InfoSecBulletin Cybersecurity for mankind
According to a survey conducted by the Canadian Internet Registry Authority (CIRA), most organizations in Canada still choose to pay ransomware gangs after successful attacks.
One conclusion from an online survey of 500 Canadian cybersecurity professionals is that organizations with at least 50 employees are at risk. The survey was released by CIRA on Tuesday.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
CIRA oversees the .ca registry.
41% of respondents reported that their organization had been targeted by a cyber attack in the past year. Among these, 23% confirmed that their organization had fallen victim to a ransomware attack, an increase of 1% compared to last year.
ALSO READ:
Bypass Cloudflare Firewall and DDoS Protections using Cloudflare
70% of organizations surveyed said they paid ransom demands, with nearly a quarter paying up to $100,000. These numbers are similar to previous surveys conducted by CIRA. In 2022, 73% of those affected by ransomware paid, compared to 69% in 2021.
The numbers went in the wrong direction this year, according to Jon Ferguson, CIRA’s general manager of cybersecurity.
If organizations are not prepared for an attack beforehand, it can be difficult for them to fix the problem afterwards. Some organizations choose to pay because they believe it is the easiest solution. They may not have the capability to recover without regaining access to their data.
They may also be worried about damage to their reputation if word gets out about a ransomware attack, he added.
Some organizations in 2023 may not be ready to deal with ransomware because they struggle to comprehend the risks that come with adopting new technologies in IT.
The survey showed that IT professionals acknowledge the issue of ransomware. In fact, 75% of the respondents expressed their support for a law that would prohibit organizations from paying ransoms. This is an increase from 64% in the previous year’s survey.
64% of respondents in the survey said they had used their incident response plans in the past year. Ferguson noted that it is at least good that they had a plan to use. In fact, 44% of respondents said their company has a comprehensive incident response plan, while another 40% said they have a basic plan.
