City of Saint John confirms ransomware virus cyberattack

The City of Saint John has confirmed it has been targeted with ransomware.

Mayor Don Darling made the announcement at a news conference Tuesday at Saint John City Hall.

Darling said the virus was discovered Friday during routine monitoring of information technology. He said the city acted quickly to contain the exposure and mitigate risks.

“The city immediately took steps to minimize the impact and protect our systems, notified police and engaged a firm that specializes in cybersecurity,” Darling said. “The government of New Brunswick was also notified.

“The city has engaged with police and is working with security advisors to resolve the situation in a safe and secure manner. We also have full co-ordination with federal and provincial resources.”

The attack has left the city unable to process online payments and issue building permits. Parking is not being enforced and the city’s website and email system are down.

John Collin, Saint John’s city manager, said critical city functions remain operational, including transit, water and wastewater treatment and emergency services.

But he said early information shows no loss of residents’ personal data.

“As of today, we do not have any indication that personal information was accessed or transferred,” Collin said. “Determining this is a priority for us.”

Collin did say the city has cyber insurance, a policy to help protects its financial interests if an attack occurs. He would not say what the policy covers.

The city of Woodstock, Ont., can relate to what Saint John is going through.

Last September, it was hit with two separate cyberattacks within days of each other on its municipal and police networks.

David Creery, the city’s chief administrative officer, said no critical information was compromised in part because its website and online transaction systems were hosted by third parties and were not impacted.

Creery said the city had been backing up its system externally as well. When the attack occurred, Woodstock simply rebuilt its network using those backups.

He said the network was offline for eight to 10 weeks. Combining the two attacks, it cost more than $1 million dollars to analyze the virus infection and rebuild beyond the threat.

But he said the city was advised by police to not pay any ransom request.

“If you are able to rebuild a network without engaging with the threat actors, you’re paying it forward to every other municipality in the future who may find themselves in their shoes next week,” Creery said. “Until such time as the line is drawn in the sand and we stop paying, I think we’re going to continue to be the target – and the deep-pocket target.”

He said those who pay to regain access to their systems are taking the word of criminals that there is nothing else infecting their networks when they’re returned.

Collin said paying a ransom has not been ruled out.

Packetlabs, a Canadian organization calling itself “ethical hackers” who simulate attacks in order to protect businesses, believes all levels of government need to take cyberattacks more seriously.

“Although Canada’s municipalities are known as very tempting targets for aggressive cyberattacks, we’ve spoken to many across the country that simply can’t get the required funding for proper security testing,” Richard Rogerson, managing partner of Packetlabs, said in a release.

“It’s actually surprising that we don’t see more attacks at the relatively unguarded municipal level of Government and unfortunately, something like the Saint John attack could be a criminal test case for more.”

Collin said there is “no timeline yet” for the restoration of the city’s IT services.

“But it is safe to say that we are looking at weeks, not days,” he said.

New Brunswick RCMP say they are helping Saint John police investigate the incident.

“The New Brunswick RCMP’s Digital Forensics Services members are experts in the forensic investigation and analysis of computers, mobile phones, and other technological devices,” New Brunswick RCMP Media Relations Officer Cst. Hans Ouellette told Global News in an email. “The unit is providing its expertise and assistance to the Saint John Police Force as it investigates the cyberattack in Saint John.”