Locked up computer systems only part of ‘terrifying’ ransomware scourge

By Colin Perkel

THE CANADIAN PRESS

TORONTO _ A shadowy group of cybercriminals that attacked a prominent nursing organization and Canadian Tire store has successfully targeted other companies with clients in governments, health care, insurance and other sectors.

Posts on their NetWalker  “blog” indicate the recent infiltration of cloud-services company Accreon and document company Xpertdoc, although only the College of Nurses of Ontario has publicly acknowledged being victimized.

Experts say NetWalker surfaced about a year ago but its attacks took off in March as the criminals exploited fears of COVID and people working remotely. The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log-in information or inadvertently download malware.

Earlier ransomware attacks focused on encrypting a target’s files _ putting them and even backups out of reach. Increasingly, attackers also threaten to publish data stolen during their “dwell time,” the days or weeks spent inside an exploited network before encryption and detection.

The intruders promise to provide a decryption key and to destroy stolen records if the organization pays a ransom, often based on what the attackers have learned about its finances, by a given deadline.

To underscore the extortion, NetWalker criminals publish tantalizing screen shots of information they have, such as personnel, financial, legal and health records.

“The data in these cases is extremely sensitive,” said Brett Callow, a Vancouver Island-based threat analyst with cyber-security firm, Emsisoft. “Lots of companies choose not to disclose these incidents, so the individuals and (third-party) organizations whose data have been compromised never find out.”

In an interview, Richard Brossoit, CEO of Montreal-based Xpertdoc, said this month’s attack was a “little terrifying” at first. Fortunately, he said, damage was limited and no confidential client or personal information was compromised, although some records might be permanently lost.

“Once we were able to isolate the problem and knew it was minimal that our customers weren’t really affected at all obviously it was a very big relief,” Brossoit said.

With new computers, his several dozen employees were back up and running within days, he said. Still, Xpertdoc did hire specialists to deal with the cyber-criminals.

“We were able to negotiate a very low ransom,” Brossoit said. “They didn’t ask too much and we were able to actually negotiate much lower than what they were asking.”

Morneau Shapell, one of dozens of potential third-party victims, said it accepted Xpertdoc’s assurances no sensitive information had been compromised.

Accreon, which has until the first weekend in October to pay up, would not discuss its situation.

NetWalker did recently publish gigabytes of internal data from a Canadian Tire store in Kelowna, B.C. In response to a query, Canadian Tire Corporation said store computers were hit and authorities were investigating.

“This incident has not affected the Canadian Tire Corporation computer networks that process customer information or purchases,” the company said, adding store employees were told their personal information had been compromised.

The nurses’ college, which angered members by taking more than a week to publicly admit the attack discovered Sept. 8, did say it was getting back on its feet, although some services remained down.

“We share our members’ distress and frustration that this has happened,” college CEO Anne Coghlan said in a statement.  “Members can rest assured that we will notify them directly if we identify any risk to individuals.”

The consequences of ransomware can go beyond the financial and reputational. This month, for example, a hospital in Duesseldorf, Germany, was unable to admit a patient for urgent treatment after an apparent cyber-attack crippled its IT system, authorities said. The woman died.

Such attacks have become increasingly frequent. Earlier victims in Canada include municipalities among them Stratford and Wasaga Beach in Ontario and the Regional District of Okanagan-Similkameen in B.C. health-care organizations and charities. Cloud storage companies, with troves of third-party data, have also become attractive targets.

This year, the University of California San Francisco paid US$1.14 million to regain access to its data. The encrypted information, the school said, was “important to some of the academic work we pursue as a university serving the public good.”

Just how often victims pay _ and how much _ is hard to know. One analysis by New Zealand-based Emsisoft, using available data, estimates ransomware losses for Canadian enterprises could run up to US$1.7 billion this year.

“It’s really difficult to get accurate statistics,” said David Masson, a director with cyber-security company Darktrace. “Those who pay won’t be telling you. If you do pay, you’re probably going to be attacked again because very quickly…you’re going to get a reputation that you paid.”

Those behind NetWalker appear to be Russian speaking. They provide the malware for a cut to “affiliates,” who promise not to attack Russian or Russia-friendly targets.

“Their attacks are becoming increasingly sophisticated,” Callow said. “These groups are using the exact same tools as nation-state actors. In some cases, they may actually be nation-state actors.”

Experts say up-to-date anti-virus software, segmenting networks and keeping separate backups are among critical protective measures. In addition, Masson said knowing what is going on within a network is crucial, while Brossoit advised hiring specialists should an attack happen.

This report by The Canadian Press was first published on Sept. 27, 2020.

The Ethical Agent Part 1 and Part 2

The Ethical Agent Part 1 and Part 2

This course explores the positions of authority within an insurance company, the responsibilities and liability of various operatives including brokers and agents in matters such as the importance of properly and carefully recording 3rd party information.

Examples are presented of unfair trade practices to show what it means, in practice, for the agent to understand clearly his or her ethical obligations. A discussion addresses the question of who bears responsibility for ensuring that contracts are in total compliance with respective regulations, as well as what constitutes unfair and deceptive acts in advertising. Each scenario presented is then dissected on how the situation links to the FP Standards of Professional Responsibility.

FP Canada evaluated and approved as Professional Responsibility Continuing Education Credits.

Suspicious activity found on 48,000 CRA accounts after cyberattacks

OTTAWA _ The Treasury Board of Canada says it has uncovered suspicious activities on more than 48,000 Canada Revenue Agency accounts following cyberattacks in July and August.

The treasury says the previously-announced attacks targeted CRA accounts and GCKey, an online portal through which Canadians access employment insurance and immigration services.

Attackers used a method called credential stuffing, which takes advantage of people who reuse usernames and passwords across multiple platforms that may have been previously hacked.

The treasury says GCKey was not compromised, but it has revoked 9,300 credentials for its system and is contacting those users in hopes of blocking subsequent attacks.

Canadians who receive a revocation message can register for new credentials or make use of the SecureKey Concierge, which lets users sign in to 269 government services through partners, such as major banks.

The treasury says the Royal Canadian Mounted Police’s investigation into the attacks is still ongoing and affected departments have been in contact with the Office of the Privacy Commissioner to provide updates on what personal information has been compromised.

Film, TV productions can’t get COVID 19 insurance, want Ottawa to intervene

By Tara Deschamps

Hundreds of productions and thousands of entertainment jobs are on hold because the federal government has yet to intervene and help them get COVID-19 insurance, say two Canadian film and television organizations.

The Canadian Media Producers Association and the Association quebecoise de la production mediatique said Friday that they have identified 214 camera-ready film and TV projects, 19,560 jobs and $1 billion in production volume that have stalled because insurers aren’t offering COVID-19 coverage.

“There’s just a huge amount of production that’s raring and ready to go, but can’t,” said Andrew Addison, the CMPA’s vice-president of communications, marketing and membership.

His organization and the AQPM pitched a federal government-backed insurance program in June and reiterated their plea to Heritage Minister Steven Guilbeault earlier this week.

The proposal asks producers to pay premiums to access COVID-19 coverage.

The premiums would form a dedicated pot to pay for potential claims and the government would only contribute financially through a proposed $100-million backstop if the funds generated though the sale of the policies were insufficient to cover the claims made.

Politicians have yet to act on the proposal.

Guilbeault’s press secretary, Camille Gagne-Raynauld, said in an email that the department takes the matter “very seriously.”

“We understand the urgency of the situation and are hopeful to provide a solution in the near future,” she wrote.

Addison is worried because France, the United Kingdom and Australia have already stepped in to help their entertainment industries and he believes time is of the essence, but little has been done so far.

“If you don’t get to camera in summer or by fall, winter makes it nearly impossible to do a lot of shooting outdoors,” he said.

“We’re really getting to a point of no return. If something comes in November, it’s going to be too late.”

He worries that without quick action productions could be put off by a full year or even worse, suspended forever.

Some productions, he said, have been able to return because of insurance policies they signed before COVID-19’s spread that include pandemic clauses.

U.S. studios with deep wells of cash have also found ways to self-insure themselves, creating a risk of foreign productions moving in and swallowing up resources, so when insurance is found, it is harder for Canadian films and television shows to get started again.

_With files from Victoria Ahearn.

This report by The Canadian Press was first published Sept. 18, 2020.

From beef and hot tubs to shellfish, cargo theft a growing concern in Canada

By Lauren Krugel

THE CANADIAN PRESS

CALGARY _ People may have found it odd when thieves made off with truckloads of hot tubs and beef within days of each other in rural Alberta, but experts say the capers highlight a growing crime perpetrated by sophisticated culprits.

“It’s obviously not a new problem. But from what we’re seeing in the statistics, the problem seems to be getting worse,” said Sid Kingma, who directs the Insurance Bureau of Canada’s investigative services arm in Western Canada.

Last year, $35 million in cargo theft losses were reported to the bureau, compared to $2.1 million five years earlier.

In 2014, when the bureau started compiling cargo theft statistics, $270,000 in stolen cargo was recovered. In 2019, that figure was $14 million.

Kingma cautioned that the bureau’s numbers reflect only a small snapshot of the problem based on reports it receives.

The Canadian Trucking Alliance has put total losses from cargo theft at $5 billion a year.

RCMP have linked the same phoney Quebec trucking company _ Transport Pascal Charland _ to the Aug. 30 theft of $230,000 worth of beef from a Brooks, Alta., beef-packing plant and the Sept. 2 theft of seven hot tubs from a manufacturer in Thorsby, southwest of Edmonton.

“You can see that there was some work put into getting the proper documentation and having everything in place for that theft in order to be able to occur,” said Kingma, a former Edmonton police officer.

“So there’s some organization involved.”

Household items, including food, are the most common type of stolen cargo, and most of it can’t be traced with serial numbers, said Kingma. He said he’s heard of trailers of toilet paper, nuts and tires being lifted.

A lot of the hot merchandise is the kind that can be easily and quickly sold in settings where there’s little oversight, like small shops or swap meets.

“There’s people out there that maybe don’t have great scruples,” Kingma said.

Mike Proska, president of Burloak Investigative Services in Burlington, Ont., said cargo thieves frequently find their targets on load boards, online subscription services that match truckers and prospective customers.

“You have the bad guys who troll these load boards and they’re looking for something that whets their appetite,” said the former Peel Regional Police officer.

Proska said criminals use the boards to post bogus loads in order to get documents from legitimate trucking outfits looking for work.

They can then use that information to pose as those companies and communicate with their marks using fake emails and burner phones.

Proska said the culprits don’t send their own people to pick up the cargo they’re planning on stealing. Instead, they’ll contract out a small trucking company that has no idea it’s being roped into a crime.

The main groups who operate these scams are based out of Quebec and Ontario, but Proska didn’t discount the possibility that some are cropping up in the West.

He said there’s a smaller chance of being scammed when doing business with a big, established company than a smaller one.

Often, businesses will use brokers to hire truckers to ship their merchandise. In that case, the customer should ask for details, Proska said.

“When you’re picking a carrier, you have to do your due diligence.”

For instance, he said, if the business address for a carrier comes up as a house on Google Maps, “that’s going to put my red flags up.”

The back-to-back hot tub and beef heists weren’t the only crimes of this kind in Canada recently.

Mounties in New Brunswick said in June that four tractor trailers filled with snow crab disappeared from two trucking terminals in Moncton.

The Guelph Mercury in southwestern Ontario reported last year that a transport truck filled with cold cuts was stolen from a local meat-processing plant and that police believed the alleged thieves showed fake documents before making off with the meat.

Manulife unveils COVID 19 related travel insurance in face of advisories

By Christopher Reynolds

Manulife Financial Corp. is offering COVID-19-related travel insurance for Canadians who take international and domestic trips, eliciting mixed reactions from the industry.

The policy, slated to roll out in October, will provide emergency medical coverage that includes the coronavirus and related conditions.

It will also provide some coverage linked to trip interruptions or cancellations in the event of quarantine, Manulife said in a release Wednesday.

The new “pandemic travel plan” includes visits to regions subject to a level-three travel advisory, which warns against non-essential travel and which Canada has issued for all countries.

The nation’s largest insurer follows some smaller providers in offering medical travel insurance that covers COVID-19, including the Canadian Association of Blue Cross in Ontario and Quebec. Trip interruptions are not covered under Blue Cross plans.

The Manulife plan includes emergency medical coverage up to $200,000 for COVID-19 and related conditions after a positive test result as well as emergency air transport to return home.

That ceiling is a far cry from the $5 million in emergency medical expenses the company covers for non-coronavirus health issues.

“Is the limit of $200,000 sufficient for more serious cases in places like the United States, where the medical expenses are astronomical?” asked insurance lawyer Sivan Tumarkin.

“We’ve heard about these cases of people who are hospitalized on ventilators for days, weeks, who are close to death and it takes them months, perhaps, to recover.”

Exclusions based on pre-existing conditions are another concern. Manulife has not yet released details about the new plan or how health conditions such as asthma or lung disease might factor in to coverage availability.

“I’m happy that these coverages are coming because people want to travel and we need insurance, but my thing would be just release the policy, release the verbiage,” Tumarkin said.

“The devil is in the details.”

New insurance offers that arguably incentivize travel fly in the face of authorities urging Canadians to stay home, says Marty Firestone, president of Travel Secure Inc., a Toronto-based company that specializes in travel insurance.

“It’s good, it’s a step in the right direction. But why are we encouraging travelling and covering COVID if our own Canadian government is extending the U.S. border closure,” he asked, referring to Manulife’s plan. “That’s a little contradictory.”

At least one Manulife rival seems to agree. Orion Travel Insurance Co., a major travel insurance provider owned by CAA, “is not proactively encouraging international travel while advisories remain in effect,” CAA spokesman Elliott Silverstein said in an email.

Orion’s emergency medical insurance plan will include COVID-19-related costs when Global Affairs Canada brings travel advisories to a lower level, he said.

Air Canada and WestJet now offer free travel insurance with a $100,000 coverage limit on flights to Mexico, the Caribbean and, in WestJet’s case, Europe.

Firestone said he is concerned about companies “luring passengers…with this false sense of security.”

WestJet has highlighted “peace of mind” through safety protocols and the no-charge insurance, which applies to reservations made starting this Friday.

“We know Canadians are seeking reassurance and our guests can now have confidence knowing they are protected against unforeseen medical costs related to the pandemic when choosing to book with WestJet,” chief commercial officer Arved von zur Muehlen said in a statement last week.

Manulife’s plan also covers daily quarantine-related costs of $150 per person or $300 per family for up to two weeks.

Basic travel insurance plans generally don’t cover pandemics, with viral exclusions comprising a part of various insurance policies since the SARS epidemic.

“The pandemic has had extraordinary impacts on the day-to-day lives of Canadians, and at Manulife, our top priority remains the health and safety of our customers, employees, partners and communities. This specialized travel insurance is aimed at helping protect what matters most,” Alex Lucas, head of insurance at Manulife, said in a statement.

This report by The Canadian Press was first published Sept. 16, 2020

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest