David Shipley

Nova Scotia Power confirms cyberattack was ransomware and says it didn't pay Crypto investor charged with kidnapping and torturing a man in a New York City apartment new record setting DDoS botnet that can pummel any company off the Internet and signal raises alarms about Windows recall snooping on what people thought were private messages this is Cybersecurity Today and I'm your host David Shipley. Let's get started. First up, what may be the most serious ransomware attack ever made public against a Canadian energy utility continues to unfold. Nova Scotia Power, owned by Amira, confirmed Friday that the cyber attack it suffered a month ago in April was in fact ransomware. The attack forced the company to bring a number of customer facing systems down, along with impacts to other business applications, including hr. Nova Scotia Power has said in early announcements that some data had been stolen. The company confirmed Friday that customer data has now been published to the Dark Web. The company says it didn't pay the ransom. It said its decision aligned with law enforcement guidance along with applicable sanctions law for those who aren't aware of Some ransomware groups have already been specifically called out with sanctions, particularly by the US Government. Paying ransoms to sanctions groups can get you into a world of legal hurt. The attack didn't impact its energy generation or distribution operations, however, it has disrupted Nova Scotia Power's business operations for weeks. In March, Nova Scotia Power filed a request to spend $6.8 million more on cybersecurity over the next few years. They'd already spent $1.7 million of that amount between 2023 and 2024, but apparently it was either not enough or not fast enough to prevent this incident. A key question raised by the story is this. Do utility regulators have the skills to scrutinize cybersecurity investment and preparedness for critical infrastructure firms they regulate? Do they even have the legislative mandate to ask questions about cybersecurity? And the attack is yet another reminder of Canada's lack of serious national cybersecurity critical infrastructure laws. All eyes in the cybersecurity community will be on Ottawa this week as Parliament resumes to see if cyber's on the radar in what's known as the Speech from the Throne. As a bit of Canadian trivia, the speech will be read by King Charles in person. This is only the third time in Canada's history that the sovereign has done so. Wouldn't it be great if the King told us to clean up our act and get some cybersecurity legislation in place? Okay, that's not how it actually works. But one can dream, can't we? Back to ransomware. Palo Alto's Unit 42's latest report shows that between January and March 2025, over 822 organizations in the United States were hit by ransomware, including recently the largest U.S. steel producer. Canada came in second, but a distant second with 88 victims. Now we're about 110 the size of the U.S. so 88 sounds just about right proportionally. But it is a bit scary to see that Canada is second to the United States. What kinds of companies are being targeted the most? Manufacturing leads the way, followed by retail and wholesale, and then professional and legal services. And remember, these aren't just digital attacks. They're economic body blows to sectors that keep our society running. Now there is some good news to report on the ransomware front. Europol just wrapped up something called Operation Endgame in cooperation with law enforcement around the world. It was a massive global takedown of ransomware infrastructure. And the results? 300 hacker controlled servers taken offline, 650 malicious domains seized, and over 21 million Euro in criminal cryptocurrency assets frozen. Now this is what happens when governments and policing agencies around the world work together to fight cybercrime. It's a huge win. Now for the next story. If you have young kids listening, this story may contain some disturbing details. In a shocking case out of New York, a cryptocurrency investor has been arrested for kidnapping a man from Italy and torturing him for his password to his bitcoin wallet. The victim was abducted on May 6 and was allegedly beaten, electroshocked and threatened with death over several weeks. He eventually escaped and flagged down a traffic officer. His captors, according to prosecutors, drugged him, used electric wires to shock him, hit him in the head with a firearm, and at one point carried him to the top of a flight of stairs where they dangled him over the ledge and threatened to kill him if he didn't share his bitcoin password. The suspect, 37 year old John Woltz, is now in custody and police found a disturbing list of items in his apartment. Everything from body armor, weapons, even Polaroids of the victim with a gun to his head. The lesson here is digital assets like cryptocurrency don't just attract hackers. They can also attract real world cybercriminals willing to commit violence to get access to digital funds. How do they find out if you have crypto investments Every time you give up your information online and by hacking databases? The news of the Coinbase customer breach, where customer data from the biggest crypto exchange in the world was leaked. These kinds of attacks are likely going to increase real world violence. Now onto a very different kind of threat. We've all heard of distributed denial of service attacks that have brought down websites, but we haven't seen one quite this large. Security researchers have spotted what may be the largest botnet seen to date. It's called a ciru, and it just ran a test attack on the site of cybersecurity journalist Brian Krebs. Krebs noted that he thought this was either a rehearsal or a demonstration to a potential buyer of just how powerful this particular botnet is. The attack peaked at 6.3 terabits per second. That's 10 times bigger than the infamous Mirai botnet from 2016. And to put that in perspective, that's enough data to cripple even the largest global websites instantly. And here's the kicker. Last year you could rent a Ciro for as little as $150 a day. It was about a third of its current size. With that kind of power for that low a price, the threat is widely disproportionate, especially considering what it can cost victims to try and defend or in losses when online retailers are knocked offline. Canadian firm Postdigm estimates that a DDoS attack can cost online retailers around $6,000 per minute in lost revenue. And while attacks are shorter now, often lasting around 10 minutes, the damage can add up fast. A Seru is a large asymmetric threat. It's a weapon that small time criminals can rent to do big time damage and leverage to demand lucrative extortion payments. And finally, let's talk about Microsoft's second attempt at its AI feature, recall. This tool, rolling out now in Windows 11, takes screenshots every three seconds of everything a user does and stores it. Email, banking info, medical records, zoom call, signal messages, you name it. Recall can grab it. Privacy and cybersecurity Experts criticized this AI feature when it was first announced in 2024. It was pulled, massively reworked and relaunched. But now it's not just privacy and security experts raising concerns. Signal, the company behind Signal messenger, the encrypted app, which was mistakenly faulted for being used by US government officials while in reality they were using a clone of Signal software, is now blocking screenshots in its Windows app by default. And here's why. Even if messages are encrypted, anyone who can get access to your credentials and your PC can read them. And it's not just, of course, your messages. With Microsoft's new changes, the tool can still expose private conversations, not just yours, but the ones that other people who never consented to this feature can now be spied on. Security Reacher Kevin Beaumont tested Recall himself last year and again recently. He found that it was still capturing sensitive data, including credit card details, and that the database could be unlocked with just a fingerprint or a pin. That's not security, that's a treasure chest for hackers. Thanks for tuning in. If you found this episode helpful, do us a favor. Share it with a colleague or friend. The more we talk about these issues, the better chance we all have of preventing incidents and fixing problems. Until next time, stay sharp and stay safe. We're always interested in your opinion and you can contact us@editorechnewsday ca or or leave a comment under the YouTube video. I've been your host, David Shipley, sitting in for Jim Love, who will be back on Wednesday. Thanks for listening.