Reported ransomware attacks in Calgary dropped 41% last year

The number of reported ransomware attacks have dropped in Calgary and across the country — but people who document those attacks warn that extortions are still draining thousands of dollars from victims. 

Canada-wide data shows drop in number of victims 

two photos side by side - on the left is a close up of a policer badge, on the right a person presses the spacebar of a macbook
A Calgary police spokesperson said there was a 41 per cent drop in ransomware attacks reported to CPS year-over-year. Nationally, the number of reported attacks has fallen as well. (Jeff McIntosh/The Canadian Press, Marcio Jose Sanchez/Associated Press)

The number of reported ransomware attacks have dropped in Calgary and across the country — but people who document those attacks warn that extortions are still draining thousands of dollars from victims. 

Calgary police say that through the calendar year of 2022, there was a 41 per cent drop in ransomware attacks reported to CPS compared to 2021.

Ransomware is a form of malicious software used by hackers to take control of a victim's computer or network, demanding payment in exchange for decryption. 

Last year, there were 13 reported ransomware cases to CPS, and 22 the year prior. However, a police spokesperson noted that cybercrimes are notoriously underreported. 

Ritesh Kotak, a cybersecurity and tech analyst based in Toronto, said people know a lot more about ransomware, and are investing more in cybersecurity than they used to, which may be the reason for lower reported numbers. 

"Just think about where we were five years ago compared to today. It's clear that these types of attacks are having huge impacts on society. We're continuously talking about them," Kotak said. 

Cybersecurity analyst Ritesh Kotak in his Toronto home office. (Dianne Buckner/CBC)

"Organizations realize now that it's very expensive to recover from these attacks. And as a result, companies are becoming more proactive than reactive. And I think that's indicative in a sense that cybersecurity is no longer a checkbox exercise." 

Kotak said there has been a long-standing protocol not to pay ransomware, which can reduce future extortion.

Canada-wide data shows drop in number of victims 

Nationally, revenue for ransomware attacks has increased year-over-year, but the number of reported victims has fallen. According to figures reported to the Canadian Anti-Fraud Centre (CAFC), there were 66 victims of ransomware in 2022, compared to 104 in 2021. 

But despite fewer reported attacks, victims lost more — totalling $474,439 in 2022 and $346,195 the previous year, data from CAFC said. 

Jeff Horncastle, acting communications and client outreach officer at the Canadian Anti-Fraud Centre, said a devastating ransomware attack could come from a simple phishing message. 

"If we look at 66 victims and nearly half a million lost — very costly for victims of ransomware," he said. 

He added that people are "absolutely" more aware of ransomware prevention strategies than in the past. 

"Education and prevention is the best way to combat this. We have to stay on top of what techniques fraudsters are using, what methods they're using, because they're going to use technology to their advantage and we have to know what that technology is to be able to protect ourselves." 

He warned business owners to be cautious of unsolicited emails, no to respond or click on links, have a backup plan for data, have multi-factor authentication anti-malware software installed on networks or devices, and to implement regular password changes. 

Mandy D'Autremont, senior director of marketing partnerships at Canadian Federation of Independent Business says business owners are worried about cyber attacks. (Submitted by Mandy D'Autremont)

Businesses being targeted 

Mandy D'Autremont, vice-president of marketing partnerships at the Canadian Federation of Independent Business, said small businesses are paying a lot more attention than they used to to cyber security — and just because there are fewer reported attacks, it doesn't mean they're not out there. 

She said that according to data collected by CFIB, there are many business owners that received random cyber attack attempts last year. 

D'Autremont said according to data collected by the organization, 27 per cent have received targeted attacks that are very specific to their business.

CFIB calculated that on average for small businesses, the damages lost to a ransomware attack are around $26,000. 

The Canadian Anti-Fraud Centre urges people who believe they've been targeted by a cyberattack to report to the centre in addition to local police, as it can help link information from across the country for investigators. 


Jade Markus

Digital journalist

Jade Markus is a digital journalist at CBC Calgary.


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Account Holder

Join the conversation  Create account

Already have an account?