City of Saint John Ransomware Attack
With over two weeks passing since the City of Saint John was forced to shut down its online systems due to a ransomware attack, city officials are refusing to share details about how the attack happened, which systems and data were targeted, and what the city is planning to do in response.
On Monday, November 30th, city manager John Collin commented on the lack of detail saying the city “will not provide details that inform the criminals who attacked us on their effectiveness or lack thereof." He continued to explain that the city had taken its network offline on November 13th as to isolate it and then contain and eradicate the virus.
Collins added that the city will provide information that is important to the community which includes impact to services and whether any private data was compromised, assuring that no leaks have been confirmed yet and that the network will not be activated till they are certain that it is safe to do so.
Ali Dehghantanha, a cybersecurity expert at the University of Guelph, believes that it’s likely the attackers know what information they’re holding hostage and thus the release of more information about the attack would not tip them off.
Dehghantanha said there’s a benefit in telling the public what information could be leaked as not only could help be offered by the cybersecurity community but also the affected people can make note to change passwords and take other recommended precautions.
Because of the network shutdown, city website, some phone lines, email, and online payments are not working. It's not clear whether some or all these services are offline because the city shut down its network or because they were directly affected by the attack.