According to the Quebec News Service, a city in the Montreal area was hit by ransomware over the weekend.
La Presse reported this morning Westmount City Mayor Christina Smith confirmed the attack. Westmount is a municipality of approximately 21,000 people within Montreal.
The LockBit ransomware gang has claimed credit, saying it copied 14 TB of data and will release it in two weeks unless a ransom is paid. The city’s website was not affected by the attack.
LockBit’s claim shouldn’t be considered accurate, cautioned Brett Callow, a British-Columbia-based threat analyst for Emsisoft — at least, not with respect to the 14TB being deprecated. “He has exaggerated in the past, and may do so again,” he said in an email.
According to La Presse, the attack was noticed on Sunday morning by a city employee who noticed a computer problem.
La Presse quoted Claude Valléres, the city’s head of IT, as saying, “We know we have encrypted servers, but we don’t know who attacked us. We are still investigating the infected servers, but We have no communication with anyone…”
according to Recently released National Cyber Threat Assessment From the federal government’s Canadian Center for Cyber Security, ransomware is almost certainly the most disruptive form of cybercrime Canadians face. “As long as ransomware remains profitable, we will almost certainly continue to see cybercriminals deploy it,” the report said in part.
Exactly a year ago the Center released the ransomware playbook With details on how to prevent and recover from a ransomware attack. “Single mitigation measures are not strong enough to deal with the growing threat of ransomware. Your organization needs to protect its devices, systems and networks from not only ransomware, but also other types of malware and cyber attacks, with layers of defense in depth (multi-layer ) strategy should be adopted. Your strategy should include multiple layers of defense with multiple mitigation measures or security controls at each layer.
The playbook advises organizations to take the following steps:
1- Create a backup plan, which includes preventing backups from getting corrupted;
2- Create an incident response plan, and practice the plan;
3-Create a recovery plan, starting with an inventory of all hardware and software;
4-Manage all user and administrator accounts to ensure that employees are not using unsafe passwords, and that only those who need it have access to sensitive data. hardened account login with multifactor authentication;
5-Have a cyber security awareness program that regularly reminds employees how to stay safe and recognize cyber threats;
6-Implement cybersecurity controls, including creating an application-allow list to control who or what is allowed access to your network and systems, a robust application patching process, and email domain protection;
7-Segment the IT network to ensure sensitive and high-value information belongs in a separate area of your network
8-Secure systems that are connected to or exposed to the Internet with encryption, firewalls, MFA, and frequent vulnerability assessments.