The Gaming Boardroom

Where the gambling industry comes to think

Ransomware: How to prevent and recover (ITSAP.00.099) – Canadian Centre for Cyber Security

Steve Tyler Exec Content

Ransomware: How to prevent and recover (ITSAP.00.099) – Canadian Centre for Cyber Security

Summary

Ransomware is malicious software that denies access to systems or data until a ransom is paid. Modern threat actors often combine encryption with data theft to increase pressure on victims. Attacks can come via phishing, malicious attachments or links, exploited vulnerabilities, and commercialised services such as ransomware-as-a-service; attackers may also use AI to find weaknesses and automate attacks.

This guidance from the Canadian Centre for Cyber Security outlines practical steps organisations should take to prepare for, protect against and recover from ransomware incidents, including planning, backups, authentication, privilege management, patching, network segmentation, security tools and when to seek professional help. It also covers response steps after an infection and the risks of paying a ransom.

Key Points

  • Ransomware both encrypts systems and increasingly exfiltrates data for double extortion.
  • Common infection vectors: phishing emails, malicious attachments or links, and lateral spread from compromised devices.
  • Prepare: create and test an incident response plan, business continuity and recovery plans; keep offline, encrypted backups and test restores regularly.
  • Protect: deploy phishing-resistant multi-factor authentication, password managers, least-privilege access, restricted admin accounts, timely patching and disable macros by default.
  • Network segmentation and security tooling (antivirus, firewalls, DNS filtering, DMARC, VPNs) reduce spread and exposure.
  • Respond: isolate infected devices (do not power down), preserve forensic evidence, report to law enforcement and the Cyber Centre, reset credentials and identify the ransomware strain.
  • Recover: remediate the point of entry, scan and restore from secure backups, apply updates and review lessons learned with staff training.
  • Paying a ransom is risky: it does not guarantee recovery and can lead to further extortion, additional attacks or data leaks.
  • Consider cyber insurance but ensure policy documents and coverage details are themselves secured.

Context and relevance

This guidance is aimed at organisations of all sizes that need a practical, actionable checklist to reduce ransomware risk and speed recovery. It aligns with current trends: commoditised ransomware services, rise in data-theft extortion, and use of AI by attackers. Implementing these controls reduces operational downtime, legal and reputational exposure, and the likelihood of repeat attacks.

Why should I read this?

Short and sharp: if you run or support IT systems, this is your playbook for avoiding a catastrophic outage. It’s packed with the immediately actionable moves — backups, MFA, least privilege, patching and tested plans — that stop ransomware from ruining your week (or your organisation). We read it so you don’t have to — follow the checklist and you massively lower your risk.

Source

Source: https://cyber.gc.ca/en/guidance/ransomware-how-prevent-and-recover-itsap00099