Ontario police warn of recent cyberattacks targeting local governments

A rash of cyberattacks on Ontario municipal governments in which hackers demand a ransom to unlock compromised systems has prompted the provincial police force to warn about what it describes as a recent trend.

Ontario Provincial Police didn’t disclose how many municipalities had been temporarily crippled by the incidents known as ransomware attacks, but at least two recently had their systems compromised and the mayor of one of them said he’s heard of multiple other cases.

In an advisory issued Friday, the OPP said it wanted communities to be aware of the spate of incidents.

“In recent months there have been several ransomware (hack/virus) attacks on businesses and municipal government offices within Ontario,” wrote the force, which did not respond to requests for further comment.

“The OPP does not support paying ransomware attackers, as it only encourages further criminal activity, and there is no guarantee that payment will restore the encrypted data.”

Police described a ransomware attack as one where a computer or network is infected with malware — software intended to damage or disable — that encrypts data on those systems. Those behind the attack then reveal that the information can only be retrieved with an encryption key, which commonly is only released upon the payment of a ransom.

The OPP said most such attacks are launched either through direct hacking into a vulnerable system or through phishing emails that urge users to click on files or links that then install the malware. Payment is usually demanded in Bitcoin or some other form of cryptocurrency, the OPP said.

That exact scenario played out earlier this month in Midland, Ont., according to Mayor Gord McKay.

On Sept. 1, officials discovered that many of the town’s servers had been compromised and locked down. McKay did not disclose exactly how much ransom was paid through an insurance company to the hackers, and said the cyberattack remains under investigation.

McKay said the attack crippled Midland’s financial systems, but said it was not as devastating as it may have been had it happened three months ago.

At that time, another ransomware attack on the nearby town of Wasaga Beach, Ont., prompted Midland’s officials to take out insurance to protect against such an incident, he said.

“We took a good regard as to what happened over there and said, ‘ok, no reason why it shouldn’t happen here … so let’s start taking precautionary measures,” he said.

The town managed to isolate online systems related to fire, police, water and waste-water services before the hackers struck, the mayor said. There’s also no evidence to suggest information on taxation, human resources and other affected systems was disseminated anywhere after the attack, he added.

Officials in Wasaga Beach did not respond to request for comment on the attack they experienced.

McKay said the decision to purchase insurance has proven beneficial and has helped the municipality recover faster than it might have otherwise. Access to the hacked systems has been provided over time, he said, and all the town’s systems are expected to be fully functional by next week.

The town’s experience suggests an emerging industry around cyberattacks has taken root, McKay said, adding he’s heard from municipalities both inside and outside of Ontario who’ve gone through a similar ordeal.

“It’s happening a fair bit out there, but obviously people don’t like to talk about it,” he said. “There’s an industry being built up about it, both on the bad guys’ side and also on the recovery side.”

Atty Mashatan, an information technology professor at Ryerson University, said worldwide malware attacks involving everything from hospitals to transit systems have given rise to a burgeoning industry.

She said there are numerous insurance offerings available to both businesses and individuals seeking protection from cybercrime. Like with standard insurance policies, she said packages vary considerably, adding the most comprehensive could cover the cost of legal fees incurred by potential lawsuits associated with security breaches.

But Mashatan stressed that the best insurance is sound security, adding both individuals and companies should cover off basics such as installing strong anti-malware and anti-virus protection as well as maintaining thorough offline backups of key information.

Common sense also has a role to play, she said.

“It has to do with the awareness of the individuals in your organization or in your household,” she said. “Don’t click on a link if you don’t trust it.”

McKay said the town of Midland had no choice but to pay the ransom demanded to reclaim its data, but such an approach finds little favour with Mashatan and the OPP.

The force urged victims of such cyberattacks to go to local police but also noted that ultimately it was up to those targeted to decide how to proceed.

“Companies and individual victims should address threats based upon the nature and severity of the threat and only after carefully considering the best interests of the individual or company’s employees, stakeholders and shareholders,” the force said.