TORONTO -- A new report released by cybersecurity company Emsisoft estimates that ransomware demands increased by more than 80 per cent globally in 2020, with hundreds of millions of dollars estimated to have been paid out in ransoms in Canada alone.

The report, entitled “The Cost of Ransomware in 2021: A Country-by Country Analysis” was compiled by the Emsisoft malware lab, and examined incidents submitted to ransomware identification service ID Ransomware.

ID Ransomware is a service that allows victims of ransomware attacks to upload their compromised data for it to be analyzed in order to find out if it is salvageable and who the attack was perpetrated by.

Submissions to ID Ransomware constitute a confirmed incident of a ransomware attack, the report says, estimating there were a total of 506,185 during 2020 – but “truly accurate projections are impossible due to limited datasets and information sharing limitations.”

The report estimated that the average ransomware payment is US$154,108 and 27 per cent of impacted organizations paid up – with the average cost of downtime estimated at US$274,200.

Brett Callow, a threat analyst at Emsisoft, said the number of ransomware attacks in North America decreased slightly in 2020 but only because criminals were “abandoning large scale attacks” where they hit lots of smaller organizations at once, instead focusing on larger targets with more focused attacks.

“In 2018 the majority of victims were small businesses with an average ransomware demand of $5,000,” Callow said in a telephone interview with Thursday. “Now you have much larger organizations targeted like Honda and Garmin.”

Law enforcement agencies are also being targeted. Callow cited the Washington Metropolitan Police Department, which was hit by a ransomware attack Tuesday.

“The attackers are threatening to release details on police informants to the gangs that they are informing on, unless the police pay up,” Callow said. “These threats are really quite serious – they’re not just expensive, they represent a threat to people’s health and safety.”


In the report’s country-by-country breakdown, Emsisoft estimated that Canada had experienced more than 4,000 ransomware incidents in 2020 – with a minimum ransom cost estimate of US$164,772,274 and a maximum estimate of US$659,246,267.

When factoring the added cost of downtime due to ransomware attacks, those numbers jump to a minimum downtime and ransom cost estimate of US$1,011,008,551 and a maximum estimate of US$4,044,034,203.

“Ransom demands have increased significantly,” Callow said. “The attacks are against larger enterprises and the cost of downtime is much greater than it used to be, and the attacks themselves are more disruptive.”

Callow said “very often” the attacks constitute “full on data breaches” that impact customers and their private data – which can end up posted online or sold.

The majority of ransom demands are made using cryptocurrency Bitcoin as a medium for payment, as it is easily accessible and hard to trace, Callow said.

Attackers will gain access to a victim’s data, encrypt it, and then send a demand for ransom to the victim in order to unencrypt their information and regain access to it.

“At the end of 2019, most ransomware attacks only encrypted their targets data and were successfully able to attack Windows systems,” Callow said. “Now they encrypt their target’s data and steal a copy of it – and they’re able to attack Linux servers too. if the victim doesn’t pay, the data gets posted online in a series of instalments.”

In January, a Quebec man was charged by the U.S. Department of Justice for his alleged involvement in the “NetWalker” ransomware attacks that targeted institutions like the College of Nurses of Ontario and the Northwest Territories Power Corporation.

In November, the city of Saint John was hit with a demand for $17-million-worth of Bitcoin in ransom, while Vancouver’s TransLink was hit by a cyberattack demanding $7.5 million in December.

A Statistics Canada 2020 report on cybersecurity and cybercrime, said that 21 per cent of the overall Canadian business population reported being impacted by cybersecurity incidents, but only 12 per cent reported these incidents to police. Businesses reported spending a total of $7 billion directly on measures to prevent, detect, and recover from cybersecurity incidents in 2019.

In an emailed statement to, the Canadian Centre for Cyber Security (CSEC) said that cyber threats against Canadians and Canadian businesses are “evolving.”

“The commercial sale of cyber tools, coupled with a global pool of talent, has resulted in more threat actors and more sophisticated threat activity,” the statement reads. “Illegal online markets for cyber tools and services have also allowed cybercriminals to conduct more complex and sophisticated campaigns.”

The Cyber Centre has an online fact sheet that provides information on how Canadians can protect themselves from ransomware and how to recover if they are attacked.

Callow said most corporations and individuals can mitigate their chances of being the victim of ransomware attacks by “covering the security basics” like not opening suspicious emails, and incorporating dual-authenticated ID systems.