Saint John network will continue to be offline until 2021 after cyberattack
City manager says holiday break needed for people working on getting network back up
The holiday break means Saint John's network, including online payments, won't be back until at least January of next year after a ransomware attack caused the city to shut down its systems.
City manager John Collin told council Monday night the city is continuing its efforts to return all IT services but won't reconnect networks to the public until "it's safe to do so."
He said the city can afford to take its time, since all services except "some online payments" continue to be delivered.
"There are some that are using manual methods to deliver services such as building permits, but all services are being delivered," he said. "We should not be — and we are not — in a hurry to rejoin, and we'll take the time that is necessary."
A ransomware attack on Nov. 13 forced the city to take its network offline.
Because of the attack the city's website is still down. Some departmental phone lines and email to most city hall employees were also affected. Residents can't pay tickets online, nor pay for parking electronically unless they use the third-party HotSpot app. Cash payments are still available, including at parking meters.
Residents can also pay their Saint John Water bills at their bank, through pre-authorized payments, or in-person by cheque or cash at the customer service centre on the first floor of City Hall.
Collin said a "well-deserved rest" is needed for people working on getting the network back up, which means residents won't see a change until "later on in January."
Collin said earlier that the city has not confirmed any personal data leaks, but it hasn't made a final determination on that. Residents are advised to watch for any irregular activity on their bank accounts and credit card statements in the meantime.
He also said because of the nature of the attack the city can't share any details about what happened. The city still has not said how the attack happened, which systems were targeted, what information was possibly compromised or what exactly it's doing to respond.