Canadian insurance firm targeted in ransomware attack
An Andrew Agencies Ltd. location can be seen in Carlyle, Sask. in this Google maps image.
TORONTO -- Andrew Agencies Ltd., an insurance firm that operates in the Prairies, was recently targeted in a ransomware attack but says no personal information was taken.
Dave Schioler, the executive vice president and general counsel for Andrew Agencies, confirmed the security breach in an email statement to CTVNews.ca on Wednesday.
"We have uncovered no evidence of sensitive personal information or data being stolen or otherwise compromised," he said in the statement. “We can advise that the incident has had minimal impact on our operations.”
Andrew Agencies, a full-service insurance and financial services firm, operates 18 locations in Alberta, Manitoba and Saskatchewan.
A hacker group known as Maze has taken credit for the attack online. The group was reportedly behind a ransomware attack that recently targeted the City of Pensacola, Fla.
Schioler said that Andrew Agencies did not pay a "ransom as part of the recovery effort."
"We have taken this matter very seriously and have expended considerable resources in the investigation and remediation of this incident, including the use of third parties with expertise in similar incidents," the statement reads.
ARE THESE TYPES OF ATTACKS ON THE RISE?
News of the security breach at Andrew Agencies comes one day after LifeLabs, one of Canada's largest medical laboratories, announced it was hit by hackers.
In LifeLabs' case, an estimated 15 million customers are believed to have been affected, with passwords, birthdays, health card numbers and even lab results potentially being accessed.
Brett Callow, a threat analyst with anti-virus software company Emsisoft, says while many of these types of attacks go unreported, it's very likely there has been an increase.
"Most ransomware attacks are not specifically targeted and, as there’s been an increase in attacks on the public sector, it would seem inevitable that there has been an increase in attacks on smaller businesses too," he said in an email statement to CTVNews.ca.
According to a report released this week by Emsisoft, at least 948 government agencies, educational institutes, and health-care providers were impacted by ransomware attacks in the U.S. in 2019. Emsisoft didn’t have information on the number of these types of attacks in Canada.
Callow says that in about 90 per cent of these cases, hackers are perpetrating these attacks through "email attachments or improperly secured remote access solutions."
So how can companies and municipalities protect themselves from these types of attacks? Well, Callow says a good starting point is email filtering and training staff how to spot potentially hazardous emails.
“The fact that ransomware groups are now stealing data as well as encrypting it makes prevention and detection more critical than ever,” Callow says.
SHOULD COMPANIES PAY A HACKER’S RANSOM?
In short, no, says Callow, because there’s a lot of unknowns.
“There is no guarantee that the decryption tool supplied by the cybercriminals will work or that they’ll even supply one.”
Callow added that every time a company pays for their data back, they incentivize these types of cyberattacks. However, he admits that some companies have no choice and have to take the risk because it may be the only option.
“For as long as companies pay ransoms, ransomware attacks will continue. The only way to stop the attacks is to make them unprofitable.”
With files from CTVNews.ca producer Michael Stittle