Last April information security audit specialists reported a ransomware infection in the IT systems of Stratford, a small city in Ontario region, Canada. After a couple of weeks without being able to access their systems, the local government decided to pay the hackers about $75k USD in cryptocurrency to retrieve access to the compromised information.
The attack occurred last April 14, 2019, when
hackers managed to infiltrate the city’s networks, encrypting their systems and
servers and leaving a malware variant hosted in their database. After detecting
the infection, the authorities disconnected their users from the Internet to
stop the spread of the malware. Six physical servers and two virtual
deployments were infected.
Now, nearly six months after the incident, some
details were finally revealed via a statement on the city’s website. About two
weeks after the attack, Stratford authorities decided to negotiate with threat
actors, agreeing on a payment of 10 Bitcoin.
At the time of the incident, each unit of the virtual currency was valued at
little over $7.5k USD, so the government had to expend more than $75k USD in
total.
It should be remembered that, like other
cryptocurrencies, a Bitcoin transfer provides complete anonymity to both
parties involved, plus it is almost impossible to track a transaction, so for
hackers it is an effective means of demanding the money derived from their
criminal activities, as mentioned by information security audit specialists.
The city has an insurance policy in case of
cybersecurity incidents, so most of the ransom amount was absorbed by the
insurance company. However, Stratford had yet to invest $15k USD for the
ransom.
Although the payment has already been made and
the local government systems were restored, information security audit
specialists from the International Institute of Cyber Security (IICS) mention
that the incident is still being investigated by the Cybercrime Unit, a specialized
area of the Ontario Police Department. In addition, local authorities keep
taking measures to prevent similar incidents.
