Blog / Pay Up! – Town of Midland in Ontario hit with Ransomware and Pays Ransom.
Years ago I visited a town in Texas for about a week. I was there doing some volunteer work for a Charity organization. This place was flat. I mean really flat! How flat was it you ask? It made Saskatchewan look like the Rockies. The name of the place was Midland. It was pleasant, hot, and dusty. There were lots of remnants of the cowboy era – like steer-horns mounted on the front grill of a Cadillac. But Midland‘s now an oil town, so the horns were chrome-plated.
And did I mention it was flat?
So when a colleague forwarded me an article that Midland had been hit with Ransomware, I thought FLAT. Except it was Midland Ontario, not Texas. It’s a town of about 16,000 north of Toronto, on the shores of Lake Huron. It’s reported that their computer systems were hit with Ransomware on the September long weekend. So far, while not commonplace, it was not all that unusual. Several of our Clients have been hit with Ransomware. It’s what happened after, that causes concern.
They paid the Ransom. The amount has not yet been disclosed, but a neighbouring town (Wasaga Beach) was hit this past spring, and they paid $35,000 for the decryption keys.
It’s reported that the town’s IT systems were “dark” for 48 hours – in other words, unusable. As of September 10th, systems were still not restored to normal and “negotiations with the Hackers were ongoing.” It’s reported that while Emergency Services and Waste Management were unaffected, the town’s financial system was significantly impacted.
I have no first-hand or Insider knowledge of their troubles – or the efforts to restore the system. But I will take some educated guesses.
A town of 16,000 Residents will have a significant Town Administration – perhaps 150-200+ Users. A Municipality of that size normally has 3 to 5 full-time Staff working in IT, including a Senior Manager. They’ll have multiple servers (perhaps as many as a dozen), multiple locations (5), and several mission-critical systems and applications (10 to 15.) Their annual IT budget will be well into 6 figures, by the time you figure-in Staff resources. To most people, their IT systems are a big and important deal – and they have to be, as most towns run on information.
It’s not hard to imagine how the virus was activated; most likely an Employee opened an infected attachment and the virus was downloaded to a local computer – or worse, one of the servers. Most likely, the common file repository did not have sufficient permission c controls or structure to prevent the virus from spreading. Or worse, the User had too many permissions on their account. The database that controls the financial system also seems to have excessive permissions, as part or all of it was encrypted.
I also suspect their Backups and Disaster Recovery systems were not up-to-par. Otherwise, it would have been a straight-forward task to restore from a verified offsite backup – with the loss of a day or two’s worth of information. The restoration shouldn’t have taken more than 6 to 8 hours; a late night for a few Techs, but not much more. It wouldn’t have been National News.
It’s also not clear if they had a Cyber Security Incident Response Protocol to follow, but judging by the lack of assertive and coordinated response, as well as the Press Releases from the Mayor, I think not.
So, it seems the town was backed into a corner and felt the Ransom payment was the only way out. NO COMMENT I say with teeth clenched!
The finger-pointing has just started. A former Technical Investigator for the Midland Police Service has been especially harsh; “This is unbelievable. This is just absolute sheer neglect …”. He might be right, but it’s hardly useful.
This is an unfortunate tale-of-woe, and it’s easy to play armchair quarterback in this sad game. But it seems many Business Owners and Government Officials approach the threat of Cyber Attacks with a casual attitude. They are lulled into a false sense of Security that their Firewall and Anti-Virus will protect them. NOT SO – and more than one Municipality is finding out the hard way.
Managers and Elected Officials need to take the same care and attention to Cyber Threats, as they do with fire prevention in their facilities; actually more so. The end result is the same; they loose the ability to carry on normal corporate functions – and unless you have a fireworks plant nearby, the chances of being hit with a Ransomware Attack is much greater than a fire.
So, what to do? It starts with a comprehensive Cyber Security Assessment. Then you have to follow the recommendations; then you have to refresh the Assessment within a year and follow the new recommendations; then you have to refresh the Assessment in a year and follow the recommendations, and…
You get the idea; it’s a process.
If you would like more information on Cyber Security Assessments and how they can help protect your sensitive information, please contact me or your TRINUS Account Manager for more information for some stress-free Cyber Security.
Did I mention that Midland, TX is flat?