An increasing number of “ransomware” attacks led Canada’s investment industry self-regulatory organization to issue an updated notice on how the industry can prevent, detect, respond to and recover from these attacks.

In its updated notice, the Investment Industry Regulatory Organization of Canada (IIROC) said these attacks posed a “critical threat” to its firms and noted that the number of attacks has increased over the past few months. The phrase “ransomware” draws from kidnapping, and in many of the current scenarios, cyber attackers effectively “kidnap” an organization’s data, using software that locks and encrypts the data until a ransom is paid to unlock or decrypt the device or network.

The release notes that even after ransom is paid, attackers may still destroy the information or publicly release it to further harm the firm and its clients. It also notes that law enforcement officials “generally advise against paying ransoms” and that firms should consult with their own counsel before making any decision. The notice also guides its member firms to consult with the RCMP National Cyber Crime Coordination Unit (NC3).

“The best way to deal with a ransomware attack is to prevent it from deploying,” the notice said.

This year’s notice comes almost exactly one year after a 2020 IIROC release that warned of malware and phishing attacks that could jeopardize the security of information and systems, but did not include the “ransomware” element. A similarly timed 2019 release trumpeted an IIROC membership survey that said member firms “have taken concrete steps to put in place appropriate cybersecurity measures to manage threats and protect their clients and businesses.”

IIROC is the national self-regulatory organization which oversees all investment dealers and trading activity on debt and equity marketplaces in Canada.