The southern B.C. district of Squamish has been victimized by ransomware for the second time in a year.
The municipality of about 20,000 at the north end of Howe Sound said Tuesday the attack was discovered Feb. 27, resulting in many IT systems being closed shut.
Most were brought back “with minimal data loss,” the district said in a news release. However, as of Tuesday the recreation booking engine Squamishlive was still offline. The municipality was trying to bring that system back online before Wednesday, when spring program registration is scheduled to open.
“These types of viruses focus on encrypting data; not on stealing data or personal information,” says the statement. “There is no evidence to indicate that the personal information of citizens or employees was compromised.”
However, since December a number of ransomware groups have added data theft to their strategy to put added pressure on victim organizations to pay. If initially, they don’t pay, the hackers threaten to slowly release the stolen data.
Asked Tuesday how the district knows no data was taken, communications co-ordinator Rachael Boguski said an investigation on the attack is currently underway and no information is available beyond what was in the media release.
The district government was also hit by ransomware in May, 2019. According to the district’s latest statement, over the past several months the district has been improving network security and building up network threat protection as a result of that attack.
“Many of the changes implemented, such as additional firewalls, more robust spam protection, greater frequency of backups and overall network security upgrades to name a few, helped to minimize the impact of this one,” it says. “The district is now fast-tracking a move to cloud-based server hosting with virus protection and backups built-in.”
A new IT position focusing on network security is also being funded in the 2020 budget.
“Like so many government organizations we have become a target for well-funded criminal groups that are insistent upon creating havoc, and we are very thankful that no personal information appears to have been compromised,” District of Squamish Mayor Karen Elliott said in the statement. “Due to the expertise of our staff, the District quickly moved over to manual operations in key areas, ensuring that citizens saw little evidence of the interruption.
“The security of District systems continues to evolve to minimize losses and ensure the protection of data against these very sophisticated attacks, which are an unfortunate reality that we may always be faced with.”
