Ontario government had to pay hackers a $75k USD ransom

Last April information security audit specialists reported a ransomware infection in the IT systems of Stratford, a small city in Ontario region, Canada. After a couple of weeks without being able to access their systems, the local government decided to pay the hackers about $75k USD in cryptocurrency to retrieve access to the compromised information.

The attack occurred last April 14, 2019, when hackers managed to infiltrate the city’s networks, encrypting their systems and servers and leaving a malware variant hosted in their database. After detecting the infection, the authorities disconnected their users from the Internet to stop the spread of the malware. Six physical servers and two virtual deployments were infected.

Now, nearly six months after the incident, some details were finally revealed via a statement on the city’s website. About two weeks after the attack, Stratford authorities decided to negotiate with threat actors, agreeing on a payment of 10 Bitcoin. At the time of the incident, each unit of the virtual currency was valued at little over $7.5k USD, so the government had to expend more than $75k USD in total.

Part of the official statement, posted on Stratford’s website

It should be remembered that, like other cryptocurrencies, a Bitcoin transfer provides complete anonymity to both parties involved, plus it is almost impossible to track a transaction, so for hackers it is an effective means of demanding the money derived from their criminal activities, as mentioned by information security audit specialists.

The city has an insurance policy in case of cybersecurity incidents, so most of the ransom amount was absorbed by the insurance company. However, Stratford had yet to invest $15k USD for the ransom.

Although the payment has already been made and the local government systems were restored, information security audit specialists from the International Institute of Cyber Security (IICS) mention that the incident is still being investigated by the Cybercrime Unit, a specialized area of the Ontario Police Department. In addition, local authorities keep taking measures to prevent similar incidents.