On Sunday morning, the City of Woodstock suffered a network breach when a virus got into their systems and prevented access to emails and data. The Woodstock Police Service also experienced a separate attack early Monday morning.
Woodstock’s top administrator, David Creery, said that the city has engaged experts and police in its investigation, including the Woodstock Police Service and the OPP cyber-crimes unit. The attack “has the appearance” of ransomware, though no formal ransom demand has been made, Creery added.
The city is currently in the process of minimizing the impact of the breach. They are using cyber security experts to examine the city’s computers to determine how, when and why the attack occurred. Woodstock police are also working with the OPP cyber-crimes unit, as well as its own investigators, IT staff and a third-party company to resolve its cyber attack, Insp. Marci Shelton said.
This isn’t the first time a Canadian City has been breached. Most recently, The City of Stratford experienced a similar attack in April and, last week, officials revealed they had paid a hacker the equivalent of $75,000 in Bitcoin. Last summer, both the town of Midland and the town of Wasaga Beach suffered a ransomware attack. Both of those towns also elected to pay the ransom.
Carmi Levy, a London-based tech analyst, said these kinds of attacks are becoming increasingly common. “The fact that you have two significant high-profile ransomware attacks relatively close together … confirms that this is a major issue and it is getting worse,” Levy said.
Levy also said that the last thing cities should do if experiencing a ransomware attack is pay. Paying the ransom is no guarantee that you will get all your data back and could also make your organization the target of a future attack. In some cases, the criminals that have targeted your organization are using those funds to pay for other criminal activities or in some cases, terrorism.
The best way to respond to a ransomware attack is to be prepared for it. Having offline backup systems, as well as incident response plans, will also go a long way in helping protect your business. Why pay a ransom to get your data back, if you already have a copy you can restore from? Just remember before restoring from the back-up, that the infected device(s) must be quarantined so it can be dealt with. Once you are certain that the vulnerability has been cleaned, then you can start to recover from the back-ups. When restoring from back-ups, make sure the back-up isn’t also infected.