OPP warn of ransomware attacks on municipal governments
At least two towns have paid off hackers
A rash of cyberattacks on Ontario municipal governments in which hackers demand a ransom to unlock compromised systems has prompted the provincial police to warn about what it describes as a recent trend.
Ontario Provincial Police didn’t disclose how many municipalities had been temporarily crippled by the incidents known as ransomware attacks, but at least two recently had their systems compromised and the mayor of one of them said he’s heard of multiple other cases.
In an advisory issued Friday, the OPP said it wanted communities to be aware.
“In recent months there have been several ransomware (hack/ virus) attacks on businesses and municipal government offices within Ontario,” wrote the force, which did not respond to requests for further comment.
“The OPP does not support paying ransomware attackers, as it only encourages further criminal activity, and there is no guarantee that payment will restore the encrypted data.”
Police described a ransomware attack as one where a computer or network is infected with malware — software intended to damage or disable — that encrypts data on those systems. Those behind the attack then reveal that the information can only be retrieved with an encryption key, which commonly is only released upon the payment of a ransom.
The OPP said most such attacks are launched either through direct hacking into a vulnerable system or through phishing emails that urge users to click on files or links that then install the malware. Payment is usually demanded in Bitcoin or some other form of cryptocurrency, the OPP said.
That exact scenario played out earlier this month in Midland, according to Mayor Gord McKay.
On Sept. 1, officials discovered that many of the town’s servers had been compromised and locked down. McKay did not disclose exactly how much ransom was paid through an insurance company to the hackers, and said the cyberattack remains under investigation.
McKay said the attack crippled Midland’s financial systems, but said it was not as devastating as it may have been had it happened three months ago.
At that time, there was another ransomware attack on the nearby town of Wasaga Beach, which prompted Midland’s officials to take preventive action, he said.
“We took a good regard as to what happened over there and said, ‘OK, no reason why it shouldn’t happen here ... so let’s start taking precautionary measures,’ ” he said.
The town managed to isolate online systems related to fire, police, water and waste-water services before the hackers struck, the mayor said.
There’s also no evidence to suggest information on taxation, human resources and other affected systems was disseminated anywhere after the attack, he added.