Cy­ber­at­tacks hit On­tario towns

On­tario po­lice warn of re­cent cy­ber­at­tacks tar­get­ing local gov­ern­ments

The Recorder & Times (Brockville) - - ONTARIO NEWS - MICHELLE MCQUIGGE

A rash of cy­ber­at­tacks on On­tario mu­nic­i­pal gov­ern­ments in which hack­ers de­mand a ran­som to un­lock com­pro­mised sys­tems has prompted the pro­vin­cial po­lice force to warn about what it de­scribes as a re­cent trend.

On­tario Pro­vin­cial Po­lice didn’t dis­close how many mu­nic­i­pal­i­ties had been tem­po­rar­ily crip­pled by the in­ci­dents known as ran­somware at­tacks, but at least two re­cently had their sys­tems com­pro­mised and the mayor of one of them said he’s heard of mul­ti­ple other cases.

In an ad­vi­sory is­sued Fri­day, the OPP said it wanted com­mu­ni­ties to be aware of the spate of in­ci­dents.

“In re­cent months there have been sev­eral ran­somware (hack/ virus) at­tacks on busi­nesses and mu­nic­i­pal gov­ern­ment of­fices within On­tario,” wrote the force, which did not re­spond to re­quests for fur­ther com­ment.

“The OPP does not sup­port pay­ing ran­somware at­tack­ers, as it only en­cour­ages fur­ther crim­i­nal ac­tiv­ity, and there is no guar­an­tee that pay­ment will re­store the en­crypted data.”

Po­lice de­scribed a ran­somware at­tack as one where a com­puter or net­work is in­fected with mal­ware — soft­ware in­tended to dam­age or dis­able — that en­crypts data on those sys­tems. Those be­hind the at­tack then re­veal that the in­for­ma­tion can only be re­trieved with an en­cryp­tion key, which com­monly is only re­leased upon the pay­ment of a ran­som.

The OPP said most such at­tacks are launched ei­ther through direct hack­ing into a vul­ner­a­ble sys­tem or through phish­ing emails that urge users to click on files or links that then in­stall the mal­ware. Pay­ment is usu­ally de­manded in Bit­coin or some other form of cryp­tocur­rency, the OPP said.

That ex­act sce­nario played out ear­lier this month in Mid­land, Ont., ac­cord­ing to Mayor Gord McKay.

On Sept. 1, of­fi­cials dis­cov­ered that many of the town’s servers had been com­pro­mised and locked down. McKay did not dis­close ex­actly how much ran­som was paid through an in­sur­ance com­pany to the hack­ers, and said the cy­ber­at­tack re­mains un­der in­ves­ti­ga­tion.

McKay said the at­tack crip­pled Mid­land’s fi­nan­cial sys­tems, but said it was not as dev­as­tat­ing as it may have been had it hap­pened three months ago.

At that time, an­other ran­somware at­tack on the nearby town of Wasaga Beach, Ont., prompted Mid­land’s of­fi­cials to take out in­sur­ance to pro­tect against such an in­ci­dent, he said.

“We took a good re­gard as to what hap­pened over there and said, ‘ok, no rea­son why it shouldn’t hap­pen here ... so let’s start taking pre­cau­tion­ary mea­sures,’ ” he said.

The town man­aged to iso­late on­line sys­tems re­lated to fire, po­lice, wa­ter and waste-wa­ter ser­vices be­fore the hack­ers struck, the mayor said. There’s also no ev­i­dence to sug­gest in­for­ma­tion on tax­a­tion, hu­man re­sources and other af­fected sys­tems was dis­sem­i­nated any­where af­ter the at­tack, he added.

Of­fi­cials in Wasaga Beach did not re­spond to re­quest for com­ment on the at­tack they ex­pe­ri­enced.

McKay said the de­ci­sion to pur­chase in­sur­ance has proven ben­e­fi­cial and has helped the mu­nic­i­pal­ity re­cover faster than it might have oth­er­wise. Ac­cess to the hacked sys­tems has been pro­vided over time, he said, and all the town’s sys­tems are ex­pected to be fully func­tional by next week.

The town’s ex­pe­ri­ence sug­gests an emerg­ing in­dus­try around cy­ber­at­tacks has taken root, McKay said, adding he’s heard from mu­nic­i­pal­i­ties both inside and out­side of On­tario who’ve gone through a sim­i­lar or­deal.

“It’s hap­pen­ing a fair bit out there, but ob­vi­ously peo­ple don’t like to talk about it,” he said. “There’s an in­dus­try be­ing built up about it, both on the bad guys’ side and also on the re­cov­ery side.”

Atty Mashatan, an in­for­ma­tion tech­nol­ogy pro­fes­sor at Ry­er­son Univer­sity, said world­wide mal­ware at­tacks in­volv­ing ev­ery­thing from hos­pi­tals to tran­sit sys­tems have given rise to a bur­geon­ing in­dus­try.

She said there are numer­ous in­sur­ance of­fer­ings avail­able to both busi­nesses and in­di­vid­u­als seek­ing pro­tec­tion from cy­ber­crime. Like with stan­dard in­sur­ance poli­cies, she said pack­ages vary con­sid­er­ably, adding the most com­pre­hen­sive could cover the cost of le­gal fees in­curred by po­ten­tial law­suits as­so­ci­ated with se­cu­rity breaches.

But Mashatan stressed that the best in­sur­ance is sound se­cu­rity, adding both in­di­vid­u­als and com­pa­nies should cover off ba­sics such as in­stalling strong anti-mal­ware and anti-virus pro­tec­tion as well as main­tain­ing thor­ough off­line back­ups of key in­for­ma­tion.

Com­mon sense also has a role to play, she said.

“It has to do with the aware­ness of the in­di­vid­u­als in your or­ga­ni­za­tion or in your house­hold,” she said. “Don’t click on a link if you don’t trust it.”

McKay said the town of Mid­land had no choice but to pay the ran­som de­manded to reclaim its data, but such an ap­proach finds lit­tle favour with Mashatan and the OPP.

The force urged vic­tims of such cy­ber­at­tacks to go to local po­lice but also noted that ul­ti­mately it was up to those tar­geted to de­cide how to pro­ceed.

“Com­pa­nies and in­di­vid­ual vic­tims should ad­dress threats based upon the na­ture and sever­ity of the threat and only af­ter care­fully con­sid­er­ing the best in­ter­ests of the in­di­vid­ual or com­pany’s em­ploy­ees, stake­hold­ers and share­hold­ers,” the force said.

JONATHAN HAY­WARD/THE CANA­DIAN PRESS

A rash of cy­ber­at­tacks on On­tario mu­nic­i­pal gov­ern­ments in which hack­ers de­mand a ran­som to un­lock com­pro­mised sys­tems has prompted the pro­vin­cial po­lice force to warn about what it de­scribes as a re­cent trend.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.