Calgary cyber security experts warn WannaCry ransomware attacks could happen here

by Carolyn Kury de Castillo (feat. Tom Keenan)

Global News
May 15, 2017

As the global fallout continues after the WannaCry ransomware cyberattack, cyber security experts in Calgary are warning there is absolutely nothing stopping the disaster from happening here.

University of Calgary professor and author of the best-selling book Technocreep says he worries about a horror scenario that could play out in Alberta.

“What if the next time they take over a hospital, they don’t just encrypt computers but they start to exploit vulnerabilities and machines like x-ray machines and MRI machines?” Tom Keenan said.

“That could be very scary if you’re a hospital administrator and you’re suddenly getting a message: ‘we’re not going to encrypt your files, that’s 2016. Now we are just going to kill a patient every other day until you give us $10 million.”

Keenan, who is also a research fellow of the Canadian Global Affairs Institute, says the attack didn’t surprise him, but what was different was how widespread it was: from health care to major corporations.

“Most people go, ‘hey a big company like a hospital or FedEx—they must be all up-to-date on their systems. Now we are learning that lurking inside of many big companies and maybe inside your house is some old computer that you never updated and that is the one that got in this vulnerability,” he said.

The Calgary Chamber of Commerce is urging all businesses to invest whatever resources they can into I.T. security, despite the tough economic times.

“That can mean that there is less focus on things that might happen someday in the future. So one of our messages for business is: absolutely still consider the risks that are affecting your business and consider how you would be impacted by a business interruption or a disaster and ensure that you’re investing, as hard as it is to do, and ensuring that you can be resilient to those kinds of circumstances,” said Scott Crockatt, director of marketing and communications at the Calgary Chamber of Commerce.

“Cybersecurity is absolutely one of the top identified risks that are facing Calgary and Canadian businesses,” Crockatt said.

Calgary Centre-North MP Michelle Rempel is urging all levels of government to put more emphasis on cybersecurity.

“I think that the challenge has been that a lot of our systems and how we’ve done business have changed so rapidly, but government tools to prevent things like this and regulations haven’t kept pace,” Rempel said. “For me, this is one of the key public policy challenges of our time—something we don’t really pay attention to until disaster strikes.”

A spokesman for Alberta Health Services (AHS) said they are monitoring the global cyberattacks, but no services had been affected in Alberta as of Monday.

“AHS has not been impacted by the international cyberattacks targeting health-care facilities and organizations. AHS takes these threats very seriously and has processes to deal with them,” Bruce Conway said.

Service Alberta Minister Stephanie McLean said Monday the government is “constantly prepared for attacks.”

“We certainly did a threat assessment with respect to the WannaCry virus and malware and we determined that we were well-vaccinated, as it were, against this particular attack,” McLean said. “We are very successful in blocking the majority of emails that come through that initiate this kind of thing.”

McLean said the provincial government has never paid a ransom due to such attacks in the past and she expects to be able to avoid doing so in future.

“Wherever there have been instances of infiltration, they have been extremely minimal and our protections in place have very well protected the sensitive information the government of Alberta holds.”

Calgary’s mayor says he believes the city is also in good hands when it comes to cyber security.

“I am very confident in our team at the city. Sometimes when I am doing budgets, I get a little fussed about: how much do you need for all this? But this really highlights how important that kind of work is,” Naheed Nenshi said.

Owen Key, the city’s chief security officer, said he hasn’t seen any incidents of this particular malware.

“Although we are unable to discuss specific actions we are taking, we are following Public Safety Canada’s Cyber Security Incident Response Team’s recommendations and best practices in order to protect the City’s systems and information.”

The Calgary Police Service Cyber/Forensics Unit is also warning people about the ransomware attack that is taking advantage of vulnerabilities in businesses’ and individuals’ cybersecurity.

“As technology evolves, it’s important for citizens to be aware how their devices and data could be vulnerable,” said CPS Cyber/Forensics Unit Staff Sgt. Cory Dayley. “Quite often there are simple things that can be done to protect against a cyberattack. Unfortunately once data has already been comprised, it is difficult to restore and the loss can have an enormous impact on the victim.”

Security experts say the best advice is to run a current operating system and get a good anti-virus and anti-malware package—and don’t click on anything you are not sure about.

“Don’t be stupid,” Keenan said. “Don’t go out there and click on something just because you think that it is an interesting email.”