Ontario cities ask feds, province for help repelling ransomware attacks

Thestar.com
August 9, 2019
David Rider

Amid a growing number of “ransomware” attacks on them, Ontario municipalities are starting to share cybersecurity information and want senior governments to help shield them from hackers.

The 444-member Association of Municipalities of Ontario is collecting and sharing information on the data-paralyzing menace, while helping experts develop security and insurance services for the members, said AMO president Jamie McGarvey in an email to the Star.

Two sessions on cybersecurity are being held this month in Ottawa at the annual gathering of Ontario civic leaders, McGarvey said, with another session at a symposium next month.

“AMO has also been urging the provincial and federal governments to work closely with municipal governments to help protect governments from cyberattacks, and to help public services weather attacks with less disruption,” said McGarvey, the mayor of Parry Sound.

Ransomware, where hackers lock computer systems and demand payment for an electronic key to unlock them, is an “epidemic” in the U.S., the FBI says. Targets in Ontario have included Stratford, Midland, Wasaga Beach and two unnamed City of Toronto agencies.

Stratford Mayor Dan Mathieson in June told CBC local governments are “sitting ducks” for “the new terrorists of the century.” He called for a national strategy after some of his town’s servers were held hostage last spring.

Mathieson, who won’t say if Stratford paid a ransom, urged AMO to get the conversation started and told the Star: “Municipal governments need to come together to share information, refine best practices and defend ourselves as well as we can.”

Toronto withdrew from AMO in 2005 but belongs to the Federation of Canadian Municipalities, which told the Star it has, currently, “no FCM policy” on ransomware.

Toronto City Councillor Paul Ainslie said he is alarmed by news of the attacks on Toronto agencies and will push FCM, of which he is a board member, to work on helping Canadian cities protect themselves and deal with attacks.

City auditor general Beverly Romeo-Beehler revealed in June that two city “entities” were “reportedly attacked by ransomware and their systems compromised. In both situations, the incidents were not communicated to (Toronto’s) Chief Information Officer because protocols do not exist.”

Ainslie said he is glad the attacks didn’t compromise the city’s main digital backbone but is alarmed Toronto isn’t fully prepared to deal with the attacks plaguing smaller municipalities. The city is taking steps including creation of a chief information security position.

“I think the auditor general woke a lot of people up,” said the Ward 24 Scarborough-Guildwood representative. “I was frustrated that, going back to 2013, I kept being told as chair of government management (committee) that all our processes were adequate, when they weren’t.”

A key question faced by ransomware victims is whether they pay criminals to quickly recover computer systems used for everything from residents paying tax and utility bills to municipalities paying their employees, or try to use backup data to restore them, or rebuild systems from scratch.

Many including Midland and Wasaga Beach have paid. The FBI and RCMP both urge ransomware victims to not pay, warning they are rewarding and encouraging criminals, and still might not recover all of their data.

Ainslie said he hopes that if Toronto suffers an attack the city would not pay a ransom.

“If you pay ransom of, say, $100,000, they might come back and say, ‘OK, then pay $200,000,” he said. “Better to focus on having resources in place to repel an attack and ensure our backups (computer systems) are not compromised.”

The costs of virtue can, however, be staggering.

Baltimore refused a hacker’s demand for $75,000 (U.S.) worth of bitcoin and now faces total costs of $18 million to repair damage from a malware strain called “RobbinHood.” On Wednesday, three months after the attack, Baltimore residents finally started getting their monthly water bills again.

RCMP Sgt. Guy-Paul Larocque, acting officer in charge of the Canadian Anti-Fraud Centre, said the low rate of reporting by victims hinders authorities’ ability to gather intelligence and ultimately help catch hackers and offer prevention awareness for potential victims including municipalities.

“In one case we did with an international partner, there were tens of thousands of systems targeted,” Larocque said. “And when we did the match with what was reported, it was less than 500.

“There is a shame factor, a fear of being judged, from some victims, but we’re not going to judge them on whether they were a victim, or a target, but on whether they took proper actions that they can take,” after they get an email or pop-up message demanding ransom for their data, he said.

Federal authorities told the Star they are adding resources to combat cybercrime such as ransomware, including a new RCMP investigative team setting up offices in Toronto and Montreal, in addition to home base in Ottawa.

A separate National Cybercrime Coordination Unit, comprised of RCMP officers and civilians, will be managed by the RCMP but work with different police forces, governments and corporations.

That unit, to be fully operational by 2023, will “help reduce the threat, impact and victimization of cybercrime in Canada,” an RCMP spokesperson said, while also creating “a single point of contact for individuals and businesses to report cybercrime online.”

Leading the federal response is the Canadian Centre for Cyber Security which last year warned of a coming increase in ransomware and other cyberattacks.

The Canadian Cyber Threat Exchange, an Ottawa-based non-profit set up by the private sector to share cyber threat information among its members, is offering services including passing to the government details of cyberattacks from companies that want to stay anonymous.

“We’re just starting to reach out to the municipalities,” inviting them to join, said Bob Gordon, the exchange’s executive director, adding they can benefit from the experience of other members including big banks.

“We can create a platform where municipalities could actually get together amongst themselves to share best practices, ideas, share their share their experiences and interact with businesses in their communities that are facing the same kind of threats,” Gordon said.