Months after suffering a debilitating cyberattack, the city of Stratford has finally released more details regarding the incident, revealing that it paid a ransom to free its data from encryption.
The attack was first detected on April 14, when servers became “unresponsive and unavailable,” the southwestern Ontario city said in a statement. Malware had been installed into six of the city’s physical servers, as well as two of its virtual servers. The ransomware encrypted the affected systems, locking city staff members from accessing their data.
Upon discovering the attack, Stratford staff immediately disconnected its servers from the internet, as well as any computers, laptops and printers on its network. Staff then tapped Deloitte Canada to investigate the attack, by gathering evidence on anomalies, malicious activities, or other unauthorized access.
CTV News reported that efforts to discern the nature of the attack were limited at best, due to the encryption of critical servers.
In its latest statement, Stratford said that it began negotiating with the cyberattacker on April 17. The culprits demanded 10 Bitcoins, which at the time were each valued at $7,509.13. Ultimately, the city ended up paying $75,091.30 in total.
The attacker made good on their words, and actually sent decryption keys to city staff on April 25. The city offered assurances that no significant data had been compromised due to the attack.
“Deloitte did not identify any evidence of loss, access or disclosure of Personally Identifiable Information in relation to the ransomware incident,” said Deloitte Canada global incident response leader Kevvie Fowler.
Stratford’s city operations were fully restored two weeks later after getting the keys, but Deloitte continued to keep a close eye on the servers until May 31. City staff noted that local police and the OPP Cyber Crime Unit are still on the case.
CTV News found that Stratford has cyber insurance, with a $15,000 deductible, which covered all the costs incurred due to the attack.