Investment firms have faced an increase in so-called “ransomware” attacks in the past few months, the Investment Industry Regulatory Organization of Canada (IIROC) reports.

In a notice to the industry, the self-regulatory organization said that it has seen an increase in cyber attacks targeting IIROC firms with malware that infects and encrypts devices and demands a ransom for the return of the locked data.

“Ransomware is the most common type of cybercrime and continues to evolve,” IIROC said in the notice, calling the phenomenon a “critical threat” and outlining what firms and employees should do to address the risk.

Ransomware attacks are being launched through a variety of methods, the notice said, including phishing expeditions, infected websites and ads, stolen credentials and “brute-force entry,” among other means.

“The best way to deal with a ransomware attack is to prevent it from deploying,” the notice said, stressing the importance of controls to guard against and detect attacks.

The notice also advised firms to consult with legal counsel before deciding whether to pay a ransom, “bearing in mind the criticality/need of the lost information, the likelihood of the attacker to make good on their promise, and the possible visibility to future attackers.”

IIROC noted that law enforcement generally advises against paying ransoms.

“Sometimes, even if the ransom is paid, the attacker may destroy the information or publicly expose and release the data by putting it up for sale on the dark web.”