Municipal office of Wasaga Beach, a town situated at the southern end of Ontario, suffered a ransomware attack this April. The IT division of the town administration couldn’t pull off ransomware removal on their own. In the end, the town administration paid three Bitcoins to the attackers for the decryption after extensive negotiations, who initially asked for eleven Bitcoins as extortion money for ransomware removal.
The consultancy firm assessing the incident has reached to the conclusion that the town’s IT department was not equipped with the required expertise to deal with the complex cryptovirological foundation of the ransomware strain used by the attackers. Therefore, in hindsight, the decision to pay extortion money to the attackers for the restoration of locked down files was not outright wrong.
An extended delay and spiraling recovery cost
Following the Wasaga Beach attack, the digital arm of town’s municipal office remained non-operational for several weeks. Initially, the administration couldn’t take hold of what happened due to the unprecedented nature of the attack. Before this incident, the town municipal office hadn’t experienced any cyber attack, let alone a cryptovirological one.
After getting out of the initial shock, the administration couldn’t find what approach to take in dealing with the attack. IT expertise at the disposal of town officials couldn’t neutralize the attack. On the other hand, the route of ransom payment was also thorny. It took a lot of time to negotiate with the attackers on the ransom payment.
The town administration has estimated that incurred downtime, installation of new hardware, and third-party consultancy cost has topped $250,000. It is important to note money paid to the attackers for ransomware removal is not included in this amount. The IT department has also estimated an additional cost of $50,000-60,000 to get the digital system of the town fully on track.