Advertisement

Hamilton not paying ransom but recovery from cyberattack ‘won’t be cheap,’ says mayor

An update from Mayor Andrea Horwath and City Manager Marnie Cluckie confirmed a late February ransomware attack is still preventing staff from accessing some IT systems. It's resulted in the city having to resort to manual operations.

Hamilton’s mayor is reassuring residents the city is not paying a ransom to those behind the recent cyberattack that wreaked havoc on municipal operations for almost three weeks.

Andrea Horwath wouldn’t reveal what figure was demanded but did characterize the amount as a “whole hell of a lot of money.”

She also confirmed that, regardless of the ransom, the cost of recovering systems impacted by the attack “won’t be cheap.”

“We don’t want to do things on the cheap, we want to make sure we’re doing what we need to do to protect our city (and) to protect the interests of our residents,” Horwath explained. “When the time comes that we’ve completed all of that work it’s something that we are going to be able to tally up … to provide the specifics.”

At various points during Friday’s update, Horwath was cautious about disclosing too much, admitting they are dealing with “hardcore stuff” from some “pretty sophisticated” criminals.

Story continues below advertisement

“I know that’s a sore spot for folks, I get that. I wish I could just kind of have every answer and just put it all out into the metaverse, but we don’t want to put our city at any more risk,” she said.

Click to play video: 'Canada’s critical infrastructure vulnerable to cyberattacks: report'
Canada’s critical infrastructure vulnerable to cyberattacks: report

City manager Marnie Cluckie said staff and third parties continue to work “around the clock” to get systems back online and insisted a forensic analysis suggests no personal data tied to residents has been compromised.

“If we find otherwise, we will let folks know right away, we have an obligation to do so,” Cluckie said. “The city’s data was encrypted, but again, there is no evidence to suggest that the personal data was removed from the systems and that it’s compromised.”

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

Cluckie said “incident response plans” took several services and systems offline to protect as much as they could and that partners are still navigating a restoration and “rebuilding of systems” process.

Story continues below advertisement

No specifics were given about how many of the city’s systems have been experiencing outages as investigators are still determining the magnitude of the attack.

“Old school” delivery of some services continues through manual operations to accommodate the public.

She said city phone lines are still impacted but the customer contact center is operational and able to take calls.

All municipal service centres are open to the public and requests for things like marriage licenses, taxi scripts and burn permits are still being processed manually.

Recreation centres, senior centres, arenas and golf courses are also still operational citywide.

Click to play video: 'Global Affairs Canada systems compromised in data breach'
Global Affairs Canada systems compromised in data breach

Fire chief Dave Cunliffe revealed the attack has been “an all hands on deck” occurrence for his staff having to resort to “old fashioned” methods to direct firefighters to calls.

Story continues below advertisement

“We have map books that are in all the fire trucks, and we provide them with map numbers and cross streets so that they can do it the old-fashioned way,” he said. “We also have cellphones in our fire trucks, which will provide them some access to Google Maps.”

Hamilton police deputy chief Ryan Diodati said the dispatch process for officers has not been affected by the outage since the service runs through a separate data management system.

Paramedics deputy chief Russell Crocker said calls for his staff have also not been impacted since they are managed by a provincial system operated by the Ministry of Health.

Chief Digital Officer Cyrus Tehrani said backups are part of the city’s restoration process “from points” they know are safe but admitted it’s been a “balancing act” ensuring data is safe and identified as secure.

“In some cases, it’s going to be very easy … and for some of those systems, it may not be as simple as doing that. So it’ll depend on each system individually,” Tehrani revealed.

Workaround expected to remedy overtime pay for front-line workers, says city manager

Hamilton’s city manager says overtime and stand-by pay that was halted due to the cyberattack will be resolved for front-line workers and other applicable staffers in the next pay cycle.

Story continues below advertisement

The option was unavailable for several weeks which concerned some union leaders who told members they could turn down the extra hours if they were not being compensated.

Cluckie said the process will be “old school” since the online systems associated with the process are still down resulting in a manual input process that should be ready by March 29.

“I don’t expect it to be perfect, to be honest, because we’re trying something new right now, doing something more manual,” she said. “But we’re going to make every effort to get people paid accurately and timely and correct inaccuracies as soon as we can.”

Criminal investigation

Hamilton police have confirmed they are the “lead agency” in the criminal investigation tied to the ransomware attack.

Diodati confirmed the case was launched on March 1 and that partners include the OPP and RCMP.

Story continues below advertisement

“These are sophisticated criminals. These types of investigations are quite complex,” Diodati said. “We continue to gather the evidence and we will continue to follow that evidence.”

Cluckie previously told Global News technical adviser Cypfer is a part of the forensic investigation and incident response along with police, legal counsel and insurers.

Sponsored content

AdChoices