OPP warn of ran­somware at­tacks on mu­nic­i­pal gov­ern­ments

At least two towns have paid off hack­ers

The Hamilton Spectator - - Canada & World - MICHELLE MCQUIGGE

A rash of cy­ber­at­tacks on On­tario mu­nic­i­pal gov­ern­ments in which hack­ers de­mand a ran­som to un­lock com­pro­mised sys­tems has prompted the pro­vin­cial po­lice to warn about what it de­scribes as a re­cent trend.

On­tario Pro­vin­cial Po­lice didn’t dis­close how many mu­nic­i­pal­i­ties had been tem­po­rar­ily crip­pled by the in­ci­dents known as ran­somware at­tacks, but at least two re­cently had their sys­tems com­pro­mised and the mayor of one of them said he’s heard of mul­ti­ple other cases.

In an ad­vi­sory is­sued Fri­day, the OPP said it wanted com­mu­ni­ties to be aware.

“In re­cent months there have been sev­eral ran­somware (hack/ virus) at­tacks on busi­nesses and mu­nic­i­pal gov­ern­ment of­fices within On­tario,” wrote the force, which did not re­spond to re­quests for fur­ther com­ment.

“The OPP does not sup­port pay­ing ran­somware at­tack­ers, as it only en­cour­ages fur­ther crim­i­nal ac­tiv­ity, and there is no guar­an­tee that pay­ment will re­store the en­crypted data.”

Po­lice de­scribed a ran­somware at­tack as one where a com­puter or net­work is in­fected with mal­ware — soft­ware in­tended to dam­age or dis­able — that en­crypts data on those sys­tems. Those be­hind the at­tack then re­veal that the in­for­ma­tion can only be re­trieved with an en­cryp­tion key, which com­monly is only re­leased upon the pay­ment of a ran­som.

The OPP said most such at­tacks are launched ei­ther through direct hack­ing into a vul­ner­a­ble sys­tem or through phish­ing emails that urge users to click on files or links that then in­stall the mal­ware. Pay­ment is usu­ally de­manded in Bit­coin or some other form of cryp­tocur­rency, the OPP said.

That ex­act sce­nario played out ear­lier this month in Mid­land, ac­cord­ing to Mayor Gord McKay.

On Sept. 1, of­fi­cials dis­cov­ered that many of the town’s servers had been com­pro­mised and locked down. McKay did not dis­close ex­actly how much ran­som was paid through an in­sur­ance com­pany to the hack­ers, and said the cy­ber­at­tack re­mains un­der in­ves­ti­ga­tion.

McKay said the at­tack crip­pled Mid­land’s fi­nan­cial sys­tems, but said it was not as dev­as­tat­ing as it may have been had it hap­pened three months ago.

At that time, there was an­other ran­somware at­tack on the nearby town of Wasaga Beach, which prompted Mid­land’s of­fi­cials to take pre­ven­tive ac­tion, he said.

“We took a good re­gard as to what hap­pened over there and said, ‘OK, no rea­son why it shouldn’t hap­pen here ... so let’s start taking pre­cau­tion­ary mea­sures,’ ” he said.

The town man­aged to iso­late on­line sys­tems re­lated to fire, po­lice, wa­ter and waste-wa­ter ser­vices be­fore the hack­ers struck, the mayor said.

There’s also no ev­i­dence to sug­gest in­for­ma­tion on tax­a­tion, hu­man re­sources and other af­fected sys­tems was dis­sem­i­nated any­where af­ter the at­tack, he added.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.