Cyber Centre: AI-fuelled ransomware to target more Canadians
The Canadian Centre for Cyber Security (Cyber Centre) has published a new outlook on ransomware threats in Canada for 2025 to 2027, warning that attacks within the country will remain a significant risk over the next two years as criminals adapt their methods and use newer technologies.
The government wing said it expects financially motivated threat actors to keep targeting Canadian organisations across sectors. Adding, threat actors have expanded their playbook beyond encrypting systems and demanding payment. It pointed to evolving extortion tactics and shifts in victim selection as criminals continue to refine the tactics, techniques and procedures used during intrusions.
The organisation highlighted the use of artificial intelligence and cryptocurrency within the cybercrime economy. It said AI has changed the economics of conducting attacks. It was assessed that attacks have become cheaper and faster to execute, while harder to detect.
"Ransomware threat actors have demonstrated adaptability to changes in the digital landscape and will very likely continue leveraging advancements in areas like artificial intelligence (AI) and cryptocurrency while developing new extortion tactics to increase their financial reward," the report stated.
The report added that as decentralised finance becomes more accessible, more cybercriminals are using it to make untraceable payments when targeting Canadian organisations. It pointed to increased regulatory pressure on virtual financial crimes have further encouraged threat actors to find ways to hide their transactions.
"Ransomware is big business. At a time when cybercriminals continue to target Canadian businesses, critical infrastructure, and government systems, education on this threat has never been more important," said Rajiv Gupta, Head of Canadian Centre for Cyber Security.
The Cyber Centre framed ransomware as part of a broader criminal marketplace. It said the landscape has become more sophisticated and interconnected, with a wider range of services and supporting infrastructure. The organisation said understanding trends remains important for preparation and risk reduction.
Basic controls to mitigate
The outlook honed in on defensive measures, which it described as effective cyber hygiene. It cited regular software updates, multi-factor authentication and caution with phishing attempts as key ways to prevent attacks. It added that ransomware often spreads through phishing emails and fake downloads.
The Cyber Centre said no organisation is immune to ransomware, while larger organisations and critical infrastructure can attract sustained attention from criminals. It also described threat actors as opportunistic and financially motivated.
The organisation said that tackling ransomware requires cooperation among law enforcement, government agencies, private organisations, and the public. It positioned information sharing and continued diligence as part of the response across Canada.
In 2024, the Cyber Centre issued 336 pre-ransomware notifications to more than 300 Canadian organisations. It said the work from that year resulted in economic savings of up to $18 million.