[BreachExchange] Ontario town plans to pay ransom after computers locked down

Thu Sep 13 09:31:44 EDT 2018

https://www.ctvnews.ca/canada/ontario-town-plans-to-pay-ransom-after-computers-locked-down-1.4090227

A central Ontario town plans to pay off a hacker who was able to lock
down the town’s computer system.

The Town of Midland has not had full access to its computer system
since Sept. 1, including during a 48-hour period in which all
computers connected to the municipal network were unusable.

At issue is a ransomware scam, in which a computer system is taken
over remotely. It typically happens when a user unknowingly opens a
malicious email attachment.

“We had some very large players come in and take advantage of
Midland,” Mayor Gord McKay said.

Ransomware attacks have become a fast-growing business for hackers. A
recent report from U.S. cybersecurity firm RiskIQ found that around
the world, one organization falls victim to a ransomware scam
approximately every 40 seconds, at an average cost to the organization
of more than $15,000.

The attacks are also considered relatively easy to launch, with
instructions and do-it-yourself kits available via the dark web.

“Even people with low technical skill can get into this racket,”
Claudiu Popa, a Toronto-based cybersecurity expert, told CTV News.

The town’s financial processing system was significantly affected by
the hack. A sign posted at the Town Hall building informed residents
that the town could not accept payments via debit or credit cards.

According to McKay, there are no indications that personal data of
Midland residents was accessed improperly.

“As far as we know, there’s been no information revealed,” the mayor said.

The hacker demanded an undisclosed number of Bitcoins as payment for
releasing their grip on the town’s computers. Negotiations are
ongoing, and town officials declined to comment on the exact payment
amounts being discussed.

Also unclear is exactly who was behind the hack or how much dealing
with it cost the town. The direct cost of paying off the hacker will
be covered by the town’s insurance company.

The nearby town of Wasaga Beach, Ont., was hit by a similar attack
this spring. Government data was inaccessible for several weeks as the
town negotiated the ransom demand down from the Bitcoin equivalent of
$144,000 to about $35,000 worth of the cryptocurrency. The town pegged
the overall cost of the attack at more than $250,000.

Midland moved to secure an insurance policy against ransomware attacks
after learning of what had happened in Wasaga Beach. Other measures
the town took included an upgrade to its firewall system, which was
nearly complete when the attack hit earlier this month.

The municipal computer system has slowly been returning to normal this
week as negotiations with the hacker have continued.

Officials hope the system will be fully restored within the next few
days, and are planning cybersecurity upgrades to make repeat attacks
more difficult.

Ultimately, though, there is no security measure which will make any
town’s network completely invulnerable to ransomware attacks –
something which has officials in Midland describing a second attack as
“a matter of when, not if.”