With ransomware on the rise, RCMP urging victims to 'be patient with police'

The head of the RCMP’s financial and cybercrime unit says sniffing out organized crime online and investigating the whack-a-mole world of online exploitation is giving his teams “more work than they can handle.”

Statistics Canada says the national rate of police-reported extortion rose 44 per cent in 2018

Chief Supt. Mark Flynn is the director general financial crime and cybercrime with the RCMP's federal policing operations. (Yves Levesque/CBC)

The head of the RCMP's financial and cybercrime unit is urging patience as police figure out the whack-a-mole world of online exploitation, where thousands of Canadians are hit with a ransomware attack every day.

"Just report your crime and be patient with police because we are still growing in this space," RCMP Chief Supt. Mark Flynn told CBC News.

"We're always catching up. That's the reality. In order to know where to go and where to target, we have to learn the behaviour. It's quite difficult to assume or guess what method somebody is going to use in the future and then be in a position to do that."

Flynn is the director general for financial crime and cybercrime within the RCMP's federal policing and criminal operations. His brief covers everything from pursuing ransomware and romance scams to sniffing out organized crime online and protecting banks' servers.

His comments come as new Statistics Canada figures show a rise in fraud and exploitation in Canada. Just this week, the federal agency reported that the national rate of police-reported extortion rose 44 per cent in 2018, while the number of fraud cases grew by 12 per cent.

The Canadian Anti-Fraud Centre estimates that nearly $120 million was lost due to mass marketing fraud (which includes extortion and phishing) in 2018.

The RCMP's data, which rely on Public Safety figures going back to 2016, suggest Canadians are affected by ransomware attacks roughly 3,200 times a day.

Severe lack of reporting

But to get a real sense of the problem, Flynn said, you can multiply most online extortion stats by 20.

"Numbers are hard to give because we also have a serious lack of reporting," he said.

"There is a significant underreporting of cybercrime. Some of that comes from embarrassment, fear of reputational harm."

Flynn said that major corporations don't want to lose customers and risk the public backlash.

"They don't want it to be public because of the embarrassment factor," he said. "We need to bring that up to the surface, make it OK to report."

A number of municipalities across North America also have fallen victim to ransomware. Last month, the mayor of Stratford, Ont. went public after cyber criminals hijacked part of the city's computer servers and held data hostage, demanding a Bitcoin payment.

Mayor Dan Mathiesen called such online criminals "the new terrorists of the century." He wouldn't say if Stratford had paid the ransom or planned to do so.

However, town officials in Midland, Ont., have confirmed they paid a ransom to reclaim data after hackers held their computer systems hostage for 48 hours.

It's not clear how much has been paid out in ransomware attacks in recent years — again, due to a lack of reporting, said Flynn. 

"People don't report to us what they pay. Even when we're investigating, there are times when it's become obvious that people have paid, but they do not report that," he said. 

There's more work than they can handle already.- Chief Supt. Mark Flynn

"Our advice is not to pay. However we recognize that it's frequently a business decision to pay."

Paying out on ransomware attacks, said Flynn, doesn't necessarily mean the data will be turned over and could make individuals and institutions targets for future attacks.

"You're dealing with criminals. They will lie to you," said Flynn.

Response times improving

The veteran Mountie said investigators also have to recognize that some victims don't believe police will be able to retrieve their data.

He admits previous response times were "unacceptable," but said the force is more limber now.

"Today the volume has gone up, the adoption of technology, the change in society has occurred so rapidly it's very difficult for policing organizations to adapt at that same rate," he said.

"I think we're getting closer to a  response time that's more acceptable."

A shift at the RCMP is also helping them ramp up the response team. 

The cybercrime unit at RCMP headquarters in Ottawa is gaining two sister bureaus in Montreal and Toronto. 

"There's more work than they can handle already," said Flynn.

The force is looking to hire civilian cyber experts who don't want to commit to front-line policing, he said, adding the RCMP is also more willing now to work with outsiders, including banking organizations and other police forces.