Town of Midland paid 8 bitcoins to cybercriminals to decrypt servers: staff report

The Town of Midland paid eight bitcoins to cybercriminals who held their systems ransom earlier this year, a staff report says.

On Monday, a seven-page staff report prepared by the director of corporate services and town solicitor, Amanpreet Sidhu, was presented to council which outlined the costs the town incurred after its network was illegally accessed and infected by ransomware on Sept. 1.

The hack was executed by cybercriminals who used malware to encrypt several of the town’s systems, rendering them unusable.

According to the report, the hackers initially demanded six bitcoin be paid in exchange for all of the encryption keys, however, when the town began the decryption process, it was discovered that not all of the keys had been released. The town then paid an additional two bitcoins to release the remaining keys.

The town incurred additional costs by working with computer and IT consultants, paying to restore the financial system and smaller databases through third-party software vendors, as well as costs relating to internal staff overtime and internal productivity losses.

However, according to the report, the town had previously purchased an insurance policy to cover these types of incidents called Cyber Edge.

The town purchased the policy after a nearby municipality, the town of Wasaga Beach, fell victim to a similar attack back in June.

The policy cost the town under $7,500 for the remainder of 2018, but provided coverage of up to $2 million.

The report says most of the costs associated with the attack — subject to the applicable deductibles — will likely be covered through the town’s insurance policy.

“At this time we do not have the final dollar amounts for the event. Upon completion of efforts we will submit a final claim to the insurance company for settlement,” the report reads. “Any costs for which our insurance claim is not successful will be reported upon the closure of the file with the Insurance Company.”

However, there were a number of costs incurred by the town which would not be covered by the insurance policy.

According to the report, these include costs to improve the town’s security and to upgrade computer hardware, some of which had been planned as part of the 2018 budget.

The town says these are not considered part of the cost of the cyberattack, but as maintenance costs and enhancements associated with “lessons learned” from the experience.

“The final costs once settled with the Insurer will be communicated to Council,” the report reads.