Inside Saint John's response to a 'devastating' cyberattack
CBC
It was Nov. 26, 2020, and the municipal computer network in Saint John, N.B. had been dark for almost two weeks — taking down the city's website, costing the city thousands of hours in lost work and affecting its emergency dispatch system.
It was the work of cybercriminals who unleashed a ransomware attack that forced the city to disconnect itself from the rest of the online world. Saint John hired a Toronto-based company to navigate negotiations with them.
But the criminals weren't very communicative.
"Wanted to update you to let you know that the Ryuk Threat Actors have not reached out since they decrypted the sample files, on November 20th," Jason Kotler, president and CEO of a company called CYPFER (Cyber Security, Payment Facilitators, Emergency Response), wrote in an email to city lawyers and outside counsel on Nov. 26.
"Ryuk is patient and will likely not respond until we reach out again. We might hear from them within the week. Nonetheless, we will continue to monitor."
The city hasn't said much publicly about its response to the cyberattack, the after-effects of which are still affecting some of its operations a year later. More than 160 pages of records that offer a peek inside the chaos that ensued after the attack, but the documents were only turned over after CBC News filed an access-to-information complaint.
The city ultimately decided not to pay a ransom, estimated by one councillor at between $17 million and $20 million worth of Bitcoin, and instead opted to rebuild its network from scratch.
It was a decision that would have serious consequences for the citizens of the foggy Atlantic port city.
Saint John's experience may offer lessons for Newfoundland and Labrador, which has been hit with a cyberattack that has wreaked havoc, cancelling medical procedures and cancer treatments.
While officials in that province have released few details about how its attack happened, last week it confirmed both employee and patient data was stolen.
More than a year has passed, but the city still hasn't fully recovered from what Saint John Mayor Donna Reardon described as "a devastating attack."
As of this summer, employees in city offices still couldn't print, Reardon said, though that functionality has now returned.
That was perhaps a more benign issue compared to the city police force's struggle: it couldn't generate statistics on crime occurrences, such as the number of mental health crisis calls, nor access some police reports.
"It's taken a long time to get things back up and running, to unlock all of their tools," Reardon said.