It’s Highway Robbery

'Basically, these guys have these towns by the balls' — most small towns (and even large cities) don't have the budget to hire the best-of-the best IT workers.
‘Basically, these guys have these towns by the balls’ — most small towns (and even large cities) don’t have the budget to hire the best-of-the best IT workers.

Gord McKay was babysitting his granddaughters on the Saturday of the Labour Day long weekend, enjoying a little granddad-in-charge fun, when he received a panicked phone call. McKay is the mayor of Midland, Ont., a bustling tourist destination on the shores of Georgian Bay, about two hours north of Toronto. The call was from an employee with the town’s IT department.

“The staff had come in early that day,” the mayor recalled. “When they flipped on the computers they discovered most of them were inoperable because they had been encrypted.” Then a screen popped up with a message that said: This is a ransomware attack — your files are encrypted — please pay.

Like Atlanta, Ga., like nearby Wasaga Beach and like an untold (and unreported) number of other municipalities, Midland had been hacked. Taken hostage by a band of cyber-thugs, presumably situated offshore and likely associated with organized crime. Encrypted files require keys to unlock. The hackers held all the keys, and were demanding Midland pay up — in Bitcoin — or else. (Bitcoin trades at around $8,000 per unit, depending on the day, and it is untraceable, making it the currency of choice for international cyber-crooks).

“I’m as upset as anybody that they could do this,” McKay says. “Nobody likes having a shotgun pointed at their head and told, ‘Pay up, you have no choice.’”

Daniel Tobok is CEO of Cytelligence, a cyber security firm servicing private clients and municipalities across Canada. He stresses Midland isn’t a one-off — some country rubes, being taken advantage off by sinister players overseas — but further evidence of a growing epidemic. His firm receives 40 to 50 calls a month from towns and companies whose operations have been crippled by ransomware attacks. Most private companies won’t publicize attacks, he says, to avoid spooking clients and customers. But municipalities have voters to answer to, and sometimes will.

“Here’s the problem,” Tobok says. “This is no longer a bunch of kids sitting in mommy and daddy’s basement playing with computers. It is organized crime. So it is not that the town in particular was a target — everybody nowadays is a target — but what makes towns extremely attractive for the threat actors is that the towns will normally pay.


See Also:

(1) How to Protect Your Business & Secure Your Website in 7 Easy Steps

(2) 9 security tips to protect your website from hackers

(Visited 52 times, 2 visits today)