Wasaga Beach town hall computers seized by hackers

News May 01, 2018 by Ian Adams Wasaga Sun

Wasaga Beach’s computer systems have been held hostage for more than a week.

Municipal officials say the town has been asked for a “monetary request” in order to regain access to the town’s servers from a ransomware attack.

Chief administrative officer George Vadeboncoeur said the town has consulted with the OPP, RCMP, and an IT security firm.

“We have every confidence we have the right team in place to manage this situation,” Vadeboncoeur said.

It is unknown how the virus was able to infiltrate the municipality's server.

Aleksander Essex, an assistant professor of software engineering with a specialization in cybersecurity and applied cryptography at Western University, said malware such as ransomware typically exploits a software or procedural vulnerability in order to gain access to an organization’s system.

“From an academic perspective, it’s really clever; it’s awful, but you can see why criminals could want to do this,” he said.

Vadeboncoeur said despite the attack, it remains more or less business as usual at town hall.

Residents are still able to pay their taxes and buy dog tags; anyone wishing to get a bus pass needs to go to the Wasaga Beach Public Library. However, municipal staff are unable to provide residents with information such as tax account balances.

It is unknown whether any information on the servers has been compromised. Vadeboncoeur declined to say how much money was being asked for

Essex said the typical motivation behind this type of cyber attack is a financial payoff.

“You’re not stealing the data typically — it’s possible they are doing that — but the real goal is money,” he said.

Historically, the real risk for the criminal was during the exchange of money, when they had to show up “to pick up the briefcase,” Essex said. The rise of cryptocurrencies such as Bitcoin has made it easier for thieves, who can essentially accept a ‘drop’ from anywhere in the world — safely and anonymously.

Essex said there are not a lot of examples of municipalities in Canada that have been hit, as thieves typically target small- and medium-sized companies. And, he said, it happens more frequently than one may think.

“It’s not reported in many cases … it’s not publicly disclosed, because it is embarrassing and can shake confidence (in a business),” he said.

Essex said even paying the hackers may not result in getting access back.

“You can pay, they give you the keys, and everything is put back to normal. What if you pay, and they don’t give you the keys. Or you can pay, and they turn around and ask for more money,” he said.

Essex said when an organization considers the security of its computer system, it’s not whether to view it as secure or insecure, but in terms of risk management

That includes having up-to-date software, and that data is backed up.

“In general, timely backups prevent you from being brought to your knees by this, and you’d be surprised to realize how in many organizations they don’t have very good backups,” he said.

 

Wasaga Beach town hall computers seized by hackers

News May 01, 2018 by Ian Adams Wasaga Sun

Wasaga Beach’s computer systems have been held hostage for more than a week.

Municipal officials say the town has been asked for a “monetary request” in order to regain access to the town’s servers from a ransomware attack.

Chief administrative officer George Vadeboncoeur said the town has consulted with the OPP, RCMP, and an IT security firm.

“We have every confidence we have the right team in place to manage this situation,” Vadeboncoeur said.

Related Content

It is unknown how the virus was able to infiltrate the municipality's server.

Aleksander Essex, an assistant professor of software engineering with a specialization in cybersecurity and applied cryptography at Western University, said malware such as ransomware typically exploits a software or procedural vulnerability in order to gain access to an organization’s system.

“From an academic perspective, it’s really clever; it’s awful, but you can see why criminals could want to do this,” he said.

Vadeboncoeur said despite the attack, it remains more or less business as usual at town hall.

Residents are still able to pay their taxes and buy dog tags; anyone wishing to get a bus pass needs to go to the Wasaga Beach Public Library. However, municipal staff are unable to provide residents with information such as tax account balances.

It is unknown whether any information on the servers has been compromised. Vadeboncoeur declined to say how much money was being asked for

Essex said the typical motivation behind this type of cyber attack is a financial payoff.

“You’re not stealing the data typically — it’s possible they are doing that — but the real goal is money,” he said.

Historically, the real risk for the criminal was during the exchange of money, when they had to show up “to pick up the briefcase,” Essex said. The rise of cryptocurrencies such as Bitcoin has made it easier for thieves, who can essentially accept a ‘drop’ from anywhere in the world — safely and anonymously.

Essex said there are not a lot of examples of municipalities in Canada that have been hit, as thieves typically target small- and medium-sized companies. And, he said, it happens more frequently than one may think.

“It’s not reported in many cases … it’s not publicly disclosed, because it is embarrassing and can shake confidence (in a business),” he said.

Essex said even paying the hackers may not result in getting access back.

“You can pay, they give you the keys, and everything is put back to normal. What if you pay, and they don’t give you the keys. Or you can pay, and they turn around and ask for more money,” he said.

Essex said when an organization considers the security of its computer system, it’s not whether to view it as secure or insecure, but in terms of risk management

That includes having up-to-date software, and that data is backed up.

“In general, timely backups prevent you from being brought to your knees by this, and you’d be surprised to realize how in many organizations they don’t have very good backups,” he said.

 

Wasaga Beach town hall computers seized by hackers

News May 01, 2018 by Ian Adams Wasaga Sun

Wasaga Beach’s computer systems have been held hostage for more than a week.

Municipal officials say the town has been asked for a “monetary request” in order to regain access to the town’s servers from a ransomware attack.

Chief administrative officer George Vadeboncoeur said the town has consulted with the OPP, RCMP, and an IT security firm.

“We have every confidence we have the right team in place to manage this situation,” Vadeboncoeur said.

Related Content

It is unknown how the virus was able to infiltrate the municipality's server.

Aleksander Essex, an assistant professor of software engineering with a specialization in cybersecurity and applied cryptography at Western University, said malware such as ransomware typically exploits a software or procedural vulnerability in order to gain access to an organization’s system.

“From an academic perspective, it’s really clever; it’s awful, but you can see why criminals could want to do this,” he said.

Vadeboncoeur said despite the attack, it remains more or less business as usual at town hall.

Residents are still able to pay their taxes and buy dog tags; anyone wishing to get a bus pass needs to go to the Wasaga Beach Public Library. However, municipal staff are unable to provide residents with information such as tax account balances.

It is unknown whether any information on the servers has been compromised. Vadeboncoeur declined to say how much money was being asked for

Essex said the typical motivation behind this type of cyber attack is a financial payoff.

“You’re not stealing the data typically — it’s possible they are doing that — but the real goal is money,” he said.

Historically, the real risk for the criminal was during the exchange of money, when they had to show up “to pick up the briefcase,” Essex said. The rise of cryptocurrencies such as Bitcoin has made it easier for thieves, who can essentially accept a ‘drop’ from anywhere in the world — safely and anonymously.

Essex said there are not a lot of examples of municipalities in Canada that have been hit, as thieves typically target small- and medium-sized companies. And, he said, it happens more frequently than one may think.

“It’s not reported in many cases … it’s not publicly disclosed, because it is embarrassing and can shake confidence (in a business),” he said.

Essex said even paying the hackers may not result in getting access back.

“You can pay, they give you the keys, and everything is put back to normal. What if you pay, and they don’t give you the keys. Or you can pay, and they turn around and ask for more money,” he said.

Essex said when an organization considers the security of its computer system, it’s not whether to view it as secure or insecure, but in terms of risk management

That includes having up-to-date software, and that data is backed up.

“In general, timely backups prevent you from being brought to your knees by this, and you’d be surprised to realize how in many organizations they don’t have very good backups,” he said.