Advertisement

Cybercriminals locked two Ontario towns out of their servers this summer. They weren’t the only targets

Click to play video 'Protecting yourself against cyber crime' Protecting yourself against cyber crime
WATCH: With the landscape always changing for cyber crime, Consumer Matters reporter Anne Drewa has the latest information on how to protect yourself – Sep 10, 2018

This summer alone, two Ontario towns paid thousands of dollars in ransom after getting locked out of their own internal servers in a cyberattack.

After trying and failing to unlock their systems on their own, both Midland and Wasaga Beach made the decision to pay the ransom demanded by the hackers. Wasaga Beach handed over an amount totalling $35,000, while Midland did not disclose how much it paid.

READ MORE: OPP warn of recent cyberattacks targeting local governments

While these two incidents made headlines over the past few months, the general manager of Symantec Canada, Ajay Sood, assured Global News that this is just a small fraction of the breaches that are taking place in municipalities.

“What you’re seeing in the news is a very small part of what has occurred. It’s a small percentage of what’s being reported, a smaller percentage of what’s being detected and an even smaller percentage of what’s been occurring,” Sood explained.

Story continues below advertisement

WATCH: Air Canada customers hacked in cyber attack

Click to play video 'Air Canada customers hacked in cyber attack' Air Canada customers hacked in cyber attack
Air Canada customers hacked in cyber attack – Aug 29, 2018

The problem, he states, goes back to the sophistication of cybercriminals versus the lack of understanding and funds on the part of businesses and governments to implement effective cybersecurity measures.

“The City of Midland probably doesn’t have the funds to hire a blackbelt organization.” While he adds that most organizations today are “grossly outgunned,” there are ways for resource-strapped corporations to protect themselves against breaches like this one.

WATCH: Ottawa unveils new plan to ‘detect, deter, investigate and prosecute’ cyber crime

Click to play video 'Ottawa unveils new plan to ‘detect, deter, investigate and prosecute’ cyber crime' Ottawa unveils new plan to ‘detect, deter, investigate and prosecute’ cyber crime
Ottawa unveils new plan to ‘detect, deter, investigate and prosecute’ cyber crime – Jun 12, 2018

“It’s always a good idea to run any IT shop with the inevitability of failure in mind. How many organizations do you know who have breach drills?” he said.

Story continues below advertisement

Just last week, the town of Midland’s network was illegally accessed and infected with ransomware on Sept. 1. Cybercriminals used malware to encrypt several town systems, rendering them inoperable.

The town told Global News that vital services such as fire, water and waste-management were not impacted. While Midland reported “significant progress” in unlocking the servers on its own, the town’s officials eventually decided to pay the ransom.

WATCH: Cyber literacy training courses offered at Booth UC

Click to play video 'Cyber literacy training courses offered at Booth UC' Cyber literacy training courses offered at Booth UC
Cyber literacy training courses offered at Booth UC – Apr 5, 2018

“Under the guidance of cybersecurity experts, we have initiated the process to pay the ransom in exchange for the decryption keys,” the release reads. “Although it is not ideal, it is in our best interest to bring the system back online as quickly as possible,” a spokesperson said at the time.

Town officials said they’d purchased an insurance policy for situations such as this, though it’s not clear why it wasn’t effective.

Story continues below advertisement

A few months back, a similar scenario played out in Wasaga Beach.

READ MORE: Town of Midland set to pay ransom to unlock systems encrypted in cyberattack

This past July, the town of Wasaga Beach decided to pay $35,000 to cybercriminals after being hacked in April. The hackers demanded 11 bitcoins to be paid in exchange for all the servers to be unlocked. At the time, a Bitcoin was trading at approximately US$9,000 (C$13,000).

Ultimately, after communicating with the cybercriminals, the towns paid three bitcoins for four servers. Based on a report from the city, the staff had determined that by regaining access to those servers, officials could restore town servers to 90 per cent operating capacity.

Sood argued however, that paying the ransom should be the absolute last resort for organizations that find themselves in this situation.

READ MORE: Wasaga Beach pays cyber criminals thousands to regain access to town servers: staff report

“I never want to say paying the ransom is the only option. There are better options.”

The Ontario Provincial Police (OPP) responded to the cyberattacks on Friday, saying it does not support paying ransom to retrieve inaccessible data, but noted that events like these have been “happening a fair bit out there.”

Story continues below advertisement

Furthermore, organizations that pay the ransom leave themselves open to being hacked again in the future.

“You have zero assurance that they won’t target you again. It’s like buying your own stuff back from a thief and giving them the keys to your house.”

WATCH: Cybersecurity and privacy are no longer mutually exclusive: Jones

Click to play video 'Cybersecurity and privacy are no longer mutually exclusive: Jones' Cybersecurity and privacy are no longer mutually exclusive: Jones
Cybersecurity and privacy are no longer mutually exclusive: Jones – Mar 25, 2018

By backing up data, completing computer patches in a timely manner and investing in cybersecurity, organizations can avoid much of the financial and operational strain that comes with a data breach. However, there’s a larger problem at play here.

Cybersecurity regulations are still not developed enough to prosecute overseas perpetrators effectively, nor does the federal government have a clear plan in place to prevent cyberattacks and recuperate after a breach has occurred.

Story continues below advertisement

WATCH: Atlanta recovering from massive municipal cyber attack

Click to play video 'Atlanta recovering from massive municipal cyber attack' Atlanta recovering from massive municipal cyber attack
Atlanta recovering from massive municipal cyber attack – Mar 29, 2018

“We don’t yet have clear legislation on cybercrime, we don’t know if you’re going to be able to prosecute,” Sood said.

Daniel Tobok, the founder and owner of the cybersecurity firm, Cytelligence, agrees with Sood in saying that it’s “very difficult to bring [cybercriminals to justice]” because of gaps in legislation that make it difficult to prosecute cybercriminals if their crimes take place in countries where they’re not physically located.

“Ransomware is really the weapon of choice for a criminal,” he said. “They can see us but we can’t see them.”

Story continues below advertisement

WATCH: BMO and CIBC online bank warn about possible cyber attacks

Click to play video 'BMO and CIBC online bank warn about possible cyber attacks' BMO and CIBC online bank warn about possible cyber attacks
BMO and CIBC online bank warn about possible cyber attacks – May 28, 2018

He adds that small towns present a perfect target because of the limited resources they have to protect sometimes-sensitive citizen data, which may force the municipality to pay the ransom to retrieve it or unlock services.

However, if corporations and government institutions choose to combat cybercrime, both Tobok and Sood agree that they need to act now.

“This is real, this is not something out of a movie,” Tobok warns.

Sood hopes to see greater cybersecurity sophistication across government channels in general.

“When you start thinking about the strength of the opponent, and you have poor Timmy in IT who knows how to use Microsoft Office, you know Timmy’s going to have a bad day.”

Advertisement