Durham Region Government Gets Pwned By Ransomware

News has service that the Durham Region Government has been pwned by ransomware. IT World Canada got wind of this and when they asked Durham Region about the pwnage, they got this response:

A statement from the region’s communications department says they’ve contacted the “relevant authorities and regulators.”

“Our IT teams, working with the service provider, took immediate steps to secure our systems. The incident did not impact the Region’s core IT systems.

“Our experts are now investigating the matter to determine the information that may be involved and the impact of this incident. It is important to note that the vulnerability related to the service provider has been addressed and our systems have been secured.

“We are committed to protecting the privacy of all residents and we are taking this matter very seriously. We are sorry for the inconvenience this may cause affected parties.

This isn’t good for anyone as the damage is likely worse than they’re letting on. David Masson, Director of Enterprise Security, Darktrace had this to say:

Once again, we have seen threat actors attack regional government in Canada. In this instance, attackers struck by exploiting third-party software as a means of entry, exposing a fundamental weakness of even the most secure organizations – the supply chain. 

What this recent attack drives home is the critical need for an approach to security that stops threats even once they have penetrated the perimeter. Double threat ransomware – where data is not only encrypted, but also stolen – seems to have been used, and on this occasion the data has been exposed on the web. The adversaries behind the attack had likely been lurking in the Municipality of Durham’s systems – undetected – for some time, able to move laterally and search for sensitive data. While individuals could be hurt by data exposure, affected organizations are also likely to experience reputational damage.

With ransomware attacks ramping up, all organizations have to accept that they can no longer rely on perimeter-based tools to prevent threats, nor can they rely on their own supply chain. Organizations need solutions that can respond to threats even once they have made their way inside a digital infrastructure, which is why many Canadian organizations are leaning on self-learning AI, which is able to detect even the most subtle indicators of attack and has the ability to autonomously respond to threatening activity in real time – before the damage is done.

I know I keep saying this, but I hope this spurs companies to up their cybersecurity game to stop this sort of thing from happening as the effects are far reaching and painful.

Leave a Reply

%d bloggers like this: