[BreachExchange] Stratford paid $75, 091 to end recent cyber attack

Destry Winant destry at riskbasedsecurity.com
Mon Sep 23 10:19:24 EDT 2019


The City of Stratford has released new details about April’s ransomware attack.

They say staff first noticed issues on April 14, when several crucial
servers became “unresponsive and unavailable.”

The attacker had installed malware into six of the city’s physical
servers as well as two of their virtual servers, and then encrypted
all systems so staff members could not access any information.

The city says it immediately disconnected its servers from the
internet and all computers, laptops and printers were unplugged from
the network to prevent further issues.

Stratford then enlisted the help of Deloitte Canada who began
forensically gathering evidence, including any anomalies, malicious
activities or any other unauthorized access.

Their efforts, however, were limited due to the encryption of those
critical servers.

The city says they began negotiating with the attacker on April 17.

They demanded a total of 10 Bitcoins which at the time were each
valued at $7,509.13.

The city’s total payout was $75,091.30.

A few days later, on April 25, decryption keys were received from the attacker.

No significant data was compromised.

“Deloitte did not identify any evidence of loss, access or disclosure
of Personally Identifiable Information in relation to the ransomware
incident,” said Kevvie Fowler, the Global Incident Response Leader for
the auditing firm.

All city operations returned to normal two weeks later, though
Deloitte continued to monitor servers until May 31.

Stratford has cyber insurance in place, with a deductible of $15,000,
for all costs it incurred as a result of the attack.

The city says Stratford Police and the OPP Cyber Crime Unit are
continuing to investigate the incident.

More information about the BreachExchange mailing list