Cyber Centre releases Ransomware Threat Outlook 2025 to 2027

From: Communications Security Establishment Canada

News release

January 28, 2026 – Ottawa, Ontario 

Today, the Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment Canada (CSE), released its Ransomware Threat Outlook 2025 to 2027, its latest assessment of ransomware threats facing Canada.

The modern ransomware landscape is a highly sophisticated and interconnected ecosystem that is constantly evolving. Understanding current and emerging trends is critical to helping Canadians better prepare for and mitigate ransomware risks.

The Cyber Centre's report covers the early history of ransomware, highlights emerging and projected trends, outlines its impact on Canada and Canadian organizations, and debunks common myths and misconceptions.

It also outlines the following key points:

  • Ransomware is a growing threat: The ransomware threat continues to increase and evolve quickly, as threat actors adopt sophisticated tactics to carry out cybercrime. All organizations in Canada are at risk. Threat actors are opportunistic and financially motivated.
  • Threat actors are evolving: They are leveraging new technologies – like artificial intelligence (AI) and cryptocurrency - while developing new extortion tactics to increase their financial reward
  • Basic cyber hygiene is effective: Regular software updates, multi-factor authentication (MFA), and caution with phishing attempts are simple steps that help protect organizations and increase their cyber threat readiness.
  • Collaboration is essential: Tackling ransomware requires continued cooperation and diligence among law enforcement, government agencies, private organizations, and the public.

The Cyber Centre assesses that ransomware attacks will remain a significant threat to Canada in the next 2 years. With the rise of AI, these threats have become cheaper and faster to conduct and harder to detect.

That’s why CSE, through its Cyber Centre, remains firmly committed to protecting Canadians against this evolving threat with useful and timely tools, services, guidance and strategic partnerships that help build a more resilient digital future for Canada.

Quotes

“As cyber threats like ransomware continue to evolve, the Communications Security Establishment Canada remains steadfast in its commitment to defending Canada’s critical infrastructure and supporting our national resilience. By leveraging advanced technologies and working closely with partners across government and industry, we ensure Canadians are protected against the most disruptive forms of cybercrime. Our team’s expertise and dedication are integral to safeguarding Canada’s digital future.”

— Caroline Xavier, Chief, Communications Security Establishment Canada

“Ransomware is big business. At a time when cybercriminals continue to target Canadian businesses, critical infrastructure, and government systems, education on this threat has never been more important. As ransomware evolves, fueled by emerging technologies like artificial intelligence, Canadians can rest assured that the Cyber Centre is keeping pace to ensure Canada’s security and resiliency.”

— Rajiv Gupta, Head, Canadian Centre for Cyber Security

Quick facts

  • Ransomware is malicious software that locks your files or devices until a ransom is paid. It often spreads through phishing emails or fake downloads.

  • Critical infrastructure and large corporations are prime targets for ransomware activities, but no organization is immune.

  • Cyber threat actors have, and will continue to, evolve their tactics, techniques and procedures (TTPs), including extortion tactics and victim demography, to increase the impact of their attacks and their opportunities to reap financial reward.

  • The Cyber Centre provides free cyber security guidance and resources to help Canadian individuals and organizations strengthen their defences.

  • The Cyber Centre’s groundbreaking pre-ransomware notification initiative provides early warning to potential victims of ransomware incidents—helping them stop cybercrime before theft occurs. In 2024, the Cyber Centre issued 336 pre-ransomware notifications to over 300 Canadian organizations, resulting in an economic savings of up to $18 million.

  • Victims of ransomware should report incidents to their local authorities, the Canadian Anti-Fraud Centre, and the Cyber Centre (through My Cyber Portal or by email at contact@cyber.gc.ca).

Associated links

Contacts

CSE Media Relations
media@cse-cst.gc.ca

Page details

2026-01-28