Cyber Security Today, March 25, 2022 – More ransomware statistics, infected Excel files, a Chrome bug exploited and more

More ransomware statistics, infected Excel files, a Chrome bug exploited and more

Welcome to Cyber Security Today. It’s Friday, March 25th. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


Ransomware payments hit new a record last year, according to a report this week from Palo Alto Networks. The average ransom demanded on cases worked on by the company’s incident response teams rose 144 per cent last year to $2.2 million, while the average payment climbed 78 per cent to just over $54,000. These numbers are in U.S. dollars. As usual, organizations in the United States were by far the most attacked, followed by Canada, the U.K., France and Germany.

Also this week the FBI released its annual Internet Crime Report. Last year it received just over 3,700 ransomware complaints, with adjusted losses of more than $49.2 million. Of those complaints 649 of the victims were American critical infrastructure providers. The largest number were in the healthcare field like hospitals and clinics. The second-largest were in the financial sector. Overall the FBI received just over 847,000 complaints of suspected internet crime. That’s a seven per cent increase from 2020. Reported losses exceeded $6.9 billion.

These reports follow a ransomware survey of Canadian organizations released earlier this month by telecom provider Telus. On my Week in Review podcast this afternoon I’ll discuss that report with a guest commentator.

Meanwhile a town near Toronto reports its phone and email networks are down due to a virus. A ransomware gang called Cuba claims on its website it copied financial documents, correspondence with bank employees, tax documents and more. I’m not naming the municipality because I haven’t been able confirm the attack.

There’s a new wave of malware being spread by infected Microsoft Excel files. Security researchers at Morphisec Labs say the files carry a well-known trojan called JSSLoader that allows a hacker remote access to systems. As often is the case the files are in email attachments. Victims who click on the file will see a popup asking for installation approval because the file doesn’t include a security digital signature. If the victim approves an add-in, the file will be downloaded. It’s imperative staff be trained not to approve the installation of files or attachments they haven’t asked for.

Google regularly updates its Chrome browsers to close vulnerabilities, but sometimes it isn’t fast enough. This week it acknowledged that a hole that was patched on February 14th had been exploited by two North Korean threat groups for over a month. The groups targeted U.S.-based organizations including news media, domain registrars, web hosting companies, finance and cryptocurrency firms. Other firms and countries may have been targeted, Google says. Some targets received emails with fake potential job opportunities claiming to come from recruiters at Disney, Google and Oracle. Using the browser exploit, one goal was to fingerprint the computer systems of victims for further attacks.

Finally, in an era of citizen activism it may be tempting for individuals to launch cyberattacks against one side or the other in the Russia-Ukraine war. For example, in Monday’s podcast I mentioned an open-source developer who inserted wiperware in his application library with the goal of crashing the computers of people from Russia and Belarus who downloaded the package. However, Matt Olney, director of threat intel for Cisco Systems’ Talos intelligence service, has a warning: A country doesn’t know if a cyber attack is coming from an individual or another nation. A large cyber retaliation may not be the response an individual – or his country — wants. There is a risk, he says, of crisis escalation. In my Week in Review podcast this afternoon I’ll discuss another angle, the risk to the reputation of the open-source software development community.

Remember links to details about podcast stories are in the text version at

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today