Elain Brown Culture 07.22.2022 21:Jul PM EDT

St. Marys, a Small Town in Canada, Has Been Hit by a Ransomware Attack

Canada's St. Marys became the target of LockBit ransomware.

A small town in Ontario, Canada, called St. Marys, a town with around 7,500 residents, seems to be the latest target of the notorious LockBit ransomware group.

It was on Wednesday that the town officials first noticed the attack on their systems. As a result, staff members were prompted to lock down the town's information technology systems and isolate its network in order to prevent any more harm.

The security breach locked and encrypted the internal server of the town. After the incident, a group of malicious actors threatened to publish a large amount of data that was said to belong to the municipality onto the dark web.

As of today, July 22, the ransomware group has listed the stolen data on the dark web titled "townofstmarys.com" and provided a glimpse of the files that have been taken and encrypted.

St. Marys, Ransomware

St.Marys Mayor, Al Strathdee, talked with The Verge and stated they are in a state of shock.

Strathdee said, "It's not a good feeling to be targeted, but the experts we've hired have identified what the threat is and are walking us through how to respond."

He added by saying that the police are looking into it, and they have allocated resources specifically to it. There are personnel in this location working on it around the clock.

Strathdee also stated that the town had gotten a ransom demand from the LockBit ransomware group after the systems were locked, but that the town had not paid anything to date to meet the demands.

The Mayor detailed that they first thought of it as a malware attack. However, the request for money came and it was then evident that it was a ransomware attack.

St. Marys is working with a team of experts to help them deal with the attack and also to help them strengthen their network to ensure that attacks like this do not happen again.

Fortunately, some of the town's operations have resumed.

In addition, the town has the assistance of the Ontario Provincial Police (OPP), as well as legal counsel to guide them through the next steps to take.

Strathdee stated that the cybersecurity recommendations provided by the Canadian government prohibited the practice of paying ransoms, but the town will follow its team's professional advice.

LockBit Ransomware

Screenshots provided on the LockBit website reveal the file structure of the Windows operating system. The hacked data contained the town's public works, sewage treatment, finance, property files, and health and safety.

According to Global News, St. Marys spokesperson, Brett O'Reilly, confirmed that the cyberattack was caused by the notorious ransomware gang LockBit.

The organization claimed on its dark web website that it had stolen 67 gigabytes of files from St. Marys, including private data and financial information.

The town was given a deadline to pay to have their systems unlocked or else have the data released publicly, according to LockBit's standard operating procedures.

The town had until the afternoon of July 30 to pay the ransom, or the data would be publicized, a strategy known as "double extortion," according to a countdown meter on the post, although there is no information about the amount of money that the group is asking for.