Thought leadership. threat analysis, news and alerts.
Why Local Government Offices Are Targeted by Cyber Attackers and How to Prevent Such Attacks
In recent months, a concerning number of local governments in Ontario, Canada have openly admitted that they have been victims of cyber-attacks. What could have caused these attacks? And what can be done to prevent these attacks?
Town of Wasaga Beach
The Town of Wasaga Beach,Ontario admitted that on April 30, 2018, several of its servers were illegally accessed and infected with a ransomware – a type of malicious software (malware) that encrypts computer systems and files, locking out users and demands ransom payment in exchange for the keys that would decrypt or unlock the computer systems and files.
It took the Town of Wasaga Beach approximately 7 weeks to fully recover from the ransomware attack and as a result, the Town lost hundreds of thousands of Canadian dollars, with 3 bitcoin, valued at $34,950 Canadian at the time of payment, paid to the ransomware attackers and bulk of the cost went into the internal productivity losses totaling $251,759 Canadian.
Town of Midland
The Town of Midland, Ontario admitted that on September 1, 2018 its network was illegally accessed and infected with ransomware. Six days after the ransomware attack, on September 6, 2018, the Town of Midland announced that it initiated the process of paying the ransom demanded by the attackers. It wasn’t specified though how much was paid to the attackers.
In exchange for the decryption keys, the Town said that it “initiated the process to pay the ransom.” The Town added, “Although not ideal, it is in our best interest to bring the system back online as quickly as possible.”
City of Stratford
The City of Stratford, Ontario admitted that on April 14, this year, its computer systems were illegally accessed and infected with an unspecified virus – a type of malware that spreads by attaching itself to legitimate computer files and programs and distributed via infected flash drives, emails or websites. This unspecified virus, the City said encrypted computer systems and files and locked out users.
“We have now begun methodically unlocking and decrypting our systems,” the City said. “This is a thorough process that takes days, not hours.”
A computer virus that locks computer users out through encryption and requires decryption to unlock is typical of a ransomware. Decryption key or keys used to unlock the systems or files are given out by ransomware attackers. In the case of the City of Stratford, it wasn’t specified whether or not ransom was paid to the attackers.
City of Ottawa
On April 8, 2019, it was revealed that the City of Ottawa, Ontario fell victim to a common fraud scheme called “Business Email Compromise (BEC)” scam. The City's Office of the Auditor General reported that US$97,797 was transferred to an account of a phony supplier as a result of the BEC scam – a cyber attack that targets organizations that conduct wire transfers for its suppliers. In a BEC scam, email accounts of executives or high-level employees are either spoofed or compromised for the purpose of fraudulent wire transfers, resulting in hundreds of thousands of dollars in losses.
“On July 6, 2018, the General Manager, Corporate Services and City Treasurer (the ‘City Treasurer’), received an email (the ‘Email’) apparently from the City Manager,” the Office of the Auditor General said. “The Email, which was later identified as a spoofed email, requested that a wire transfer in the amount of US$97,797.20 (the ‘Funds’) be processed for the completion of an acquisition. With the City Treasurer’s approval, later that day the request was processed, and the Funds were issued.”
A portion of the City’s funds ended up in a bank account that the U.S. Secret Service monitored and seized. It’s unclear how much, if any, might eventually be recovered by the City of Ottawa from this seized bank account.
Local governments are targeted by cyber criminals as these government organizations are repositories of trove of sensitive data from government licenses to government contracts. The fact that local governments have the financial capability to pay also makes them attractive targets to cyber criminals. And the willingness of some local governments to pay attackers compounded this growing problem.
The growing number of cyber attacks, in particular, ransomware attacks against local government offices within Ontario prompted the Ontario Provincial Police(OPP) to issue a ransomware alert. As to the question of paying attackers ransom, the OPP said, “The OPP does not support paying ransomware attackers, as it only encourages further criminal activity, and there is no guarantee that payment will restore the encrypted data.”
Here are some cybersecurity best practices in order to prevent or mitigate the effects of cyber attacks:
Mind the Emails
Many of today’s cyber criminals use emails as a means to infiltrate the IT systems of organizations. Many of ransomware attacks are carried out by malicious emails, containing malicious attachments or malicious links. Clicking a malicious attachment or clicking a malicious link could allow the installation of malicious software on your organization’s system.
BEC scammers, meanwhile, rely mainly on emails as their means to perpetuate their fraudulent act. In both ransomware and BEC scams, attackers use emails as their weapon.
It’s, therefore, important to have an automated email solution that could identify and block emails with malicious attachments or links as well as identify and block spoofed or compromised emails. It’s also important to train your organization’s staff to identify and block malicious and fraudulent emails.
Backup Important Files
Organizations that entertain the idea of negotiating with cyber attackers are those that have weak back-up systems. If your organization regularly back-up your important files, there’s no reason for your organization to negotiate or pay the attackers for the locked or stolen data.
Steve E. Driz, I.S.P., ITCP