Cybercriminals locked two Ontario towns out of their servers this summer. They weren’t the only targets
This summer alone, two Ontario towns paid thousands of dollars in ransom after getting locked out of their own internal servers in a cyberattack.
After trying and failing to unlock their systems on their own, both Midland and Wasaga Beach made the decision to pay the ransom demanded by the hackers. Wasaga Beach handed over an amount totalling $35,000, while Midland did not disclose how much it paid.
While these two incidents made headlines over the past few months, the general manager of Symantec Canada, Ajay Sood, assured Global News that this is just a small fraction of the breaches that are taking place in municipalities.
“What you’re seeing in the news is a very small part of what has occurred. It’s a small percentage of what’s being reported, a smaller percentage of what’s being detected and an even smaller percentage of what’s been occurring,” Sood explained.
WATCH: Air Canada customers hacked in cyber attack
The problem, he states, goes back to the sophistication of cybercriminals versus the lack of understanding and funds on the part of businesses and governments to implement effective cybersecurity measures.
“The City of Midland probably doesn’t have the funds to hire a blackbelt organization.” While he adds that most organizations today are “grossly outgunned,” there are ways for resource-strapped corporations to protect themselves against breaches like this one.
WATCH: Ottawa unveils new plan to ‘detect, deter, investigate and prosecute’ cyber crime
“It’s always a good idea to run any IT shop with the inevitability of failure in mind. How many organizations do you know who have breach drills?” he said.
Just last week, the town of Midland’s network was illegally accessed and infected with ransomware on Sept. 1. Cybercriminals used malware to encrypt several town systems, rendering them inoperable.
The town told Global News that vital services such as fire, water and waste-management were not impacted. While Midland reported “significant progress” in unlocking the servers on its own, the town’s officials eventually decided to pay the ransom.
WATCH: Cyber literacy training courses offered at Booth UC
“Under the guidance of cybersecurity experts, we have initiated the process to pay the ransom in exchange for the decryption keys,” the release reads. “Although it is not ideal, it is in our best interest to bring the system back online as quickly as possible,” a spokesperson said at the time.
Town officials said they’d purchased an insurance policy for situations such as this, though it’s not clear why it wasn’t effective.
A few months back, a similar scenario played out in Wasaga Beach.
This past July, the town of Wasaga Beach decided to pay $35,000 to cybercriminals after being hacked in April. The hackers demanded 11 bitcoins to be paid in exchange for all the servers to be unlocked. At the time, a Bitcoin was trading at approximately US$9,000 (C$13,000).
Ultimately, after communicating with the cybercriminals, the towns paid three bitcoins for four servers. Based on a report from the city, the staff had determined that by regaining access to those servers, officials could restore town servers to 90 per cent operating capacity.
Sood argued however, that paying the ransom should be the absolute last resort for organizations that find themselves in this situation.
“I never want to say paying the ransom is the only option. There are better options.”
The Ontario Provincial Police (OPP) responded to the cyberattacks on Friday, saying it does not support paying ransom to retrieve inaccessible data, but noted that events like these have been “happening a fair bit out there.”
Furthermore, organizations that pay the ransom leave themselves open to being hacked again in the future.
“You have zero assurance that they won’t target you again. It’s like buying your own stuff back from a thief and giving them the keys to your house.”
WATCH: Cybersecurity and privacy are no longer mutually exclusive: Jones
By backing up data, completing computer patches in a timely manner and investing in cybersecurity, organizations can avoid much of the financial and operational strain that comes with a data breach. However, there’s a larger problem at play here.
Cybersecurity regulations are still not developed enough to prosecute overseas perpetrators effectively, nor does the federal government have a clear plan in place to prevent cyberattacks and recuperate after a breach has occurred.
WATCH: Atlanta recovering from massive municipal cyber attack
“We don’t yet have clear legislation on cybercrime, we don’t know if you’re going to be able to prosecute,” Sood said.
Daniel Tobok, the founder and owner of the cybersecurity firm, Cytelligence, agrees with Sood in saying that it’s “very difficult to bring [cybercriminals to justice]” because of gaps in legislation that make it difficult to prosecute cybercriminals if their crimes take place in countries where they’re not physically located.
“Ransomware is really the weapon of choice for a criminal,” he said. “They can see us but we can’t see them.”
WATCH: BMO and CIBC online bank warn about possible cyber attacks
He adds that small towns present a perfect target because of the limited resources they have to protect sometimes-sensitive citizen data, which may force the municipality to pay the ransom to retrieve it or unlock services.
However, if corporations and government institutions choose to combat cybercrime, both Tobok and Sood agree that they need to act now.
“This is real, this is not something out of a movie,” Tobok warns.
Sood hopes to see greater cybersecurity sophistication across government channels in general.
“When you start thinking about the strength of the opponent, and you have poor Timmy in IT who knows how to use Microsoft Office, you know Timmy’s going to have a bad day.”
© 2018 Global News, a division of Corus Entertainment Inc.