July 24, 2018 5:48 pm

Wasaga Beach pays cyber criminals thousands to regain access to town servers: staff report

The Town of Wasaga Beach paid nearly $35,000 in Bitcoin to unlock their servers which had been held ransom for more than seven weeks.

THE CANADIAN PRESS/AP/Rick Bowmer
A A

The Town of Wasaga Beach paid nearly $35,000 to cyber criminals in order to regain access to the town’s servers, which had been held ransom for seven weeks.

According to a staff report prepared by Jocelyn Lee, the director of finance and treasurer for Wasaga Beach, the Town of Wasaga Beach’s computer system was compromised on April 30 with a virus which left the town’s data locked.

According to the report, the hack was executed by cyber criminals who demanded 11 bitcoin be paid in exchange for all of the serves to be unlocked.

Story continues below

READ MORE: Algonquin College releases update on data breach investigation

For approximately seven weeks, town staff worked with computer experts to recover from the virus and to rebuild a new network. According to the report, during this time staff also negotiated with the cyber criminals in order to obtain data.

Ultimately, after several communications with the cyber criminals, Lee says the town paid three bitcoins for four servers.

According to the report, staff had determined that with the specific servers, enough information could be purchased back to restore the system to about 85 to 90 per cent.

At the time of the ransom payment, one bitcoin was trading for approximately $13,000 Canadian. The staff report says the total cost to purchase the bitcoin through a broker for all three transactions ended up costing the town $34,950.

READ MORE: Ottawa wants to close loopholes that let terrorists, criminals use Bitcoin to commit fraud

But the costs didn’t end there. According to Lee’s report, after paying consultants, reprogramming the town’s security access system, making necessary I.T. purchases and restoring the financial and smaller databases, the incident cost the town $88,347.

However, when the cost of internal staff overtime and internal productivity losses were added to the bill, the total cost of the incident amounted to $251,759.

According to the Lee’s report, Hexigent Consultants, a consulting firm brought in to help address the issue, is now preparing a second report to be presented later this summer. The additional report will provide an analysis as to how the attack happened, and will provide recommendations for security moving forward.

© 2018 Global News, a division of Corus Entertainment Inc.

Report an error

Comments

Comments closed.

Due to the sensitive and/or legal subject matter of some of the content on globalnews.ca, we reserve the ability to disable comments from time to time.

Please see our Commenting Policy for more.