One of the country’s foremost ski resorts is struggling to dig itself out from a ransomware attack.
The Resort Municipality of Whistler (RMOW), just over an hour’s drive north of Vancouver, suffered what it calls a cybersecurity event on Thursday. As a result, non-essential town services have been suspended because email, phone, network services and the website were taken offline.
In-person service at the municipal hall is suspended and the May 4 town council meeting has been cancelled.
As of Sunday the municipality’s website still showed a warning that it had suffered a cyber incident.
The website of the ransomware group claiming responsibility says it has 800GB of data including “personal information (names, addresses) SQL databases, stats, huge email dumps, passwords, network scheme, services, private documents … Will be sold in the next 7 days.”
In the notice on the municipal website and its Twitter account the municipality of 12,000 urges people to beware of phone calls, emails and online activity claiming to be from the municipality and asking for personal information.
“At this time, our forensic investigation into this matter is ongoing,” the statement said. “We continue to investigate whether any information was accessed by an unauthorized user and should our investigation indicate that personal information was indeed accessed, we will inform affected individuals immediately. The RMOW is further strengthening its security safeguards to ensure that all information in its custody remains secure.
“The RMOW is currently working with cybersecurity experts and the RCMP has launched an investigation into this incident.”
By coincidence, the attack came the same day as an international ransomware task force, including the RCMP, called on governments around the world to declare ransomware a national security threat.
The statement says infrastructure such as water and sewage, and emergency systems such as 911 and the Whistler Fire Department, have been secured and are operating as normal.
“Although we have robust protections in place to prevent this type of illegal event, these cybercriminals breached our server,” chief administrative officer Virginia Cullen said in the statement. “As soon as we were aware of this, we took measures to prevent further access, and are now in the process of working with cybersecurity experts before we put the system back online.”
Municipalities are favoured targets of ransomware groups because their cyber defences aren’t as sophisticated as larger levels of government. Attackers believe cities and towns may be more willing to pay ransoms than other organizations because of the amount of personal information they hold.
However, deciding not to pay can be costly. A recent report by the Canadian Cyber Security Centre noted that Woodstock, Ont., ended up paying $660,000 in remediation costs after a ransomware attack in 2019. The City of Baltimore estimated a 2019 ransomware attack cost the local government US$18 million.