JAKARTA - City of St. Marys, in the Canadian state of Ontario, was hit by a ransomware attack that locked city staff or employees into accessing internal systems and encrypted data.
This small town of about 7.500 residents appears to be the latest target of the notorious LockBit ransomware group. On July 22, a post on the dark website LockBit listed townofstmarys.com as a victim of ransomware and previewed files that had been stolen and encrypted.
The screenshot is taken from the website of the ransomware group. The text reads: “The City of St. Marys is located at the junction of the Thames and Trout Creek, southwest of Stratford in southwest Ontario. Rich in natural resources, namely the River Thames, the land that now forms St. Marys was traditionally used as a hunting ground by First Nations people. European settlers arrived in the early 1840s. Stolen data (67GB): financial documents, plans, departments, confidential data”
‼️ NOTICE ‼️
We are investigating a cyber security incident that locked our internal server & encrypted our data.
We are working with experts to investigate the source, restore our back up data and assess the impacts on our information, if any.
More: https://t.co/cdaQdwX8Au pic.twitter.com/IUcetvph2l
— St. Marys, Ontario (@townofstmarys) July 22, 2022
In a telephone interview, the Mayor of St. Marys Al Strathdee told The Verge that the city is now responding to the attack with the help of a team of experts.
"To be honest, we were a bit in shock," Strathdee told The Verge. "It's not a good feeling to be targeted, but the experts we hired have identified what the threat is and guided us on how to respond. The police are interested and have dedicated resources to this case...there are people here working on it 24/7.”
Strathdee said that after the system was locked down, the city had received a ransom request from the LockBit ransomware gang but had not paid anything to date. "In general, the Canadian government's cybersecurity guidelines prohibit the payment of ransoms," Strathdee said, but the city will follow the incident team's advice on how to get further involved.
The screenshot shared on the LockBit website shows the file structure of the Windows operating system, which contains directories related to city operations such as finance, health and safety, sewage treatment, property files, and public works. According to LockBit's standard operating methods, cities are given a deadline to either pay to have their systems unlocked or view data published online.
Brett O'Reilly, communications manager for the city of St. Marys, directing The Verge to a press statement issued by St. Marys where the city is giving more details.
According to the statement, critical city services such as transit and water systems were not affected by the incident, and the city is working to unlock IT systems and restore backup data.
According to an analysis by Recorded Future, the LockBit group alone masterminded at least 50 ransomware incidents in June 2022. This makes it the most prolific global ransomware group. In fact, St. Marys is the second small town LockBit has targeted in more than a week.
On July 14, LockBit registered data from the city of Frederick, in Colorado with a population of 15.000, also having been hacked, a claim that is currently being investigated by city officials. LockBit's listing for Frederick is currently demanding a $200.000 ransom for them not to publish the data.
More and more small towns are being targeted by sophisticated global ransomware groups with extensive technical knowledge and resources. In March, the FBI's cyber division published a notice to private industry partners of government agencies, noting that ransomware attacks had "put pressure on local US governments and public services."
The English, Chinese, Japanese, Arabic, French, and Spanish versions are automatically generated by the system. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)