City cyber attackers were 'well-funded, organized,' it will take years to recover, experts say - Action News
Home WebMail Friday, November 22, 2024, 07:43 AM | Calgary | -12.8°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Hamilton

City cyber attackers were 'well-funded, organized,' it will take years to recover, experts say

A sophisticated criminal organization hacked into the City of Hamilton's IT systems at twice the averagespeed of similar ransomware attacks, locking staff out of online systems and demanding a ransom within 20 days, cybersecurity experts told councillors.

A team from Deloitte Canada revealed details about the breach at a general issues committee meeting Wednesday

A man looks at blue-tinted screens with a large fan next to him.
Hackers gained quick access to the City of Hamilton's online systems, experts say. The city was able to contain the incident within two days, but the damage was already done. (Maksim Shmeljov/Shutterstock)

A sophisticated criminal organization hacked into the City of Hamilton's IT systems at twice the averagespeed of similar ransomware attacks, locking staff out of online systems and demanding payment within 20 days, say cybersecurity experts.

A team from Deloitte Canada revealed details about the Feb. 25 breach at a general issues committee meeting Wednesday. Deloitte is one of the outside companies the city hired to help recover from the ransomware attack thatcontinues to impactservices four months later.

"Threat actors" typically take 40 days from first accessing the system to ransoming and encrypting networks and effecting the organization, said Deloitte partner Bryson Tan. The speed atwhich the hackers movedindicates they were "well-funded, organized and advanced."

The city moved swiftly, too, containing the incident in two days, compared to the average of 25 days, said Tan. But the damage was done.

"This is a very significant breach," Andy Potter, also a partner at Deloitte, told councillors. "There's no sugarcoating that and it will continue to have significant impacts for quite some time. This won't get solved in months. We are talking about years."

Hamilton police are investigating, said Marnie Cluckie, city manager, at a news conference Thursday. There is no indication personal information was stolen.

City won't say how the attack happened

The city has spent $5.7 million so far to recover from the attack, some of which may be covered by insurance, Cluckie said.

About 45 per cent of systems have been restored or replaced,including the general inquiry email, internet access, job postings and vendor payments.

All city employees have regained access to their payroll information, includingonline pay stubs and T4 slips, said Mike Zegarac, general manager of finance. The city hadbeen paying them manually since March, and now the system is back online and any paydiscrepancies will be corrected.

The city didn't pay the ransom and hasn't made public the amount of money demanded, but Coun. John-Paul Dankosaid at the committee meeting, it would've been a "throwaway cost" that wouldn't have guaranteed the encrypted data would bereleased.

The city expects to spend more than $33 million until 2033 to rebuild and expeditecybersecurity projects already planned for the coming years.

As forhow the attackers broke into the city's systems in the first place, Hamilton's Chief Information Officer CyrusTehranisaid he doesn't plan to reveal that anytime soon.

"That's standard protocol," he told reporters Wednesday. "It's no different than if burglars got into your house. You wouldn't put a sign on the front explaining how they got in."