The City of Stratford has released new details about April’s ransomware attack.
They say staff first noticed issues on April 14, when several crucial servers became “unresponsive and unavailable.”
The attacker had installed malware into six of the city’s physical servers as well as two of their virtual servers, and then encrypted all systems so staff members could not access any information.
The city says it immediately disconnected its servers from the internet and all computers, laptops and printers were unplugged from the network to prevent further issues.
Stratford then enlisted the help of Deloitte Canada who began forensically gathering evidence, including any anomalies, malicious activities or any other unauthorized access.
Their efforts, however, were limited due to the encryption of those critical servers.
The city says they began negotiating with the attacker on April 17.
They demanded a total of 10 Bitcoins which at the time were each valued at $7,509.13.
The city’s total payout was $75,091.30.
A few days later, on April 25, decryption keys were received from the attacker.
No significant data was compromised.
“Deloitte did not identify any evidence of loss, access or disclosure of Personally Identifiable Information in relation to the ransomware incident,” said Kevvie Fowler, the Global Incident Response Leader for the auditing firm.
All city operations returned to normal two weeks later, though Deloitte continued to monitor servers until May 31.
Stratford has cyber insurance in place, with a deductible of $15,000, for all costs it incurred as a result of the attack.
The city says Stratford Police and the OPP Cyber Crime Unit are continuing to investigate the incident.
