• Protecting Water and Farmland in Simcoe County
Home » Council Watch » News clips: Wasaga Beach computers hacked

News clips: Wasaga Beach computers hacked

By
In Council Watch
Aug 27th, 2018
0 Comments
1036 Views

Ransomware costs continue to climb for Wasaga Beach

by Ian Adams Wasaga Sun August 27 2018

Wasaga Beach’s information technology department would not have been able to fend off this spring’s ransomware attack of the municipality’s computer network on its own.

That’s the conclusion of Jason Green of Hexigent Consulting in a ransomware incident report presented to council members at their Aug. 16 co-ordinated committee meeting.

The expectation of the town’s IT department is to provide broad technology support under a limited budget, he wrote.

“The knowledge, methods and techniques required to combat an attack of this complexity is typically found in dedicated cyber specialists with many years of digital combat experience.”

On April 30, the municipality’s servers were taken over by hackers through a ransomware attack. The hackers initially demanded 11 Bitcoins, approximately $130,000, to release the decryption key to unlock the town’s servers.

The town eventually paid three Bitcoins, worth approximately $34,000. However, other costs — including the loss of productivity, new hardware and consultant costs — is estimated to top $250,000 for an incident that hampered the town’s network for several weeks.

Treasurer Jocelyn Lee, who also oversees the IT department, expects there will be an additional $50,000 to $60,000 in costs; those costs have been built into the 2019 budget.

“Some costs are ongoing, and some will be periodic one-time costs,” she told Simcoe.com.

However, details such as how the attack occurred, and recommendations related to preventing future attacks, were redacted from the public report.

Those details have been presented to council behind closed doors. Lee told Simcoe.com the information was redacted from the public document for security reasons.

In his public report, Green noted the town has since updated its antivirus protectionand invested in an new email security solution to reduce exposure to phishing and spam emails. Other acquisitions, he wrote, should be considered to “provide additional layers of security to prevent and minimize the impact of a similar event in the future.”

“We are confident that the recommendations made would help to protect the town in the future,” Lee told Simcoe.com.

Staff have been directed by council to evaluate the recommendations and report back in two months’ time with their findings on cost and risk management.

Council receives report on ransomware incident

News release from Wasaga Beach July 25 2018

A report on the costs of the ransomware attack and related expenses was received by town council on Tuesday night.

Prepared by treasurer Jocelyn Lee, the report notes that on April 30, 2018 a ransomware virus compromised the municipality’s computer system.

“This was done by cyber criminals who demanded a ransom be paid to unlock the data back to the town,” Lee said in her report to council.

For roughly seven weeks, town staff worked with computer experts to recover from the virus by rebuilding a new network, negotiating with the cyber criminals to obtain the data back, scrubbing the data to ensure it was clean before returning it to the new network, reconfiguring many software programs to work under the new network design, and installing a new hardware and software infrastructure deemed necessary for corporate security.

Lee said three consulting firms were hired to help with the situation. She noted a second report is being prepared by Hexigent Consultants that will address technical details, including how the ransomware attack happened. The report is slated for presentation to council’s Coordinated Committee on Aug. 16, 2018.

In total, the town paid $34,950 to retrieve the municipality’s data. An additional $37,181 was paid to consultants.

To read the full report click here: http://bit.ly/2LIPaLE

The town reminds the community that it believes no personal data was compromised during the ransomware attack. The opinion of experts is the incident was strictly about extracting a payment from the municipality. Should this view change the town will advise the community.

Wasaga Beach pays ransom following computer system hacking

The Town of Wasaga Beach has made a deal with hackers to prevent the release of sensitive information. Beatrice Vaisman reports.

CTV Barrie July 24 2018

New details have emerged about how much the Town of Wasaga Beach spent to reclaim data after the towns’ computer system was hacked.

The town’s computers were compromised for about seven weeks in the spring after hackers locked them down and demanded ransom for the data.

“It was like living in a spy movie,” says Wasaga Beach’s Chief Administrative Officer George Vadeboncoeur.

He and town officials spent weeks negotiating with hackers he believes are overseas  “via a secure encrypted email, back and forth, that couldn’t be traced.”

It was back on April 30th that the town’s computer system was compromised with a virus, locking up its software and back-up system, demanding cash be paid to unlock the data.

The town says they paid hackers about $35,000 for the code to recover the information.

It’s a decision Vadenboncoeur says he made after seeking advice from experts.

“We would’ve been in the hundreds of thousands of dollars because we would have had to start from scratch to recreate everything, and that seemed like a price to pay.”

The town also had to pay more than $50,000 for consultants to help decrypt the information, and taxpayers are also on the hook for $160,000 of lost productivity by staff.

“It’s very unfortunate when it happens, and it’s extra unfortunate when it’s public dollars,” says Wasaga Beach Councillor Sylvia Bray.

Councillors say it’s unfortunate that the town has to dip into its reserve fund to pay for this ordeal but they’re proud of the way staff handled the crisis.

“This could’ve been devastating, and we are well positioned to weather the storm and move forward,” says Councillor Joe Belanger.

“It happened, I think we need to understand how and why to make sure it doesn’t happen again,” says Bray.

Town officials say no personal information was compromised and they have now taken several measures to beef up their cybersecurity.

Here’s how much Wasaga Beach paid hackers to retrieve data

by Ian Adams Wasaga Sun July 23 2018

Wasaga Beach paid nearly $35,000 to regain access to the municipalities servers.

The hackers were paid three bitcoins in three separate transactions, and a bitcoin broker was paid $2,000.

A report from the town’s treasurer and director of finance, Jocelyn Lee, is scheduled to be presented to council’s July 24 meeting.

The total cost of the incident that hobbled the town’s computer system for a month, including consultants, software, new hardware, and staff overtime, is nearly $90,000.

That doesn’t include lost productivity, however, which Lee said could push the cost to more than $250,000.

Lee’s report did not include how the hackers were able to plant a ransomware virus onto the municipality’s servers at the end of April. She said the technical details of what took place will be presented at a future meeting.

Leave a Reply

Commenters must post under real names. AWARE Simcoe reserves the right to edit or not publish comments. Your email address will not be published. Required fields are marked *

Home | Related Links | Contact Us
© 2014 AWARE-Simcoe all rights reserved – All trademarks, logo's, names, etc. are property of their respective owners
Powered By