Good morning. This week Microsoft Corp. announced it had taken down an online service that has allegedly been fuelling cybercrime around the world – and Canada was the second-most targeted country, according to the tech giant. More about cybercrime-as-a-service is in focus today, along with changes to the retirement housing plan.

Trade: Prime Minister Mark Carney has reached a deal with China that will significantly cut tariffs on Chinese-made electric vehicles in return for big reductions in Beijing’s levies on canola seed and the elimination of tariffs on a host of other products.

Agriculture: Canada’s food safety agency signs an agreement with China, a significant pivot for the countries in continual agricultural trade disputes

Telecom: The CRTC launches public consultations to develop clearer picture of cellphone dead zones

Manufacturing: Bombardier will spend about $100-million to build a new manufacturing plant in Montreal as it plans increase in production capacity

I’m Alexandra Posadzki and I cover financial crime and cybercrime for The Globe.

One of the things that fascinates me most about the world of cybercrime is how professionalized it’s become.

The perpetrator of the first ransomware attack, which occurred in 1989, mailed floppy disks to his victims. When someone popped the disk into their computer, a malicious program locked their files and instructed them to send payment to a post office box in Panama.

Today, ransomware groups operate a lot like regular businesses. Many of them employ an affiliate model, leasing their wares to others in exchange for a share of the ransoms extracted.

Recently, I dug into the world of ransomware negotiation, speaking to the professionals who negotiate with hackers on the dark web and combing through chat logs of past negotiations. I was astonished at how business-like the hackers were during these conversations, as though they were selling their victims a legitimate service rather than trying to extort them.

People refer to this ecosystem as cybercrime-as-a-service, and it goes beyond ransomware. There are loads of services online catering specifically to the needs of cybercriminals. One of them, Microsoft alleges, is RedVDS, an online subscription service providing access to low-cost, disposable virtual private servers running pirated copies of Windows. The tech giant claims it is enabling crimes such as phishing, scams, payment diversion fraud and more.

One particularly nefarious activity that RedVDS has allegedly enabled involves criminals diverting closing funds for real estate purchases by compromising email accounts belonging to realtors, escrow agents or title companies. (The real estate sectors in Canada and Australia were particularly affected.)

On Wednesday, Microsoft revealed that it had taken legal action against the online service, filing civil lawsuits in two jurisdictions and working with law enforcement in a third. The action, which resulted in a takedown of the RedVDS marketplace, was led by a division within Microsoft called the digital crimes unit.

Steven Masada, the director of the unit, told me that rather than chasing individual bad actors, his team seeks to disrupt the broader cybercrime ecosystem by going after the systems and infrastructure that the criminals rely on.

Microsoft said this was the 35th time the unit had worked to disrupt criminal activity online since 2010.

Cyberattacks have become costlier and more frequent in recent years. Globally, ransomware damages were estimated at around US$57-billion annually last year, according to research firm Cybersecurity Ventures. For organizations, getting hacked is no longer, an “if,” but a “when.”

Also on Wednesday, the Canadian Investment Regulatory Organization said a data breach it disclosed last summer was more widespread than it originally believed, affecting 750,000 investors.

Masada said the U.S., Canada and other English-speaking countries are prime targets because of their wealth. “Cybercriminals – especially financially motivated cybercriminals – follow the money,” he said.

The federal budget also included a plan to implement the first national anti-fraud strategy.

But it’s not just the illicit ransomware economy that has grown. Companies are deploying significant resources to fight back, with the cybersecurity industry hitting US$301.91-billion last year, according to Ottawa-based market research and consulting firm Precedence Research.

And some of those companies are fighting back by attacking not just the criminals, but the systems and services enabling them.