Professor Florian Kerschbaum comments on City of Stratford’s ransomware attack

Monday, September 23, 2019

On April 14, 2019, hackers targeted Stratford City Hall with a ransomware attack, which led to several crucial servers becoming unresponsive and unavailable. The attacker had installed malware on six of the city’s physical servers and on two virtual servers, then encrypted all systems so staff could not access information. The attack affected the city’s email system and online forms.

Stratford officials reported that they immediately disconnected servers from the Internet, and all computers, laptops and printers were unplugged from the network to prevent further issues. Stratford enlisted the help of Deloitte Canada, which began gathering forensic evidence, including any anomalies, malicious activities and any other unauthorized access. These efforts, however, were limited because the attack had encrypted the data on the servers.

In response, the City of Stratford paid the attacker 10 Bitcoins — an amount equal to more than $75,000 Cdn — in exchange for decryption keys to unlock its information systems.

Florian Kerschbaum, a Professor at the Cheriton School of Computer Science and the Executive Director of the University of Waterloo’s Cybersecurity and Privacy Institute, was interviewed by CTV News Kitchener on September 20, 2019 about the ransomware attack.

Such attacks are astonishingly common because the ransom for the decryption key is typically set a price that is lower than the cost to restore the data through back-ups, Professor Kerschbaum noted in the interview, adding that organizations can help protect themseves by having methods in place to restore data and networks quickly.