MONTREAL — On Sept. 10, municipal employees in a region between Montreal and Quebec City arrived at work to discover a threatening message on their computers notifying them they were locked out of all their files.
In order to regain access to its data, the regional municipality of Mekinac was told to deposit eight units of the digital currency Bitcoin into a bank account — roughly equivalent to $65,000.
Mekinac’s IT department eventually negotiated the cyber extortionists down and paid $30,000 in Bitcoin, but not before the region’s servers were disabled for about two weeks.
The attack highlights a glaring weakness in government servers in Quebec, according to Professor Jose Fernandez, a professor and malware expert at the Polytechnique Montreal engineering school.
“Quebec is an embarrassment,” Fernandez said in an interview, adding that he has tried without success to contact government representatives to alert them to the problem.
“There hasn’t been any traction on this issue in the past 15 years,” he said. “I try to speak to (the government) but there is nobody. Who are you going to call? Nobody.”
Fernandez said it is ironic that Quebec is home to a thriving cybersecurity industry and is an emerging hub for artificial-intelligence research, yet the provincial government is “decades” behind other provinces in defending against cyberattacks.
Patrick Harvey, spokesman for the Public Security Department, disputed the claim the provincial government is unprepared for cyberattacks.
He said the Treasury Department has a director of information responsible for ensuring government data is protected. The Public Security Department has a unit dedicated to responding to cyberattacks within the administration and provincial police.
But municipalities are not part of the unit’s mandate. “Municipalities are autonomous entities that are responsible for ensuring the security of their digital infrastructure,” Harvey said.
An employee opened and clicked on a link in a fraudulent email
Mekinac’s servers were compromised after an employee opened and clicked on a link in a fraudulent email sent by the hackers. Thompson said his region had to pay the ransom, because it would have meant months of data re-entry, costing significantly more than $30,000.
So they paid, got their data back and learned a valuable lesson. Here is the whole story with more detail: http://www.canadianinquirer.net/2018/11/18/quebec-is-an-embarrassment-province-urged-to-do-more-on-cybersecurity/
Obviously this ransomware infection could have been prevented. Step your users through new-school security awareness training to keep them on their toes with security top of mind.