Proudly Canadian
Cybersecurity

How much do ransomware attacks cost?

The costs of ransomware attacks in Canada are going up, but if you are the victim of a attack, don't pay the ransom.

John Janisse May 26, 2025
Ransomware

Ransomware is the most common cyber threat Canadians face, and it is on the rise, according to the Canadian Centre for Cyber Security (CCCS).

The cost of ransomware is increasing

Canadian businesses collectively spent approximately $1.2 billion on recovering from cybersecurity incidents in 2023, doubling the expenditure from 2021.  In 2023, Canadian organizations paid an average ransom of $1.13 million, a substantial increase from $458,247 in 2021. Additionally, the average ransom demanded rose to $906,115 in 2023, up from $449,868 in 2021.

Recovering stolen data or systems is not the only cost to business. Ransomware attacks have led to significant operational disruptions, with 43% of affected organizations reporting revenue losses and 25% experiencing business stoppages.

Surge in Ransomware Incidents

In 2023, over 1 in 8 (13%) impacted Canadian businesses reported experiencing ransomware attacks, up from 11% in 2021. In 2024, Canada experienced over 5,200 ransomware attacks, marking a significant rise in cyber threats targeting the nation. The Canadian Centre for Cyber Security notes that many ransomware incidents go unreported, suggesting that the actual number of attacks is likely higher.

The ransomware campaigns have targeted not only small and medium sized businesses, but also critical infrastructure providers, including multiple hospitals and police departments, as well as municipal, provincial, and territorial governments.

High-Profile Attacks

In February 2024, the City of Hamilton experienced a ransomware attack that disrupted numerous municipal services, including libraries and emergency response systems. By November 2024, recovery efforts had cost the city $9.6 million, with ongoing restoration efforts still underway in May 2025.

In May 2024, the LockBit ransomware group attacked Canadian retailer London Drugs, demanding a $25 million ransom. The company refused to pay, leading to the leak of employee data.

Refusing to Pay

Both the City of Hamilton and London Drugs refused to pay the ransom. They are not alone – a growing number of organizations are refusing to pay. These organizations are doing the right thing, according to the CCSC. Their guidance emphasizes that paying a ransom is not recommended due to several significant risks:

  • No Guarantee of Data Recovery: Even if a ransom is paid, there’s no assurance that access to encrypted files will be restored.
  • Encouragement of Criminal Activity: Paying ransoms can incentivize cybercriminals to continue their attacks, targeting your organization or others.
  • Potential for Additional Demands: Threat actors may demand more money even after receiving an initial payment.
  • Risk of Data Deletion or Exposure: Attackers might use malware that deletes or permanently alters files, or they may leak stolen data regardless of payment.
  • Funding of Further Criminal Activities: Ransom payments can inadvertently support other cyberattacks or illicit operations.

Instead of paying, the Centre for Cyber Security recommends the following steps:

  1. Report the Incident: Immediately notify local law enforcement, the Canadian Anti-Fraud Centre, and the Cyber Centre.
  2. Isolate Affected Systems: Disconnect infected devices from the network to prevent the spread of ransomware.
  3. Identify the Ransomware Strain: Determine the type of ransomware involved to assess available decryption tools.
  4. Restore from Backups: If secure backups are available, use them to recover affected data.
  5. Implement Security Measures: Address vulnerabilities that allowed the attack and enhance security protocols to prevent future incidents.

Preventing and Responding

Organizations: For comprehensive guidance on preventing and responding to ransomware attacks, organizations can refer to the Cyber Centre’s resources, such as the Ransomware Playbook and Ransomware: How to Prevent and Recover.

Individuals: Get Cyber Safe is a national public awareness campaign created by the Government of Canada to inform all Canadians about cyber security and the simple steps you can take to protect yourself online.

Related pages: Be a Hero and Stop Cybercrime, Get a Free Cybersecurity Audit, Enhancing Cybersecurity with Endpoint Detection and Threat Response, How to prevent a ransomware attack

Leave a Comment