Cleanup from Saint John cyberattack could last months, says cyber security expert
'If they can get it ... running in a normal capacity in the next couple of months, I'll be amazed'
A cyberattack on a municipality never comes at a good time, but a cyber security expert says the attack on Saint John's internet infrastructure comes at a particularly bad time.
On Sunday, the city announced there'd been a "significant" cyberattack, which forced it to shut down several online services, including payment systems, email and the city's website.
David Shipley, the CEO of Beauceron Security, a New Brunswick-based cybersecurity firm, said the city has a long road ahead of it after the cyberattack, one complicated by the COVID-19 pandemic.
"You've got to figure out in a pandemic how you're going to be able to check all these computers and thoroughly assess if they're safe to go back on the network," Shipley said Monday.
"With a sophisticated attack, and this looks to be among the ranks of very sophisticated attacks, you're going to have to almost completely reset everything in order to be sure that the system you're rebuilding from the ground up is trustworthy."
The city has advised people who may have used its online services to check their bank accounts and credit cards for suspicious activity.
Russian origins suspected
While there has been no official word on who may be behind the attack, Shipley said the modus operandi of the attacks fits similar attacks caused by groups connected to Russian organized crime.
This includes groups using a type of the ransomware, Ryuk, which Shipley said is responsible for 30 per cent of similar attacks in recent months.
He said the Saint John cyberattack is the first major one on a New Brunswick municipality, but there have been others in Canada.
It is unclear whether the Saint John problem falls under the category of a ransomware attack, in which the group or person doing the attacking asks for money to restore the system.
"Ransomware has been an issue," said Shipley.
"We saw three Ontario cities in 2019 go down to it. To my knowledge, Saint John may be the largest Canadian city to go down to ransomware attack, but we've seen far larger cities, like Atlanta, go down to sophisticated attacks similar in nature to this."
Shipley said this is becoming a growing problem. Some cities and organizations are choosing to pay the ransom, while others refuse.
To pay, or not to pay
While paying a ransom may quickly solve the immediate access issue, it raises several concerns.
"Number one, you don't know if you actually pay it [if] it'll work," said Shipley.
"Number two, these criminal groups will recycle that money … it's problematic because you're fuelling that organized crime. And third, many of these groups are under U.S. sanctions, and so paying ransoms may trigger certain unhealthy international relations between Canada and the U.S."
Shipley said regardless of the specifics of the attack, the cleanup for the city will last weeks if not months.
"If they can get it up, back up and running in a normal capacity in the next couple of months, I'll be amazed," he said.
"I mean, we look at Atlanta. It took them from March to June to get everything back up and running."
With files from Information Morning Saint John