Quebec Dubbed As An Embarrassment After Paying $30,000 To Ransomware Authors
Ransomware has been very effective and profitable for virus authors for strictly one reason, many of its victims and future victims have one thing in common: lack of credible backup solution. The importance of backup has been highlighted, as a carefully planned backup plan can render the effectiveness of ransomware to take a hold of the files permanently. Any encrypted files can be restored from the last-minute online backup as if no damage has been done after a full reformat of the affected PC.
The reality is even today, in the year 2018 when the market of online cloud-backup services is basically saturated there are still many companies, especially public corporations and organizations simply forget the importance of backup. That was the secret behind the success of WannaCry ransomware, which in 2017 alone was able to make its developers richer by $4 billion.
In its wake, more variations and versions of ransomware have succeeded WannaCry. One dirty secret that virus authors do is they are willing to negotiate if the victim is cooperative. This is what happened with the Canadian regions of Quebec and Montreal, they were literally left as sitting ducks to the ransomware attack. Their system admins acted as headless chickens, defenseless from the encryption of vital user files, and they don’t have a credible backup system in place that could have saved them $30,000, the final negotiated ransom payment demanded by the virus authors behind the ransomware.
“Quebec is an embarrassment. There hasn’t been any traction on this issue in the past 15 years. I try to speak to (the government) but there is nobody. Who are you going to call? Nobody. You either pay or you don’t get the data.” said Jose Fernandez, a professor of Montreal Polytechnique, a known malware expert.
The Mekinac municipality has admitted that they literally waved their white flag against the ransomware’s virus authors, due to being desperate in restoring the files that were lost. “It was hard, clearly, on the moral side of things that we had to pay a bunch of bandits. In the end, in terms of the security of our system, (the attack) was actually positive. Everything is encrypted now. Every email is analyzed before we even receive it. Every day, our system catches malicious emails trying to penetrate — but they are stopped. But the attacks keep coming,” emphasized Bernard Thompson of Mekina’s municipal government.
It is very clear from the reports that the mentioned regions of Canada are basically defenseless. They have not made any actions that can have been their saving grace in the wake of the ransomware epidemic, a clear and credible backup system. Even with clear evidence of negligence, the Public Security Department’s spokesperson, Patrick Harvey has denied the accusations. He claimed that a team in Public Security Department was competent in handling major IT security concerns such as malware infection. It is just unfortunate that the team doesn’t have municipalities such as the one similar to Mekinac under its jurisdiction. “Municipalities are autonomous entities that are responsible for ensuring the security of their digital infrastructure,” explained Harvey.
The bottom line, whether an individual user, a corporation or even a corporate entity – regardless of size, invest with credible backup solutions. There are many to choose from in the current online cloud storage market for a backup system fit for the organization. With more information the world creates and stores, the more need to have a backup that will serve as an insurance for the organization in the event of an IT trouble.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.