Manitoulin Transport, Gore Bay face down ransomware demands

Shutterstock

MANITOULIN – The threat of computer ransomware attacks continues to be present across the globe, including on Manitoulin Island, where trucking juggernaut Manitoulin Transport has recently faced such an attack and other groups are preparing to avoid them in the first place.

“It happens to more companies than we know. You don’t think you’re going to get hit, and then you do,” said Jeff King, president of Manitoulin Transport.

Ransomware is a type of malware (tech-speak for any software that seeks to damage or disrupt a computer system) in which the attackers lock down a user’s computer and demand payment in exchange for opening it up again.

Authorities strongly discourage paying the ransom, both because it can encourage hackers and because there is no guarantee of recovering stolen data. 

If an attacker has locked down a computer without stealing copies of its data, a user can wipe their hard drive and start over, losing all of their files in the process. If that user has made regular backups of their data, they can safely restore all of their information.

If hackers have stolen data and threaten to leak it online, the dilemma becomes more complex. This is more common in institutions and is what happened to the Gore Bay trucking company.

Manitoulin Transport was relatively fortunate in this case. Attackers breached their system on July 30 and when the company elected not to pay to recover their machines, hackers threatened to leak the stolen data.

“We had extensive redundancies in place and we didn’t miss a beat,” said Mr. King.

Executives looked at the information the attackers were about to leak and determined that it was not overly sensitive or critical. The did not pay the attackers and the stolen information appeared online on September 11.

Hackers have been aggressively targeting the transportation sector as of late. Manitoulin Transport is the sixth Canadian shipping company to face ransomware within a month, according to industry news source FreightWaves.

Mr. King did not draw any conclusions from the recent wave, saying all industries were liable to be targeted. His company has increased its vigilance and staff training to avoid future incidents.

The threat extends beyond the supply chain. Ransomware became widely known in Ontario when the town of Wasaga Beach went offline for seven weeks due to a cyberattack in 2018. They ultimately paid the hackers.

Rural municipal governments have come under attack on Manitoulin Island as well. The Town of Gore Bay got hit with ransomware around the same time as Wasaga Beach but municipal officials had serendipitously backed up their computers the day before it struck.

They were able to restore all of the systems without paying off the attackers and learned a valuable lesson.

“Education material was provided to staff and increased security features were added to our system. Our IT is constantly reassessing and updating our security on an ongoing basis as the attackers are constantly working to break any new security responses created,” stated Gore Bay clerk Stasia Carr.

The town does not allow council or the public to use the office network so they can keep their computers separate. They have also ingrained a “when in doubt, don’t open” policy for emails. 

The backup process was previously completed manually but has since switched to automatic cloud backups (virtual, offsite storage).

“Another important point was to use a Canadian source of cloud storage for our information as laws are different in other countries,” she added. “The take away for municipalities is to protect your information.”

The Town of Northeastern Manitoulin and the Islands (Northeast Town) has heeded those warnings. Northeast Town CAO Dave Williamson said municipalities are seen as “soft targets,” relatively unprotected and accessible to the public.

To fight the threat, last October, the township hired an external company that monitors all municipal devices, even staff cell phones. This costs $800 a month, the CAO shared, noting that the municipality opted into the ‘premium’ package.

The Northeast Town also purchased cyber insurance nearly two years ago.

“The weakest link in any organization is the users of the system,” Mr. Williamson said. Staff have been trained and are repeatedly reminded to be wary of emails that could be malicious. “We look at every email to see where it’s coming from.”

“At the end of the day, anyone with enough gumption can get in. We just hope that they move along to a softer target,” he concluded.

Personal health information is particularly sensitive and Manitoulin Health Centre (MHC) has adopted stringent policies to reduce the threat of ransomware and data theft. 

Although it has had strict security policies in place for some time, a January 2019 breach at Health Sciences North reinforced the importance of those measures. MHC was not infected but some of its shared IT systems went offline when the Sudbury hospital shut down the shared system.

“To ensure we’re safe, we do a number of things. Some were already in place and some came out of that incident. We hire a third-party to do network penetration tests (when a friendly ‘attacker’ will try to breach a company’s system and identify weaknesses) and we conduct internal technological vulnerability assessments,” said Tim Vine, vice-president of corporate support services and chief financial officer at MHC.

The health centre uses many methods of intrusion prevention including scanning emails for viruses and securing company cell phones and mobile devices.

“We use two-factor authentication such as a password and number generator through their smartphone or tablet for any remote access. It’s important because, a lot of times, employees will reuse their home passwords for work systems. Private passwords are vulnerable to be stolen and circulated on the dark web,” he said.

MHC’s three-person IT department runs regular drills so staff can practice spotting false emails and the IT crew can identify which employees are more likely to fall for an attacker’s ploy.

“We send out fake phishing emails from time to time to our staff, and that generates a report to IT. The system tracks how many people click on the link and identifies repeat offenders. We send those out along with a training module about threats,” said Mr. Vine.

The hospital also has a button within its email software so any employee can flag an email as suspicious and can send it right to the IT department for investigation before it’s too late.

“We take external attacks seriously. We are custodians of people’s personal information—that’s a big responsibility and there’s lots of legal outcomes that we don’t want to encounter as a result of any failure to do that,” he said.