The cleanup from the Saint John cyber attack could take months, says the cybersecurity expert



[ad_1]

A cyber attack on a municipality never comes at a good time, but a cybersecurity expert says the attack on Saint John’s Internet infrastructure comes at a particularly difficult time.

On Sunday, the city announced that there had been a “significant” cyber attack, which forced it to shut down several online services, including payment systems, e-mail and the city’s website.

David Shipley, CEO of Beauceron Security, a New Brunswick-based cybersecurity firm, said the city has a long way to go after the cyber attack, complicated by the COVID-19 pandemic.

“In a pandemic you have to figure out how you will be able to control all these computers and thoroughly assess whether they are safe to return to the network,” Shipley said Monday.

“With a sophisticated attack, and this appears to be in the ranks of very sophisticated attacks, you’ll have to reset almost everything to make sure the system you’re rebuilding from scratch is reliable.”

The city has advised people who may have used its online services to check their bank accounts and credit cards for suspicious activity.

Suspected Russian origins

While there has been no official news on who might be behind the attack, Shipley said the modus operandi of the attacks fits similar attacks caused by Russian organized crime groups.

This includes groups using one type of ransomware, Ryuk, which Shipley says is responsible for 30% of similar attacks in recent months.

He said the Saint John cyberattack is the first major one in a New Brunswick town, but there have been others in Canada.

It is unclear whether the Saint John problem falls into the category of a ransomware attack, in which the attacking group or person asks for money to restore the system.

The cleanup of the attack on Saint John will involve checking all computers and thoroughly evaluating the possibility of returning to the network safely, David Shipley, CEO Beauceron Security, a New Brunswick-based cybersecurity firm. (Jonathan Collicott / CBC)

“The ransomware was a problem,” Shipley said.

“We saw three Ontario cities in 2019. As far as I know, Saint John may be the largest Canadian city to suffer from ransomware attacks, but we’ve seen much larger cities, like Atlanta, suffer sophisticated attacks similar in nature to this one. “

Shipley said this is becoming a growing problem. Some cities and organizations choose to pay the ransom, while others refuse.

To pay or not to pay

While paying a ransom can quickly solve the problem of instant access, it raises several concerns.

“Number one, you don’t know if you really pay for it [if] it will work, ”Shipley said.

“Number two, these criminal groups are going to launder that money … it’s problematic because you’re fueling organized crime. And third, many of these groups are subject to US sanctions, and so paying ransoms could trigger some unhealthy international relations between Canada and United States. “

Shipley said the attack on Saint John is the first major cyberattack on a town in New Brunswick, but there have been others in Canada. (Shutterstock / vchal)

Shipley said regardless of the specifics of the attack, the cleanup of the city would last weeks if not months.

“If they can get it back up, restore it and get it to work normally in the next couple of months, I’ll be amazed,” he said.

“I mean, let’s look at Atlanta. It took from March to June to get everything right.”

[ad_2]
Source link