On May 14, Ireland’s public health service shut down its IT systems in response to an extensive ransomware attack in which the responsible criminal gang demanded a payment of $20 million in Bitcoin. The Irish government refused to pay the ransom and later confirmed that the confidential information of at least 520 patients had been released online.

In the N.L. cyberattack, disruptions to the health-care IT system started on Oct. 30, causing “progressive failure” to what provincial officials said was the “brain” of the data centre. The attack resulted in tens of thousands of medical appointments being cancelled, with only certain emergency procedures going ahead for now.

N.L. officials said the province has been speaking with officials from Ireland to learn what it can from how the country dealt with the cyberattack on its health system.

N.L.’s Deputy Premier Siobhan Coady hasn’t confirmed whether the province’s cyberattack involved ransomware, and Health Minister John Haggie also declined to reveal further information.

“This is still unfolding and we’re working with the RCMP,” Coady told reporters on Nov. 2.

Premier Andrew Furey told reporters that the federal government has offered to support his province as it recovers from the attack. In addition to the RCMP, the province is also getting help from the Canadian Centre for Cyber Security.

Keenan said cyber crimes have become a “worldwide business” as tools used for cyberattacks and even ransomware services can be found on the internet, with some hacks being carried out by amateurs without a high degree of technical knowledge.

“There’s definitely a trend, there’s no question,” he said, attributing the rise to the profitability of cybercrimes, difficulty in catching the perpetrators, and a lack of preparedness among victims.

Hackers are increasingly targeting hospitals, which were vulnerable to attacks even before the COVID-19 pandemic due to a tendency toward weak security infrastructure and the profitability of access to sensitive patient information.

On Oct. 28, 2020, the University of Vermont (UVM) Medical Center received staff complaints of computer access problems, which were later found to be the result of a cyberattack. While the centre did not pay a ransom, the attack cost an estimated US$50 million, mostly from lost revenue, The Associated Press reported.

In the N.L. case, Keenan said there was probably “a failure to prepare for a ransomware attack of this scale,” which resulted in complex damage that’s difficult to fix quickly.

“I tell people that they should back up all their computers and all their systems, so that if the ransomware guy gets in, you just scrub everything clean and you reload your information,” he said.

“You might lose the last few hours of patient information or something like that, but it’s so much worse to lose everything.”

The ransomware attack on Colonial Pipeline Co. in the United States in April resulted in severe fuel shortages on the East Coast of the country. Colonial‘s networks were compromised by The DarkSide Group, a group of hackers which the FBI said is likely based in Russia or Eastern Europe.

Colonial Pipeline president and CEO Joseph Blount confirmed that the company paid US$4.4 million in ransom to the perpetrators due to uncertainty about the severity of the cyberattack and how long the firm’s systems would be down. The U.S. Department of Justice (DOJ) later announced that it succeeded in seizing US$2.3 million from the hackers.

On Nov.8, the DOJ charged a suspect from Ukraine, Yaroslav Vasinskyi, and a Russian national, Yevgeniy Polyanin, over a ransomware attack this past summer on Florida-based software firm Kaseya that infected up to 1,500 businesses in the United States and around the world. Vasinskyi and Polyanin were said to be operatives for REvil, a ransomware-as-a-service group that has been used in attacks against 175,000 computers around the world, and in which about US$200 million has been paid in ransom, the DOJ said.

According to a report by British security software and hardware company Sophos Group that surveyed 5,400 IT decision-makers across 30 countries, over one-third of the respondents from roughly 330 health-care organizations have been victims of ransomware attacks over the past year.

While 34 percent of the victims whose data was encrypted by the cybercriminals paid a ransom to retrieve their data, only 60 percent of the encrypted files were restored on average.

Andrew Chen
Andrew Chen is an Epoch Times reporter based in Toronto.