Ransomware attack compromises RCMP's ability to issue pay stubs

TORONTO -- The RCMP found itself the victim of a growing digital crime spree as a ransomware attack on a federal government contractor compromised the Mounties’ ability to process pay stubs for its more than 20,000 employees, CTV News Toronto has learned.

For about two months, many officers were unable to confirm they were paid correctly, that their overtime was accurately recorded, or that their expenses were paid back, according to a memo issued by the National Police Federation.

“The RCMP notified Members of a ransomware attack on a private company that provides payroll services to federal government departments including the RCMP,” the memo says. “Since that time, the RCMP has not provided Members with pay stubs.”

Mounties told CTV News Toronto in a statement that they don’t believe their employee information was compromised, and despite the lack of paperwork, the pay itself wasn't interrupted.

“As a precaution, while investigations were underway, the RCMP suspended any work done through the company, including the distribution of pay stubs,” wrote Cpl. Caroline Duval. “The RCMP is currently anticipating being back to normal distribution and issuing retroactive pay stubs by early June."

The RCMP didn’t name the company involved, nor did the federal government's Treasury Board when it first notified Canadians in March in general that a breach had occurred. One company contacted by CTV News Toronto didn’t confirm or deny that it was the company affected.

But ransomware attacks on large organizations are on the rise, with experts saying the lure of using the private information that was hacked for identity theft is being replaced by the push for big payouts that can sometimes be wrung from organizations with deep pockets.

“Ransom demands have been increasing exponentially over the past year. We’re talking about ransoms in the millions,” said Claudiu Popa, a cybersecurity expert with Informatica Corporation.

He pointed to the payment of $4.4 million in bitcoin by Colonial Pipeline to end a six-day gas shortage after a massive cyberattack.

In Canada, several government agencies have been targets, including attacks on the region of Durham and a City of Toronto contractor.

In the past few months, hackers have demanded $7.5 million from Vancouver transit operator Translink, and more than $17 million from the City of Saint John in New Brunswick. 

That city refused to pay — saying it would rather rebuild its systems from scratch, which it said could take as many as six months and cost millions.

That’s the right move, said Brett Callow, a threat analyst with Emsisoft, which calculated that ransomware demands increased some 80 per cent globally in 2020, a year some Canadians were hit more than 4,000 times, at a cost between $165 million and $660 million.

“It’s a feeding frenzy. Organizations keep on paying the criminals, and the criminals operate with complete impunity. There are millions of dollars on the line and as long as they continue to be paid they will continue to attack,” Callow said.