WannaCry most dangerous to smaller companies, says Canadian cybersecurity firm

In its Ottawa cybersecurity war room Sunday, 40 CGI project managers found themselves plotting battle strategies against anonymous high-tech hostage takers.

Malware uses encryption to lock down computers, extort information

More than 300 CGI cyber security experts worked long hours on the weekend of May 14, 2017, to stave off WannaCry ransomware attacks in Canada and abroad. (CGI, supplied)

In its Ottawa cybersecurity war room Sunday, on a day they should have spent honouring their mothers, 40 CGI project managers found themselves plotting battle strategies against anonymous high-tech hostage takers.

As employees with Canada's largest IT services provider, they picked up call after call from concerned customers worried that the WannaCry ransomware attack was targeting their networks.

CGI deployed more than 250 consultants to scan its clients' networks, but the question was: could they install the patch before WannaCry wormed its way in?

Once it was in, the malware would use encryption to lock down network data and demand a ransom payment of $300 US to free the data. 

According to John Proctor, vice-president of cybersecurity, as many as 30 percent of CGI's clients were at risk of being attacked by WannaCry because they still used older Microsoft operating systems such as Windows XP.

Microsoft had created a patch for the problem, but the companies who called for help didn't know it, leaving themselves open to attack.

"They tend to be small-to-medium-size companies — folks who don't have access to security resources, folks who don't have a security provider, and therefore they're generally not aware. For the vast majority of small-to-medium businesses that is the case," Proctor said.

Proctor said the companies that left themselves open to attack include businesses in the finance, oil and gas and retail sectors.

But after several days on the defensive, none of CGI's Canadian clients were taken hostage, said Proctor — despite their initial vulnerabilities.

Global havoc

Worldwide, more than 200,000 computer systems have been infected in some 150 countries. In Britain, the virus has managed to wreak havoc in the network of the National Health Service, forcing hospitals to cancel procedures.

The picture is much different in Canada: the federal government wasn't affected, and the one hospital that was threatened was able to fend off the cyberattack.

How do we go after a cyber criminal element that may be operating in 11 countries simultaneously?- Andre Leduc, Information Technology Association of Canada

So far there have been only five reported WannaCry attacks in Canada, but John Reid, president of the Canadian Advanced Technology Alliance, suspects the real number is much higher.

"It has to be seriously underreported because it's not something you want to tell your shareholders or the public," said Reid, adding that the spread of WannaCry should be a wake-up call for all governments about the need for international cooperation.

"This is a major risk that has to be managed in the global economy, politically and culturally. You have to step up your monitoring technologies ... the earlier we can intercept and detect these viruses, the faster we can bring in the RCMP or whomever in other countries to prevent these attacks from starting in the first place," Reid said.

The RCMP would not say if it's investigating any domestic WannaCry attacks, but in an email a spokesperson wrote that the force takes the issue of cybercrime seriously and "will work with international partners to investigate this global problem."

But over at the Information Technology Association of Canada (ITAC), there's less optimism that the criminals behind such massive cyberattacks can be brought to justice. 

Worldwide scale causing 'headaches'

"How do we go after a cybercriminal element that may be operating in 11 different countries simultaneously?" asked Andre Leduc, ITAC's vice president of government relations.

"Someone will be spreading the malware from South America. Someone else will be running the spam in eastern Europe. Someone else develops the virus in southeast Asia. It's the kind of investigation that is insanely time-consuming and causes jurisdiction headaches."

Instead, Leduc said, each business — no matter the size — needs to be diligent in updating operating systems and running anti-virus and cybersecurity software. 

And the one thing all technology experts agree on is that malware attacks will continue to increase in frequency and grow in scope and sophistication.

"The best defense against cybercrime," said Leduc, "is defending your own system and networks."