A small Canadian town is being extorted by a global ransomware gang


The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.

The small town of around 7,500 residents seems to be the latest target of the notorious LockBit ransomware group. On July 22nd, a post on LockBit’s dark web site listed townofstmarys.com as a victim of the ransomware and previewed files that had been stolen and encrypted.

Screenshot taken from a ransomware group’s website. Text reads: “The Town of St. Marys is located at the junction of the Thames River and Trout Creek, southwest of Stratford in southwestern Ontario. Rich in natural resources, namely the Thames River, the land that now makes up St. Marys was traditionally used as hunting grounds by First Nations peoples. European settlers arrived in the early 1840s. Stolen data (67GB): financial documents, plans, department, confidential data”

LockBit ransom listing for the Town of St. Marys

In a phone call, St. Marys Mayor Al Strathdee told The Verge that the town was responding to the attack with the help of a team of experts.

“To be honest, we’re in somewhat of a state of shock,” Strathdee said. “It’s not a good feeling to be targeted, but the experts we’ve hired have identified what the threat is and are walking us through how to respond. Police are interested and have dedicated resources to the case … there are people here working on it 24/7.”

Strathdee said that after systems were locked, the town had received a ransom demand from the LockBit ransomware gang but had not paid anything to date. In general, the Canadian government’s cybersecurity guidance discouraged the paying of ransoms, Strathdee said, but the town would follow the incident team’s advice on how to engage further.

Screenshots shared on the LockBit site show the file structure of a Windows operating system, containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Per LockBit’s standard operating methods, the town was given a deadline by which to pay to have their systems unlocked or else see the data published online.

Brett O’Reilly, communications manager for the town of St. Marys, directed The Verge to a press statement issued by St. Marys in which the town gave further details. Per the statement, essential municipal services like transit and water systems have been unaffected by the incident, and the town is attempting to unlock IT systems and restore backup data.

According to an analysis by Recorded…

Source…