The District of North Vancouver says there’s no evidence of residents’ personal data loss, after the municipality’s networks were hit with an attempted ransomware attack earlier this week.
Early Monday morning, the district and its partner agencies were targets of the attack, DNV spokesperson Ryan Schaap told the North Shore News by email. Other organizations affected were North Vancouver Recreation and Culture, North Vancouver District Public Libraries, MONOVA and North Shore Emergency Management.
The attack was detected quickly and stopped shortly after it began, he said.
“Our network, some systems and some business applications were affected on Monday. Fortunately, there was little impact to our public services,” Schaap added.
During a ransomware attack, the victim unintentionally acquires malicious software – often via email – that aims to lock or encrypt data until a ransom payment is made.
Just after noon on Monday, the district posted on social media that “due to technical issues with our IT systems” a planned council workshop later that evening would be postponed to March 18. Another update on Tuesday said there would be a brief outage that evening “to address some technical issues.”
No other public updates were issued on the outage. Following the apparent attack, parts of the district’s website were inaccessible at times.
Schaap said network systems and some business applications were restored quickly by the district’s IT team. “As a result, there were minimal disruptions for staff and for our residents,” he said. "Systems began coming back online Monday morning and by mid-day Tuesday the majority of our systems were restored."
No ransom was paid to the attackers, Schaap added.
An investigation into the attack by cybersecurity consultants is ongoing, he said.
“At this point there is no evidence of employee or resident personal data loss,” Schaap said.
“Like many organizations, we have been working over the last few years to strengthen our resilience to cybersecurity attacks,” he said. “Thanks to the ongoing efforts by district staff, this situation was dealt with quickly, which limited the impacts on the organization and on our municipality as a whole.”
Municipalities huge market for ransomware groups, BCIT cybersecurity instructor says
Roger Gale, program head of industrial network cybersecurity at BCIT, said it appears that the district handled the situation well, without having specific details about what occurred.
“I suspect that there isn't much more to it than what they've said,” Gale explained.
“But because a program was running on their system that wasn't supposed to be run, there's always a possibility that it created a backdoor somewhere. I'm certain that they're looking for anything that would be a sign of that right now,” he said.
A “backdoor” is a piece of malware that could allow an attacker remote access to the system. But the fact that the district’s systems appear to be working a week later is a good sign, Gale said.
Municipalities are a huge market for ransomware groups, he said. “I'm glad to see that they're focusing on responding to cybersecurity events.”
While it’s likely that a small, unprofessional group attacked North Vancouver District, Gale worries about what more sophisticated groups or even foreign governments could achieve with a cyberattack.
“The City of Vancouver told me that they run 27 different industrial systems in there – they've got sewer, water, lights, all these different systems that are used to control things,” he said. “If an attacker really wants to cause damage, if they get into any of these systems that are that are running infrastructure, that would be a big concern for me.”
Update: This article has been updated with comment from Roger Gale, program head of industrial network cybersecurity at BCIT.
