New Brunswick

Cleanup from Saint John cyberattack could last months, says cyber security expert

A cyberattack on a municipality never comes at a good time, but a cyber security expert says the attack on Saint John's internet infrastructure comes at a particularly bad time.

'If they can get it ... running in a normal capacity in the next couple of months, I'll be amazed'

Saint John announced Sunday that it was victim of a 'significant' cyber attack. (Martchan/Shutterstock)

A cyberattack on a municipality never comes at a good time, but a cyber security expert says the attack on Saint John's internet infrastructure comes at a particularly bad time.

On Sunday, the city announced there'd been a "significant" cyberattack, which forced it to shut down several online services, including payment systems, email and the city's website.

David Shipley, the CEO of Beauceron Security, a New Brunswick-based cybersecurity firm, said the city has a long road ahead of it after the cyberattack, one complicated by the COVID-19 pandemic.

"You've got to figure out in a pandemic how you're going to be able to check all these computers and thoroughly assess if they're safe to go back on the network," Shipley said Monday.

"With a sophisticated attack, and this looks to be among the ranks of very sophisticated attacks, you're going to have to almost completely reset everything in order to be sure that the system you're rebuilding from the ground up is trustworthy."

The city has advised people who may have used its online services to check their bank accounts and credit cards for suspicious activity.

Russian origins suspected

While there has been no official word on who may be behind the attack, Shipley said the modus operandi of the attacks fits similar attacks caused by groups connected to Russian organized crime.

This includes groups using a type of the ransomware, Ryuk, which Shipley said is responsible for 30 per cent of similar attacks in recent months.

He said the Saint John cyberattack is the first major one on a New Brunswick municipality, but there have been others in Canada.

It is unclear whether the Saint John problem falls under the category of a ransomware attack, in which the group or person doing the attacking asks for money to restore the system.

Cleanup of the Saint John attack will involved checking all computers and thoroughly assessing whether they're safe to go back on the network, David Shipley, the CEO Beauceron Security, a New Brunswick-based cybersecurity firm. (Jonathan Collicott/CBC)

"Ransomware has been an issue," said Shipley.

"We saw three Ontario cities in 2019 go down to it. To my knowledge, Saint John may be the largest Canadian city to go down to ransomware attack, but we've seen far larger cities, like Atlanta, go down to sophisticated attacks similar in nature to this."

Shipley said this is becoming a growing problem. Some cities and organizations are choosing to pay the ransom, while others refuse.

To pay, or not to pay

While paying a ransom may quickly solve the immediate access issue, it raises several concerns.

"Number one, you don't know if you actually pay it [if] it'll work," said Shipley.

"Number two, these criminal groups will recycle that money … it's problematic because you're fuelling that organized crime. And third, many of these groups are under U.S. sanctions, and so paying ransoms may trigger certain unhealthy international relations between Canada and the U.S."

Shipley said the Saint John attack is the first major cyber attack on a New Brunswick municipality, but there have been others in Canada. In the U.S., Atlanta is among the cities attacked and spent months recovering. (Shutterstock / vchal)

Shipley said regardless of the specifics of the attack, the cleanup for the city will last weeks if not months.

"If they can get it up, back up and running in a normal capacity in the next couple of months, I'll be amazed," he said.

"I mean, we look at Atlanta. It took them from March to June to get everything back up and running."

With files from Information Morning Saint John

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

now