HAMILTON, Ont. – It’s been over two weeks since the City of Hamilton was hit with a ransomware attack, shutting down dozens of city services and bringing council to a halt.
From the public library to bus schedules to all city phone lines and emails, the outage has impacted daily life across the city. Ward 15 Coun. Ted McMeekin said he has been working harder than ever since systems went offline. His daily routine now includes waking up early to go through emails on his phone, and having the majority of his meetings in person.
"It's slowing everything down," he said. "We've got a lot of experts involved to try help us sort this out and we're making progress, but it's slow."
Cybersecurity analyst and lawyer Ritesh Kotak says attacks like these are likely more common than we know and are becoming more frequent.
“We’re hearing about these more often. More businesses coast to coast are being victimized,” he said.
Kotak said he doesn’t know specifics about the ransomware attack, but said one way it could have started was with an email containing malware sent to a city email address.
Malware, he said, stands for malicious software.
“Depending on the sophistication and how interconnected the network is, it can jump from device to device, platform to platform, throughout the network, further infecting, encrypting and shutting down different systems that it is able to gain access to,” he said.
Ransomware is a form of a computer virus used by cybercriminals to take control of files or devices to extort ransom money, according to the government of Canada’s website.
City Manager Marnie Cluckie told reporters in early March that the city has not paid a ransom to the hackers.
City likely facing steep bill
But even without paying the ransom, the city could be footing a heavy bill from the outage.
“Getting them back online is extremely expensive and time consuming. You have to actually replace software, you may need to reconstruct or restore data,” Kotak said.
The city said it was unable to share how much the ransomware attack has cost it.
Kotak explained that the city’s decision to shut down services that might have been included in the attack is essential to keeping it from spreading.
“Step one is you shut everything down so you can investigate and, I call it, ‘stop the bleeding,'” he said.
Kotak said the city’s next steps will likely be to focus on prevention and detection. He said when there is a fire in the real world, there are smoke detectors, sprinkler systems, extinguishers and fire drills — when it comes to digital safety, he said, the response should be “at that same level.”
“Cyber and physical have now converged into one world and we’re living in this new, hybrid society,” he said.
