Tuesday, September 21, 2021

Northern Ontario police force recovering from ransomware attack

A Northern Ontario police force is still trying to recover from a ransomware attack last week.

Sault Ste. Marie, Ont., police put out a statement today saying its 911 service was not affected, nor was its online reporting system for less urgent crimes. “At no time was our ability to respond to calls for service compromised,” the statement said.

However, the force’s email service isn’t available. It has not said whether its police dispatch or records systems were impacted.

The statement said the force became aware of the ransomware attack on Thursday, August 26th, and added, “Information Technology staff are working through the attack to regain access to affected systems.”

Government departments and services such as police forces are considered by some attackers to be prime targets on the assumption they are more likely to pay a ransom because they provide critical infrastructure services.

Earlier this year those behind the ransomware attack on the Washington, D.C. police force threatened to release copied personal data on police officers and informants unless a US$4 million ransom was paid. The department offered $100,000, which was reportedly refused. After that extensive profiles of 22 officers including their Social Security numbers and dates of birth were published, possibly putting them at risk.

Ransomware gangs operate at two levels: Some are wholly-contained operations, while others run ransomware-as-a-service (RaaS)operations, where affiliate members actually do the targeting and hacking. Some cybersecurity vendors report RaaS gangs have lately become nervous as their affiliates target high-profile targets — such as hospitals and pipelines — which are more likely to attract hostile public reaction and combined attention of law enforcement.

For example, after attacking the U.S. Colonial Pipeline — which resulted in the pipeline being temporarily shut down and creating long lines at East Coast gas stations — the web servers of the Darkside ransomware group were seized, as well as its payment server. It is assumed the U.S. had something to do with that.

Subsequently the Darkside group apparently re-emerged calling itself BlackMatter. It listed a number of organizations it wouldn’t attack including hospitals, critical infrastructure, the oil and gas sectors, defence sectors and government departments.

 

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News