The Town of Wasaga Beach paid nearly $35,000 to cyber criminals in order to regain access to the town’s servers, which had been held ransom for seven weeks.
According to a staff report prepared by Jocelyn Lee, the director of finance and treasurer for Wasaga Beach, the Town of Wasaga Beach’s computer system was compromised on April 30 with a virus which left the town’s data locked.
According to the report, the hack was executed by cyber criminals who demanded 11 bitcoin be paid in exchange for all of the serves to be unlocked.
For approximately seven weeks, town staff worked with computer experts to recover from the virus and to rebuild a new network. According to the report, during this time staff also negotiated with the cyber criminals in order to obtain data.
Ultimately, after several communications with the cyber criminals, Lee says the town paid three bitcoins for four servers.
According to the report, staff had determined that with the specific servers, enough information could be purchased back to restore the system to about 85 to 90 per cent.
At the time of the ransom payment, one bitcoin was trading for approximately $13,000 Canadian. The staff report says the total cost to purchase the bitcoin through a broker for all three transactions ended up costing the town $34,950.
But the costs didn’t end there. According to Lee’s report, after paying consultants, reprogramming the town’s security access system, making necessary I.T. purchases and restoring the financial and smaller databases, the incident cost the town $88,347.
However, when the cost of internal staff overtime and internal productivity losses were added to the bill, the total cost of the incident amounted to $251,759.
According to the Lee’s report, Hexigent Consultants, a consulting firm brought in to help address the issue, is now preparing a second report to be presented later this summer. The additional report will provide an analysis as to how the attack happened, and will provide recommendations for security moving forward.