Delta cybercop heads to Europe in search of a ransomware attacker | The Canadian News

A Delta police officer will chart new territory when he heads abroad this month to join his European counterparts trying to solve a cybercrime case.

Const. Dustin Classen from DPD’s cybercrime unit will meet in Hauge, the Netherlands, with a Europol team pursuing the same suspect.

“Because cybercriminals have such an international base, we really don’t know where they are,” Classen said.

What the police do know is this: Earlier this year, a malicious actor was able to exploit a weakness in Microsoft Exchange to break into the network of a midsize Delta company. They were then able to encrypt it, blocking the owners in what is known as a ransomware attack.

Payment was requested to unblock the network, but the company restored its system from backups and went to the police.

Classen said investigators were able to collect “fingerprints” from the attack data and shared them with their counterparts at Europol, the European Union law enforcement agency. Researchers in Europe were able to link those identifiers to attacks in several European countries.

“Now we have another agency that has a completely different set of circumstances. If we can connect with them and pool our resources, maybe we can put the pieces of the puzzle together and find out who he is, ”he said.

It’s a big step for Delta’s small cybercrime unit, which Classen says has doubled in recent years.

Ransomware attacks have become a growing threat in recent years. TransLink, Vancouver Coastal Health, and a third-party service provider for BC Cancer have been targets of such attacks in just the past two years.

Trend stories

• 

  At least 70 dead as tornadoes sweep through 5 US states, Kentucky Governor says

• 

  Fully vaccinated: How many doses will you take and how will Canada decide?

In fact, a recent Angus Reid Institute survey for Palo Alto Networks found that 55 percent of IT decision makers reported that their organization had been attacked by a ransomware attack. One in five said they had been attacked more than once.

The consequences can be costly: The average ransom demanded was nearly $ 450,000.

Classen said the Delta attack was a powerful reminder of the value of keeping security up to date. The Microsoft Exchange weakness that the attackers exploited was actually the subject of a security patch the software company had released, which according to Classen may have been the hackers’ way of finding their target.

“If you don’t implement those patches or you implement them correctly, what was happening is that bad actors or cybercriminals were scanning the network for vulnerable servers.”

While ransomware attacks are a big problem for businesses, Classen said his unit has been even busier dealing with a wave of “cyber” crimes targeting individuals.

The most popular scam today, he said, is bogus cryptocurrency “investment” opportunities.

Attackers create fraudulent investment sites, then hunt down their targets on social media or dating sites, promising quick, low-risk returns.

“A lot of people don’t really understand cryptocurrencies,” he said.

“So when someone comes out of nowhere and says look, you can make a lot of money doing this and I can show you how and they are friendly … I can see how people would fall for that scheme.”

Delta Police hope that Classen’s journey to meet with veteran European cybercriminals will pay off in new skills and capabilities for the unit to combat the wave of cyber attacks on both businesses and individuals at home.

It’s a big problem for us at Delta. I don’t think we have ever participated in such an international effort, “he said.

“We are a fairly small city department, but we are making great strides in our cybercrime unit.”