While prominent in the U.S., ransomware is just not a thing north of the border Trend Micro researchers revealed in it Canada threat landscape report.
“For whatever reasons the market forces just aren't driving them in that direction,” Christopher Budd, global threat communications manager at Trend Micro, told SCMagazine.com.
Though the report didn't specify a reason for ransomware's absence, Budd hinted that cost-benefit analyses by cybercriminals could show that using ransomware may have a low-yield because Canadians are not culturally attuned to falling victim such attacks.
Budd pointed out that ransomware attacks have worked their way around the globe, initially rising to prominence in New Zealand and the U.K., before cybercriminals used it to target Americans. So, it is possible that Canadians may be targeted more in the future, he said.
OpenCandy (see chart at left) adware toolbar and Dridex malware are currently the most prominent threats in Canada.
Cybercriminals in the U.S. influence the Canadian threat landscape by providing the infrastructure for hosting malicious content. And the majority of malicious sites that Canadians visit are predominantly hosted in the U.S. - malicious hosting in Canada simply isn't as sophisticated as it is in other countries.
Underground toolkits and infrastructure services such as VPN services, botnet toolkits and DDoS services aren't widely found in Canada, the researchers said. And, the study showed, there is little market for violent crimes for hire in Canada's dark web. Budd said it's likely that cybercriminals look to the U.S. for toolkits and infrastructure services, noting, “If you have a mature marketplace where you can buy what you need there's no need to build a new one.”
The parts of the dark web hosted in Canada are primarily focused on the sale of fake and stolen documents and credentials such as driver's licenses, passports and dumps of personal information.