Cybercrime is an ever-growing threat in today’s digital world, and ransomware has emerged as one of its most insidious forms. From individuals and small businesses to large organizations, no one is immune. Yet, public awareness of this escalating crisis remains alarmingly low. The question isn’t if ransomware will strike but when, and whether we are ready to face it.
Take the example of a small business owner in Stony Plain, Alta., who fell victim to a ransomware attack. Hackers encrypted his business files and demanded $11,000 for their release. With no viable alternatives, he paid – a decision experts say was both risky and potentially futile. His story reflects a broader trend: in 2022, ransomware attacks caused an estimated $1 trillion in global economic losses, according to a report by McAfee and the Centre for Strategic and International Studies.
This isn’t just a problem for businesses. Home users, often lulled into a false sense of security, are equally vulnerable. Many believe that because they’ve never been targeted, they’re safe. Yet, ransomware can lurk undetected in a system for weeks or even months, waiting for the opportune moment to strike.
Ransomware often begins with simple, avoidable mistakes. Clicking on a malicious email attachment, using a weak password, or connecting to free Wi-Fi networks can open the door for attackers. Once inside, ransomware encrypts files and even targets backup systems, leaving victims with few options to recover their data.
Ling Huang, a certified information technology security professional, emphasizes that ransomware is no Robin Hood-style rebellion but pure crime. “They are there just to get money from other people. They don’t care about anything else,” he says. The romanticized view of hackers as tech-savvy anti-heroes couldn’t be further from reality.
Protecting against ransomware requires vigilance and practical measures. Multi-factor authentication (MFA), which adds a critical layer of security beyond a password, is now essential. It requires users to verify their identity through a second method, such as a code or fingerprint, reducing the risk of unauthorized access. Phishing emails – often the entry point for ransomware – must be treated with extreme caution. Even emails from seemingly trusted sources should be verified before clicking on links or attachments. Public Wi-Fi, another common trap, should be avoided unless used with a virtual private network (VPN) for added security.
However, having strong defences doesn’t guarantee safety. Even antivirus software and VPNs have limitations, particularly against zero-day attacks, which exploit vulnerabilities that are unknown to security software providers. Offline or regularly disconnected backups remain among the most reliable defences against ransomware. These backups must be stored securely and tested regularly to ensure data can be recovered if needed.
While individual vigilance is critical, ransomware is a systemic issue that requires action at all levels of society. Governments must implement stricter regulations and provide incentives for businesses to adopt robust cybersecurity measures. Canada can look to the European Union’s General Data Protection Regulation (GDPR) as an example of how data protection laws can help mitigate cybercrime risks. Corporations, especially those managing critical infrastructure, must invest in advanced security protocols to protect against evolving threats.
The stakes are enormous. Ransomware doesn’t just threaten finances – it endangers critical infrastructure, from hospitals to energy systems. The 2021 Colonial Pipeline attack in the United States, which caused widespread fuel shortages and cost the company $4.4 million in ransom, is a stark reminder of the potential for disruption. In Canada, the health care sector has been a frequent target, with hospitals and clinics facing attacks that delay care and put patient safety at risk.
Ransomware is a silent epidemic, preying on a lack of preparedness. The cost of inaction – financial, societal, and emotional – is too great to ignore. As individuals, we must adopt stronger digital habits. As a society, we must demand greater accountability from the organizations and governments tasked with safeguarding our digital lives.
The time to act is now, before ransomware becomes an unstoppable force in our interconnected world. The question isn’t whether we can afford to take this threat seriously – it’s whether we can afford not to.
Dr. Perry Kinkaide is a visionary leader and change agent. Since retiring in 2001, he has served as an advisor and director for various organizations and founded the Alberta Council of Technologies Society in 2005. Previously, he held leadership roles at KPMG Consulting and the Alberta Government. He holds a BA from Colgate University and an MSc and PhD in Brain Research from the University of Alberta.
The commentaries offered on SaskToday.ca are intended to provide thought-provoking material for our readers. The opinions expressed are those of the authors. Contributors' articles or letters do not necessarily reflect the opinion of any SaskToday.ca staff.
