September 14, 2018 1:39 pm
Updated: September 14, 2018 3:09 pm

OPP warn of recent cyberattacks targeting local governments

An OPP cruiser is seen at the service's Toronto detachment.

Nick Westoll / File / Global News
A A

A rash of cyberattacks on Ontario municipal governments in which hackers demand a ransom to unlock compromised systems has prompted the provincial police force to warn about what it describes as a recent trend.

Ontario Provincial Police  didn’t disclose how many municipalities had been temporarily crippled by the incidents known as ransomware attacks, but at least two recently had their systems compromised and the mayor of one of them said he’s heard of multiple other cases.

Story continues below

In an advisory issued Friday, the OPP said it wanted communities to be aware of the spate of incidents.

“In recent months there have been several ransomware (hack/virus) attacks on businesses and municipal government offices within Ontario,” wrote the force, which did not respond to requests for further comment.

READ MORE: Ontario home care service provider victim of cyber attack

“The OPP does not support paying ransomware attackers, as it only encourages further criminal activity, and there is no guarantee that payment will restore the encrypted data.”

Police described a ransomware attack as one where a computer or network is infected with malware — software intended to damage or disable — that encrypts data on those systems. Those behind the attack then reveal that the information can only be retrieved with an encryption key, which commonly is only released upon the payment of a ransom.

The OPP said most such attacks are launched either through direct hacking into a vulnerable system or through phishing emails that urge users to click on files or links that then install the malware. Payment is usually demanded in Bitcoin or some other form of cryptocurrency, the OPP said.

That exact scenario played out earlier this month in Midland, Ont., according to Mayor Gord McKay.

READ MORE: Air Canada says 20,000 mobile app users affected by data breach

On Sept. 1, officials discovered that many of the town’s servers had been compromised and locked down. McKay did not disclose exactly how much ransom was paid through an insurance company to the hackers, and said the cyberattack remains under investigation.

McKay said the attack crippled Midland’s financial systems, but said it was not as devastating as it may have been had it happened three months ago.

At that time, another ransomware attack on the nearby town of Wasaga Beach, Ont., prompted Midland’s officials to take out insurance to protect against such an incident, he said.

READ MORE: Town of Midland set to pay ransom to unlock systems encrypted in cyberattack

“We took a good regard as to what happened over there and said, ‘ok, no reason why it shouldn’t happen here … so let’s start taking precautionary measures,” he said.

The town managed to isolate online systems related to fire, police, water and waste-water services before the hackers struck, the mayor said. There’s also no evidence to suggest information on taxation, human resources and other affected systems was disseminated anywhere after the attack, he added.

Officials in Wasaga Beach did not respond to request for comment on the attack they experienced.

McKay said the decision to purchase insurance has proven beneficial and has helped the municipality recover faster than it might have otherwise. Access to the hacked systems has been provided over time, he said, and all the town’s systems are expected to be fully functional by next week.

READ MORE: Wasaga Beach pays cyber criminals thousands to regain access to town servers: staff report

The town’s experience suggests an emerging industry around cyberattacks has taken root, McKay said, adding he’s heard from municipalities both inside and outside of Ontario who’ve gone through a similar ordeal.

“It’s happening a fair bit out there, but obviously people don’t like to talk about it,” he said.

“There’s an industry being built up about it, both on the bad guys’ side and also on the recovery side.”

Atty Mashatan, an information technology professor at Ryerson University, said worldwide malware attacks involving everything from hospitals to transit systems have given rise to a burgeoning industry.

She said there are numerous insurance offerings available to both businesses and individuals seeking protection from cybercrime. Like with standard insurance policies, she said packages vary considerably, adding the most comprehensive could cover the cost of legal fees incurred by potential lawsuits associated with security breaches.

But Mashatan stressed that the best insurance is sound security, adding both individuals and companies should cover off basics such as installing strong anti-malware and anti-virus protection as well as maintaining thorough offline backups of key information.

READ MORE: Town of Midland network breached in cyberattack: officials

Common sense also has a role to play, she said.

“It has to do with the awareness of the individuals in your organization or in your household,” she said. “Don’t click on a link if you don’t trust it.”

McKay said the town of Midland had no choice but to pay the ransom demanded to reclaim its data, but such an approach finds little favour with Mashatan and the OPP.

The force urged victims of such cyberattacks to go to local police but also noted that ultimately it was up to those targeted to decide how to proceed.

“Companies and individual victims should address threats based upon the nature and severity of the threat and only after carefully considering the best interests of the individual or company’s employees, stakeholders and shareholders,” the force said.

© 2018 The Canadian Press

Report an error

Comments

Comments closed.

Due to the sensitive and/or legal subject matter of some of the content on globalnews.ca, we reserve the ability to disable comments from time to time.

Please see our Commenting Policy for more.