Website Preloader

Operating a small to medium sized business in 2020 has been quite the trick. An  owner has to follow social, government, safety and community guidelines just to keep their business up and running in the “new normal.” This has led to an increase in the digital demand for vital operations to tackle the need for social distancing. Why should this be a concern for your cybersecurity infrastructure? It has created the perfect environment for Ransomware Groups to attack Canadian small to medium size businesses and take your hard-earned money.

  • Did you know that over 41% of all cyber insurance claims in 2020 have been for ransomware attacks?
  • Did you know that the number of cyberattacks increased 25% in the first months of the COVID-19 pandemic?


We have put together a list of 5 Canadian Ransomware Attacks in the hopes that you can learn about the threats that you face in your day-to-day operations and understand the mistakes that lead to these unfortunate circumstances. Prevention is the first line of defence.

1. Royal Military College of Canada

  • Ransomware Group: DoppelPaymer
  • Description: The academic network setup for administration, email, student communication and research had its information stolen and encrypted. The stolen data will be posted online and remain encrypted if the ransom is not paid.
  • Actions Taken: The academic network was shut down and replaced with a contingency network until their primary network can be restored. It has not been confirmed if (1) any information has been made public online or (2) if RMC has made any ransom payments to date.
  • Source of Attack: Large-scale phishing campaign through the communication tools used by the Royal Military College of Canada.

More Information: The Kingstonist

2. Canpar Express

  • Ransomware Group: DoppelPaymer
  • Description: Ransomware group got access to and published financial documents, payroll information and other confidential documents to the dark web. Additional withheld documents will be posted unless ransom payment is made.
  • Actions Taken: Canpar acknowledged that they experienced a cyberattack but did not confirm whether or not (1) any information has been made public online or (2) if any ransom has been paid. They also publicly denied that any customer information was obtained. This has created a halt in the Canpar Express operation (internally and with its sister companies).
  • Source of Attack: A spear-phishing attack was utilized to gain access to and impersonate a sister company in order to infiltrate the Canpar Express main network.

More Information: CTV News

3. Bird Construction

  • Ransomware Group: Maze
  • Description: Ransomware group got access to over 60 GB of files and data. These files were placed under encryption and the key would be provided upon receival of the ransom payment.
  • Actions Taken: Bird Construction reported that they were able to continue with business operations and consulted with cybersecurity experts for next actions to take. They did not disclose whether or not ransom payments were made. Bird Construction completes contracts for the Canadian Military and Federal Government; however, they denied any sensitive government documents being released.
  • Source of Attack: The specific tactic used to gain access was not disclosed by Bird Construction.

More Information: CBC News

4. Un-Named Manitoba Law Firms

  • Ransomware Group: Maze
  • Description: The Law Society of Manitoba confirmed that two law firms in Manitoba have lost complete access to computer systems, digital files, data backups and network. This has left both law firms without access to vital and confidential information surrounding their clients and operations. Access to the network is encrypted pending a demanded ransom payment.
  • Actions Taken: The Law Society of Manitoba will not name the law firms in question, if they have made the ransom payments requested or what actions they have taken.
  • Source of Attack: Opened email attachments were the source of the cybersecurity breach for both law firms.

More Information: CBC News

5. Health Canada COVID-19 Contact Tracing Imposter App

  • Ransomware Group: CovidLock
  • Description: Ransomware group created a copycat site page and app of the Health Canada COVID-19 contact tracing program. Once the app is added to the victim’s phone, access is locked out until a ransom payment of $100 (in Bitcoin) is made.
  • Actions Taken: The application and site has since been taken down; however, this is and will not be the only attempt hackers make to exploit the pandemic. (1500+ fraud sites in May alone).
  • Source of Attack: This phishing attack exploited people’s fears to overcome security smarts that victims would otherwise have had.

More Information: IT World Canada

AlphaKOR’s Cybersecurity Resources

Did you like this blog post? Give these a read.

If you have questions on how you can safeguard your business from ransomware attacks, you can reach a cybersecurity expert here at AlphaKOR through the chat bubble in the bottom right-hand side of your screen or by completing our contact form.

The number one trick to a secure IT landscape is knowledge. Knowing what you’re up against and all the various methods of cybersecurity best practices is key to your success. We’ve put together a short eBook from our experts of 10 simple practices you can implement today to instantly boost your cybersecurity.

Website Preloader