cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Notorious ransomware gang extorts small Canadian town

The LockBit gang has blocked the IT infrastructure of a small Canadian town, leaving the town to function on critical municipal services like transit, water, fire and police facilities which were unaffected.

user iconReporter
Tue, 26 Jul 2022
Notorious ransomware gang extorts small Canadian town
expand image

The LockBit hacker group has attacked last week the small Canadian town of St Marys in Ontario which has 7,500 inhabitants. LockBit disclosed the hack on their dark website and revealed information about hacking the township's official website on 22 July along with posting some of the copied and encrypted files as confirmation.

Speaking with local media, Al Strathdee, mayor of the town of St Marys, confirmed that the mayor's office received a ransom note from LockBit after the hacking gang locked a number of the town's systems.

"The Canadian government does not agree to paying ransomware to ransomware, but St Mary's has delegated the final decision to the working group on the incident," Strathdee told reporters in a phone interview.


"The money has not yet been paid."

"The city government turned to a group of experts to solve the problem, who identified the cause and drew up a plan for further action," Strathdee added.

The LockBit website appears to be hosting screenshots of folders corresponding to city authorities' areas of activity which include finance, health and safety, wastewater treatment, property data, and public works.

According to a Global News Canada report, St Marys officials first became aware of the attack around 11am on Wednesday, 20 July, according to Strathdee, which led to the lockdown of the town's IT systems and isolate its network to prevent any further damage.

"Since that time, we realised that it is a malware attack.

"There was a message asking for ransom," Strathdee said.

Specialists hired by the city are attempting to restore corrupted data from backup.

LockBit hackers claimed responsibility for 50 ransomware incidents and last month it had reportedly launched LockBit 3.0, according to TrendMicro after two months of beta testing.

According to TrendMicro, Twitter user @WhichbufferArda found a sample of the LockBit 3.0 ransomware version.

"The malware uses anti-analysis techniques to hide itself and does not execute without a password like BlackCat.

"It also contains a command-line argument feature," Twitter user @WhichbufferArda wrote.

The small town of St Marys has become the second city to be held hostage by cyber criminals in just over two weeks. Frederick in Colorado USA, with a population 15,000, disclosed that it had been hit by a cyber similar ransomware attack on Thursday, 14 July on its website. The town is working with the police and FBI to investigate and help rectify the situation.

[Related: Surging scam losses prompt ACCC to push banks to act]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.