In December 2025, the Canadian Centre for Cyber Security (CCCS), operating as part of the Communications Security Establishment (CSE), published its latest national cyber threat assessment. The report paints a stark picture: ransomware attacks have been growing at 26% year-over-year since 2021, and this trend shows no signs of slowing. Ransomware is identified as the single greatest cybercrime threat to Canada's critical infrastructure and public institutions.
Key Findings
The CCCS assessment concludes that ransomware will remain the most disruptive form of cybercrime affecting Canadian organizations through at least 2027. The report highlights the increasing professionalization of ransomware operations, the growing use of artificial intelligence by threat actors, and the expanding attack surface created by digital transformation initiatives across both the public and private sectors.
The Numbers
- 26% annual growth in ransomware attacks targeting Canadian organizations since 2021
- $1.2 billion CAD estimated annual cost of ransomware to Canadian businesses and institutions
- 60% of victims are small and medium-sized businesses with fewer than 500 employees
- Average downtime of 21 days for organizations that suffer a ransomware attack
- Triple extortion tactics (encryption, data theft, and DDoS) now used in over 40% of attacks
AI-Powered Threats
The report dedicates significant attention to the role of artificial intelligence in accelerating the ransomware threat. Threat actors are leveraging AI to craft more convincing phishing emails, automate vulnerability discovery, and develop polymorphic malware that evades traditional detection. AI-generated voice and video deepfakes are being used in social engineering attacks to impersonate executives and authorize fraudulent transactions. The CCCS warns that AI is lowering the barrier to entry, enabling less technically skilled criminals to launch sophisticated attacks.
Most Targeted Sectors
The report identifies several sectors that face disproportionate risk:
- Healthcare: Hospitals and health authorities remain prime targets due to the critical nature of patient care systems and the pressure to pay ransoms quickly
- Local Governments: Municipalities often operate with limited cybersecurity budgets and legacy infrastructure, making them vulnerable to attack
- School Boards: Educational institutions hold large volumes of personal data on students and staff while facing chronic underfunding of IT security
- Utilities: Water treatment, electricity distribution, and natural gas providers are increasingly targeted as their operational technology systems become more connected
Ontario's Response
In response to the growing threat landscape, the Government of Ontario announced in March 2026 a comprehensive privacy and cybersecurity overhaul for the MUSH sector (Municipalities, Universities, School boards, and Hospitals). The initiative includes mandatory cybersecurity baseline standards, centralized threat intelligence sharing through a provincial security operations centre, and dedicated funding for cybersecurity upgrades across public institutions. This represents the most significant provincial investment in cybersecurity infrastructure in Canadian history.
CyberSafe's Recommendations
- Implement a layered defence strategy combining endpoint detection and response (EDR), network monitoring, and email security
- Maintain tested, offline backups with a recovery time objective that meets your business continuity requirements
- Deploy multi-factor authentication across all remote access points and privileged accounts
- Conduct regular tabletop exercises simulating ransomware scenarios with your incident response team
- Establish relationships with law enforcement and the CCCS before an incident occurs
- Consider a managed detection and response (MDR) service if your organization lacks 24/7 security operations capability