The District of Squamish said its IT system was hit with a ransomware attack on February 27.
This was a ransomware attack where the user files are encrypted and held for ransom.
The district said it has not paid any ransom money, and most systems are back up and running with minimal data loss.
A few weeks ago, a local who routinely uses the District of Squamish website noted the GIS map system on the district website was down.
Last Friday, district also announced its email system was temporarily down. A citizen recently wrote to the Squamish Reporter saying that the “Register Online” link on the district’s programs and activities page hadn’t been working for the last three days.
Our sources told us the district website has been a target of a cyber attack.
When we asked about the attack yesterday, the district responded by saying it would issue a news release, which it did today.
In the news release, district said its staff worked quickly to isolate and eradicate the attack, resulting in many systems being shut down as a precaution, including email.
“These types of viruses focus on encrypting data; not on stealing data or personal information. There is no evidence to indicate that the personal information of citizens or employees was compromised,” district said.
The district’s website Squamish.ca was not impacted, though the recreation booking engine Squamishlive was taken offline. Efforts are being made to bring the system back online, district added.
“Like so many government organizations we have become a target for well-funded criminal groups that are insistent upon creating havoc, and we are very thankful that no personal information appears to have been compromised,” says District of Squamish Mayor Karen Elliott.
“Due to the expertise of our staff, the district quickly moved over to manual operations in key areas, ensuring that citizens saw little evidence of the interruption.”
Over the past several months, the district said it has taken steps to improve network security and build up network threat protection following a similar attack in 2019. Additional firewalls, more robust spam protection, greater frequency of backups and overall network security upgrades are just some of the systems that the district has implemented.
The district said it is now fast-tracking a move to cloud-based server hosting with virus protection and backups built in. A new IT role focusing on network security is also being funded in the 2020 budget.
“The security of district systems continues to evolve to minimize losses and ensure protection of data against these very sophisticated attacks, which are an unfortunate reality that we may always be faced with,” continues Elliott.
An in-depth forensic analysis is being undertaken to understand how the attack was perpetrated to improve resilience against future attacks.