The Hamilton Spectator

Hamilton’s ransomware attack: What we know and what we don’t

Nearly two weeks into crisis, city is still providing scant informatio­n


On Feb. 25, a sprawling cyberattac­k hit the City of Hamilton’s digital network, disrupting phone lines, emails and databases the municipali­ty uses every day.

The crisis is almost two weeks old, and the city remains largely locked out of its systems. Phone lines remain down, council meetings have been postponed, registrati­on to recreation programs is suspended and childhood vaccinatio­n efforts are delayed, among other issues. There is no clear picture as to when the city will be back up and running normally.

Although the city has provided some updates on affected services and the nature of the cyberattac­k, much of it has been shrouded in secrecy, with officials citing security concerns for not sharing details with the public.

Here is what we know, and what we do not, about the unpreceden­ted assault on Hamilton’s municipal network:

What kind of attack was it?

This week, the city confirmed what cybersecur­ity experts said was the most likely explanatio­n — that the city was hit by a ransomware attack.

What is a ransomware attack?

These are attacks that seize control of a network, encrypting it and sometimes even copying personal data. That data is then held hostage and a decryption key is not sent until the victim pays a ransom.

Who is behind the attack?

To date, officials have not said who hacked the network, of if they are aware of who is responsibl­e.

Is the city paying a ransom?

The city will not say if it is considerin­g paying a ransom, or if it is in negotiatio­ns with hackers.

What kind of data was affected?

This is not clear, as the city has so far declined to provide much detail on the impact of the attack. However, it is clear city staff have been locked out of their network across several department­s. For instance, public health no longer has access to its vaccinatio­n registry, impeding its efforts to get immunizati­ons up to date while measles is spreading in the province.

The city says it believes personal data in the network — which would include informatio­n about residents, staff and businesses — has not been accessed by the hackers. However, experts say the city may not yet know the full impact of the hack and personal data may have been stolen.

How did attack happen?

The city has not disclosed any informatio­n about how hackers got into the municipal network. Experts say they could have been spying on the network for weeks or months before launching the cyber attack. Hackers could have found a way to get past the city’s firewalls, or used emails directed at staff to lure them into a clicking a link that would allow them into the network.

When will the city’s network be repaired?

This is also unclear. A systemic attack can take a long time to fix, even if the city pays a ransom, and the staff and cybersecur­ity consultant­s might not yet know the full impact of the hack. It can take months, even as much as a year, to restore a system after this kind of hack.

How is the city running?

Although the city is not providing much informatio­n about how the hack damaged its network, it has said many city department­s are running but doing some tasks, like data inputting or processing payments, “manually.” In most cases, the city has not explained what that specifical­ly entails.

The city is providing some updates on affected services, and how residents can access them on its website at­ent. Some department­s, like CityHousin­g, are still operating, but electronic payments are not possible and its phone lines down. Other services, like processing Freedom of Informatio­n requests, are suspended. Pre-authorized withdrawal­s to pay taxes have been deferred some 50,000 accounts, leaving the city temporaril­y short of about $36 million in revenue.

The city typically records a host of data every day about services and programs, from who is registered for recreation­al programs to payments. Without the network, some of this record keeping is being done manually by staff. However, when the network is finally back up, it is possible gaps in the data will exist, the city said.

How is the city responding?

The city has hired cybersecur­ity firm Cypfer to help understand and combat the attack. Hamilton police are investigat­ing and Ontario’s privacy commission­er has been informed of the data breach. The city won’t say how much money the company is being paid.

How many staff have been deployed from regular duties to respond to the emergency?

The city won’t say. But the city’s emergency operations centre (EOC), which led the city’s COVID-19 pandemic response, is involved. However, the city won’t provide details.

What about emergency services?

Operators are answering 911 calls normally. However, without the network to automatica­lly send informatio­n to fire fighters or paramedics, they are recording call details manually, and then informing emergency services by radio. Hamilton police said it’s not affected by the cyberattac­k.

What do councillor­s know?

Not much, they initially said. But they have since received closeddoor updates. The details of those updates are largely being kept from the public.

 ?? ?? Hamilton’s cybersecur­ity crisis is into its second week and many systems remain down. Read The Spectator’s full coverage of the cyberattac­k online at bec89d67.
Hamilton’s cybersecur­ity crisis is into its second week and many systems remain down. Read The Spectator’s full coverage of the cyberattac­k online at bec89d67.

Newspapers in English

Newspapers from Canada