Case 1: TransLink Ransomware Attack (2020)

Organization: TransLink

Overview:

TransLink, the public transportation authority in British Columbia, suffered a ransomware attack that disrupted internal IT systems and digital operations.

Key Details:

• Attack affected corporate networks and internal communication systems.
• Some transit-related digital services and scheduling systems were disrupted.
• The attackers encrypted internal files and demanded ransom.

IIoT / Industrial Relevance:

• Transit systems rely on:
  • Automated fare collection systems
  • Fleet tracking sensors (IoT)
  • Operational scheduling platforms
• Although core train/bus operations continued, digital operational support systems were affected.

Impact:

• Temporary shutdown of internal IT systems
• Service disruption in administrative and digital services

Significance:

• Demonstrated how ransomware can indirectly impact smart transportation ecosystems

Case 2: Halifax Regional Municipality Ransomware Attack (2020)

Organization: Halifax Regional Municipality

Overview:

The Halifax municipal government was hit by a ransomware attack that significantly disrupted city services.

Key Details:

• IT systems used for municipal operations were encrypted.
• Some services such as billing, permits, and internal systems were taken offline.
• Emergency fallback procedures were activated.

IIoT / Industrial Relevance:

• Modern municipalities use IoT systems for:
  • Smart traffic lights
  • Water monitoring systems
  • Waste management sensors
• These systems depend on centralized IT infrastructure.

Impact:

• Weeks of disrupted municipal services
• High recovery and restoration cost

Significance:

• One of Canada’s most disruptive municipal ransomware events

Case 3: University of Calgary Ransomware Attack (2016)

Organization: University of Calgary

Overview:

The University of Calgary was one of the earliest major Canadian ransomware victims.

Key Details:

• Email and internal administrative systems were encrypted.
• The attackers demanded payment in Bitcoin.
• University paid ransom to restore systems.

IIoT / Industrial Relevance:

• Universities operate:
  • Research labs with IoT-connected equipment
  • Smart building management systems
  • HVAC and energy control systems

Impact:

• Temporary shutdown of academic and administrative systems
• Financial loss due to ransom payment and recovery

Significance:

• Early example of ransomware affecting complex digital-physical infrastructure environments

Case 4: Newfoundland and Labrador Health Cyberattack (2021)

Organization: Newfoundland and Labrador Health Services

Overview:

A major ransomware attack severely disrupted healthcare operations across Newfoundland and Labrador.

Key Details:

• Hospital IT systems were encrypted.
• Appointment systems, patient records, and diagnostic scheduling were affected.
• Manual systems had to be used for continuity.

IIoT / Industrial Relevance:

Healthcare environments rely heavily on:

• IoT-enabled medical devices
• Smart monitoring systems
• Automated building control systems in hospitals

Impact:

• Delayed medical services
• Long recovery period for IT restoration

Significance:

• Highlighted risks of ransomware in critical healthcare IoT ecosystems

Case 5: SickKids Hospital Ransomware Attack (2022)

Organization: The Hospital for Sick Children

Overview:

The SickKids Hospital in Toronto experienced a ransomware attack affecting internal systems.

Key Details:

• Attack impacted internal networks and non-clinical systems.
• Some digital services and communication tools were disrupted.
• Clinical operations were largely maintained but slowed.

IIoT / Industrial Relevance:

Modern hospitals depend on:

• IoT-connected patient monitoring devices
• Smart lab systems
• Automated building safety systems

Impact:

• Delayed service delivery in non-critical operations
• Months-long recovery and system hardening

Significance:

• One of the most high-profile healthcare ransomware cases in Canada

Case 6: JBS Canada Food Processing Cyberattack (2021)

Company: JBS Foods

Overview:

The global meat processing company JBS, including its Canadian operations, was hit by a ransomware attack affecting production systems.

Key Details:

• Attack disrupted meat processing operations in North America, including Canadian facilities.
• Production lines were temporarily shut down.
• IT systems supporting industrial operations were encrypted.

IIoT / Industrial Relevance:

Food processing plants rely on:

• Automated production line robotics
• IoT-based temperature and quality sensors
• Supply chain tracking systems

Impact:

• Temporary shutdown of processing plants
• Supply chain disruption in food distribution

Significance:

• Clear example of ransomware affecting industrial manufacturing and OT systems

4. Common Patterns in Canadian IIoT Ransomware Incidents

Across all six cases, several consistent trends emerge:

1. IT-first attacks → OT/IIoT disruption

Most ransomware attacks begin in IT systems and later affect industrial operations.

2. High reliance on digital infrastructure

Critical services depend on interconnected systems such as:

• Smart transport networks
• Healthcare IoT devices
• Industrial automation systems

3. Ransomware is the dominant threat model

Attackers primarily aim to:

• Encrypt systems
• Disrupt operations
• Demand cryptocurrency payments

4. Partial operational continuity is common

Even during attacks:

• Core physical systems often remain running
• Digital control and monitoring systems are degraded

5. High recovery cost and downtime

Organizations often face:

• Weeks or months of restoration
• Major financial and reputational damage

5. Conclusion

Industrial IoT ransomware incidents in Canada show a clear convergence of cybercrime with physical infrastructure disruption. While many attacks have not directly destroyed industrial equipment, they significantly impact the digital control systems that manage physical operations, making IIoT security a critical national concern.