A notorious gang of cybercriminals that’s crippled municipal computer systems in St. Marys is allegedly threatening to release troves of sensitive information if the Perth County town doesn’t pay up, cybersecurity journalists are reporting.
The threat: Pay up – or we start sharing secrets.
A notorious gang of cybercriminals that’s crippled municipal computer systems in St. Marys is allegedly threatening to release troves of sensitive information if the Perth County town doesn’t pay up, cybersecurity journalists are reporting.
According to cybernews.com, an online publication focused on cybersecurity issues, a group known as LockBit has taken responsibility for the recent ransomware attack, listing the small Southwestern Ontario town among its victims in a post on the dark web.
The group’s demand — similar to a series of computer attacks that have hit small Southwestern Ontario communities from Woodstock to Stratford and Central Elgin — is believed to be among the first in which specific cybercriminals have been publicly linked.
Officials in St. Marys said in a statement Tuesday the town has hired cybersecurity consultants from Deloitte Canada to help with their response and “conduct a thorough investigation of the incident.” St. Marys Mayor Al Strathdee said more specific details about the potential fallout from the attack won’t be available until the investigation is complete.
“We want to be sure that there’s been no breaches or release of public information,” Strathdee said. “We’re just sort of waiting for (Deloitte) to do their work and then they’ll issue a report to council and … we’ll go from there.”
Strathdee said the town hasn’t yet decided whether it will pay the ransom being demanded.
He couldn’t confirm Tuesday whether LockBit is the group behind the attack or whether sensitive data has been compromised.
“I haven’t been told anything about this group other than what I’ve read on the web,” Strathdee said. “That is part of the forensic (audit) process. There’s thousands of people out there doing these types of attacks, and the reality is we want to determine whether it is substantial or not.”
St. Marys first reported the ransomware attack on Friday.
In the moments after learning of the Wednesday breach, town staff took immediate steps to secure sensitive information by shutting down IT systems and restricting access to email, officials said at the time. Stratford police were contacted, as well as the Canadian Center for Cyber Security and the town’s lawyers.
Critical municipal services like fire, police, transit and water were not affected by the breach and are still operating normally. Strathdee said he has access to email, but the town’s computer systems have not yet been fully restored.
“We’re working towards that,” he said.
Evan Koronewski, a spokesperson for the Communications Security Establishment and the Canadian Center for Cyber Security, confirmed via email Tuesday the government agency is aware of the incident in St. Marys but couldn’t accommodate an interview request for specific details.
“Generally speaking, we have seen a marked rise in the volume and range of cyber threats, and this includes a surge in ransomware incidents,” Koronewski said. “We have seen a growing number of ransomware threats targeting Canadian small and medium-sized businesses, health-care organizations, utility organizations, and municipalities.”
The Canadian Center for Cyber Security launched a ransomware campaign last year that included guidance for Canadians and a case study on the Conti group, another notorious cybercriminal organization. Among the trends the agency identified in its research is a business model called Ransomware-as-a-Service in which developers sell or lease ransomware to other criminals in exchange for a cut of each victim’s payment.
The Canadian Center for Cyber Security is aware of 304 ransomware attacks against Canadian victims in 2021, over half of them involving critical infrastructure, Koronewski said.
“We know this number of cyber incidents is significantly underreported, and the true number of victims is much higher,” he added.
Ann Cavoukian, one of Canada’s top privacy experts, said threats from cybercriminals who target sensitive information are becoming more common. “(Hackers) know how high the price is when they dump people’s personal information and they’re using that as leverage to get people to pay up,” she said.
That may include their sensitive health information and financial data, added Cavoukian, former Ontario privacy commissioner and now executive director of Global Privacy and Security By Design Centre.
“And if the municipality is responsible for this, then surely they’ve got to find some way to protect the data.”
Strathdee said Tuesday town officials are “taking all the steps we can to ensure that our information and our systems are secure.”
“We’ve engaged the best in the business to help us,” he said.
With files by Calvi Leon, Local Journalism Initiative reporter