On November 15, it was reported that the Canadian city of Saint John was experiencing a serious cyberattack, which had disrupted all municipal services of the city (with the exception of the 911 emergency communication system).
At the time, it was unclear whether any personal data of the city’s residents had been compromised.
Assessments of the scope and consequences of the incident, as well as theories as to who and what the “perpetrators” were, appeared on the following day. They were voiced by David Shipley, head of Canadian cybersecurity firm Beauceron Security.
According to Shipley, this was a large-scale, sophisticated attack, which took down several online services, including payment systems, email, and the city’s website. Mitigating its consequences will take weeks or even months. The expert recalled a similar case in Atlanta, USA, where “it took them from March to June to get everything back up and running.” In fact, the affected services will have to be recovered using backup copies (where they exist) or from scratch. No information has been made public on whether any personal data has been compromised, but the city has advised Saint John residents who may have used its online services to check their bank accounts and credit cards for suspicious activity.
The attack was carried out using the Ryuk ransomware, which first surfaced almost a year ago. Its first victim, in December 2019, was an unnamed US maritime facility; in March 2020, the ransomware blocked the operation of ten hospitals in the US, as well as EVRAZ plants in North America. Security researchers believe that a Russian threat actor could be behind Ryuk.
Although the question of whether a ransom has been paid remains open, the expected duration of the recovery effort seems to indicate that the answer is negative.
It is worth noting that this is not the first ransomware attack on Canadian cities by far. According to Shipley, three cities in Ontario were affected by ransomware in 2019. However, Saint John is the largest Canadian city to have fallen victim to ransomware to date. The city has over 70,000 residents and is the second largest city in the province of New Brunswick.
In conclusion, it should be noted that existing measures designed to provide protection against ransomware can hardly be considered adequate. It seems that the famous saying on who learns from their own mistakes and who from those of others remains relevant, at least when it comes to protecting local and municipal information systems.