First it was Florida, now Ontario is the victim of a ransomware attack; should the government pay the ransom?

IT security audit specialists report a ransomware attack incident occurring in a municipality in eastern Ontario, Canada, in late June. The little city management reported that their systems have just been completely restored.

The Nation municipality’s computer systems were infected with a variant of encryption malware sometime on Sunday, June 30, public officials noted. Threat actors have illegitimately accessed government networks, infecting any system in its wake with ransomware. The ransomware managed to encrypt multiple systems, disrupting some of the local government services as well as its email server.

Francois St. Amour, mayor of The Nation, stated that the attack has created countless inconveniences for his administration, “employees can’t even send or receive emails,” he said. Days after the incident some of the services began to be restored, with the exception of the email server, “this will take longer because IT security audit experts will have to reset each account individually”, the mayor added.

The mayor said that the incident was reported to the police and the Ontario Information and Privacy Commission. Although the investigation is not yet concluded, authorities do not believe that hackers have accessed the data compromised during the incident: “The main motivation of these people is not the data theft, they only care about blocking access to the systems and their stored information to force victims to pay the ransom”, a spokesman for the Information Commission said.

Sources close to The Nation’s government claim that hackers demanded a payment of more than $10k USD via a Bitcoin transfer; the municipality refused to comply with the attackers’ demands, carrying out the recovery process on its own. The mayor added that new security policies will soon be implemented to prevent future attacks.

Multiple ransomware attacks against local government IT infrastructure have been reported recently. IT security audit specialists from the International Institute of Cyber Security (IICS) reported a wave of attacks on small towns in Florida, USA, which paralyzed services in three locations for weeks. These incidents may have some connection to each other.