Northern Ontario police force recovering from ransomware attack

A Northern Ontario police force is still trying to recover from a ransomware attack last week.

Sault Ste. Marie, Ont., police put out a statement today saying its 911 service was not affected, nor was its online reporting system for less urgent crimes. “At no time was our ability to respond to calls for service compromised,” the statement said.

However, the force’s email service isn’t available. It has not said whether its police dispatch or records systems were impacted.

The statement said the force became aware of the ransomware attack on Thursday, August 26th, and added, “Information Technology staff are working through the attack to regain access to affected systems.”

Government departments and services such as police forces are considered by some attackers to be prime targets on the assumption they are more likely to pay a ransom because they provide critical infrastructure services.

Earlier this year those behind the ransomware attack on the Washington, D.C. police force threatened to release copied personal data on police officers and informants unless a US$4 million ransom was paid. The department offered $100,000, which was reportedly refused. After that extensive profiles of 22 officers including their Social Security numbers and dates of birth were published, possibly putting them at risk.

Ransomware gangs operate at two levels: Some are wholly-contained operations, while others run ransomware-as-a-service (RaaS)operations, where affiliate members actually do the targeting and hacking. Some cybersecurity vendors report RaaS gangs have lately become nervous as their affiliates target high-profile targets — such as hospitals and pipelines — which are more likely to attract hostile public reaction and combined attention of law enforcement.

For example, after attacking the U.S. Colonial Pipeline — which resulted in the pipeline being temporarily shut down and creating long lines at East Coast gas stations — the web servers of the Darkside ransomware group were seized, as well as its payment server. It is assumed the U.S. had something to do with that.

Subsequently the Darkside group apparently re-emerged calling itself BlackMatter. It listed a number of…