The town of St. Mary, Ontario, Canada, was attacked by blackmail software, and employees were unable to enter the internal system and encrypt data. This small town of about 7500 residents seems to be the latest target of the notorious lock and ransom software group. On July 22, a post on Lockerbie’s dark website listed Mary town.
Com became a victim of blackmail software and previewed stolen and encrypted files. In a phone call, Al strathdee, mayor of St. Mary, told reporters that the town responded to the attack with the help of a team of experts. Strasdy said, “to be honest, we are in a state of shock to some extent.”. “It’s not a good feeling to be locked, but the experts we hired have determined what the threat is and are guiding us on how to deal with it. The police are interested in it and have invested special resources in this case … Someone here works around the clock.”.
Strathdee said that after the system was locked, the town received a blackmail request from the lockbit blackmail software Gang, but so far no payment has been made. Strathdee said that in general, the Canadian government’s cyber security guidance does not encourage the payment of ransom, but the town will follow the recommendations of the incident team on how to further participate. Screenshots shared on the lockbit website show the file structure of the windows operating system, including directories corresponding to municipal operations such as finance, health and safety, sewage treatment, property files, and public works.
According to the standard operation method of lockbit, the town has a deadline for the unlocking fee of the payment system, otherwise the data will be published online. Brett O’Reilly, communications manager and director of St. Mary’s technology blog, made a statement to the press, in which the town provided more details.
According to the statement, basic municipal services such as transportation and water supply systems were not affected by the incident, and the town is trying to unlock the IT system and restore backup data. According to records, in June 2022, lockbit group alone won awards for 50 ransomware incidents, becoming the group with the largest number of ransomware in the world.
In fact, Saint Mary is the second town that lockbit has targeted in more than a week: on July 14, lockbit listed data from Frederick, Colorado (population 15000) as having been hacked, and town officials are currently investigating this claim. Frederick’s password list currently requires a ransom of $200000 to keep the data secret.
More and more small cities find themselves the target of complex global blackmail software groups with extensive technical knowledge and resources. In March, the FBI Network Department issued a notice to private industry partners of government agencies, pointing out that blackmail software attacks “have put pressure on local governments and public services in the United States”
Looking back at previous data leakage incidents, we can see that data leakage has a significant impact on enterprises, resulting in regulatory pressure, financial loss, brand reputation damage, user loss, and so on. For example, the Facebook data leakage event resulted in an instantaneous evaporation of market value, as well as a massive $5 billion fine, resulting in massive data leakage costs. Business continuity is important for all types of enterprises including SMBs.
This event could be caused by a number of factors, including intentional disclosure by operators or technicians, incorrect system permissions configuration, or hackers’ use of external API interfaces. However, due to the company’s lack of security maturity at the time, it was unable to perceive risks and trace the source, so it was very passive, despite being acutely aware of the need to catch bad actors in data security. You can also easily build an offsite disaster recovery (DR) center with Vinchin Backup & Recovery by duplicating XenServer backups at the primary site to a remote site or external storage.