A cyberattack crippled the IT infrastructure of the City of Saint John

Officials confirm that the city of Saint John was hit by a massive cyberattack that has crippled the entire IT municipal infrastructure.

The city of Saint John, Canada, was hit by a massive cyberattack that has crippled the entire IT municipal infrastructure, the incident was publicly disclosed on November 15.

The cyberattack caused the shut down of the entire municipal network, including the city website, online payment systems, email and customer service applications.

The City of Saint John is working with federal and provincial authorities to recover from the cyberattack.

Experts believe that the attack was carried out by a ransomware gang, it has been estimated that the city may take a couple of weeks to fully recover its operations.

“… It is a cyber security ‘best-practice’ to not publicly provide details that could further compromise the City’s position, including information on the effectiveness of the attack, the systems affected, and success of our containment efforts.” reads the statement published by the City. “Providing this level of detail would be beneficial to the attacker as they could attempt further attacks; it would also provide valuable information to potential copycat hackers; and could compromise investigative efforts,”

City manager John Collin confirmed that there’s no evidence that hackers have stolen personal information.

“As of today, we do not have any indication that personal information was accessed or transferred. Determining this is a priority for us. When we know more, we will notify the community immediately.” said Collin.

Collin confirmed that “critical city functions” are still operational, including transit, water and waste-water treatment services.

The Saint John Police Force is investigating the cyber attack with the support of the National Cybercrime Coordination Unit and the New Brunswick RCMP Digital Forensics Unit.

At the time it is not clear which is the family of malware that hit the City’s infrastructure, but media speculate the involvement of ransomware.

“There is no timeline yet for the restoration of our services, but it is safe to say that we are looking at weeks, not days,” Collin added without expluding the decision to pay an alleged ransom. “All options to restore our networks are still on the table,”

Unfortunately, ransomware attacks against municipalities are becoming very frequent. Similar attacks hit seen many cities in the US, including the City of Racine, the city of New Orleans, Key Biscayne, Riviera Beach, Lake City, Baltimore, and Palm Springs

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.