Criminals using AI to commit ransomware attacks, cybersecurity centre warns
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$1 per week for 24 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $4.00 plus GST every four weeks. After 24 weeks, price increases to the regular rate of $19.95 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.99/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19.95 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Free Press access to your Brandon Sun subscription for only an additional
$1 for the first 4 weeks*
*Your next subscription payment will increase by $1.00 and you will be charged $16.99 plus GST for four weeks. After four weeks, your payment will increase to $23.99 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
OTTAWA – The federal cybersecurity centre warns in a new report that criminals who hold data for ransom are using artificial intelligence tools that make it easier to target their victims.
The Canadian Centre for Cyber Security’s latest outlook report says the ransomware threat in Canada “continues to increase and evolve quickly” as malicious actors adopt sophisticated tactics.
Numerous Canadian organizations, including businesses, hospitals and universities, have been held digitally hostage in recent years by cybercriminals who electronically locked their private data and demanded payment to free the files.
In some ransomware cases, cybercriminals steal sensitive data and then threaten to make it public unless the ransom is paid.
The Cyber Centre’s report, made public Wednesday, says the number of ransomware incidents known to the centre increased from 2021 to 2024.
Cyber Centre head Rajiv Gupta says in the report that ransomware is one of the most disruptive, costly and persistent challenges facing Canadian organizations of every size.
“We assess that ransomware will remain a significant threat to Canada, requiring substantial attention from Canadians in the coming years,” says the report.
The centre — part of the Communications Security Establishment, Canada’s cyberspy agency — warns that threat actors engaged in ransomware attacks have started using AI to spot vulnerabilities, develop malware, generate deepfake images and automate negotiations with victims.
AI helps criminals overcome technical barriers and a lack of resources, making it easier to target victims and demand payment, often in the form of cryptocurrency, the report says.
“Cybercriminals are innovative, and they do whatever it takes to make money,” Gupta said in an interview.
The centre says basic digital hygiene practices — including regularly updating software, implementing multi-factor authentication for account access, backing up data and being cautious about phishing attempts — can help protect against cyberthreats.
Canadian organizations should also take advantage of the tools available to them — such as the malware detection and analysis tool Assemblyline, developed by the Cyber Centre — to continuously monitor their networks and stay vigilant, the outlook report adds.
“Cybersecurity practices are not just an optional extension of one’s business,” the report says. “They are integral to protecting critical data and operations, and to safeguarding Canadians who are reliant on the services of organizations responsible for this data.”
Gupta acknowledged the challenges for small organizations.
“Many small businesses have a single IT person, and they’re required to do cybersecurity as well,” he said.
Ongoing collaboration between police, the private sector and international allies will be needed to bolster understanding of threats and co-ordinate appropriate measures to address and prevent the spread of ransomware, the report says.
The cybersecurity centre warned as early as 2022 that criminals could adopt new techniques — such as threatening a target’s partners or clients — to increase their chances of receiving payment.
It noted that one cybercriminal group, which had targeted victims in Canada, was known to conduct denial-of-service attacks during payment negotiations, increasing the pressure.
The latest report says the trend toward such “multi-extortion methods” demonstrates cybercriminals’ increased sophistication and their efforts to boost both the effect of their attacks and the likelihood of victims paying the ransom.
The centre says while most ransomware groups likely will continue to use encryption to lock down victims’ data, there is a trend toward attacks focused on stealing sensitive data as a tool of extortion.
Critical infrastructure, such as energy and water facilities, and large corporations remain attractive targets for ransomware actors, but “no organization is immune” to cyberattacks, the report says.
This report by The Canadian Press was first published Jan. 28, 2026.