Hamilton confirms ransomware is behind cyber attack

Ransomware is behind the cyber attack on the city of Hamilton, Ont., the municipality’s city manager says.

Marnie Cluckie told reporters Monday afternoon that the attack, which was detected the evening of Sunday, Feb. 25, was the result of ransomware.

She wouldn’t say what strain of the malware the city has been hit with, how long it will take to restore full services, or whether the city has received a demand for money. Some information has to remain confidential, she explained.

Asked if the city is considering a ransom payment, Cluckie replied, “I can assure you we’re going to do what’s best for the city.”

“It’s impossible to know when we will be able to get fully up and running again. I can tell you that we will only restore systems when we are confident we can do so safely and securely,” she said. “As of this moment, we do not believe personal data has been accessed.”

The municipality has cyber insurance, she said, but wouldn’t give details.

The city has already said critical services such as transit, water and wastewater treatment, and emergency services are operational. However some phone systems are offline.

Authorities are still giving out parking tickets. In some cases, systems in facilities such as buses and swimming pools aren’t working, and in those instances residents don’t have to pay.

Automatic payment of property taxes has been disrupted. Cluckie couldn’t say how payments will be handled once the payment capability has been restored.

Nor could she estimate when full services will be restored. A reporter noted it’s taken the city of Toronto’s public library system four months to almost fully return to business.

Every cyber attack is different, Cluckie replied. “We are doing what we can to get things up and running as soon as possible.. can’t give a timeline… want to be careful and diligent so we restore systems safely and securely.”

Hamilton is a city of about 780,00 at the western edge of Lake Ontario.

According to CHCH-TV, city council has been meeting behind closed doors to discuss the attack. Regular council meetings have been temporarily suspended. Mayor Andrea Horwath told reporters that’s partly because municipal staff’s priority is dealing with the cyber attack, so meetings can’t be staffed as needed. It also happens that there’s little on council’s agenda this week and next because of spring break, she added.

“Council and I recognize very clearly how disruptive things have been, and what a challenging time it has been for the people of our city,” Horwath said. City staff have been “working around the clock” to restore services, she added.

“As soon as our staff discovered the breach, the team right away began to respond. They acted immediately. Their most important priorities, as you can imagine, have been to protect the community and protect the service delivery staff, as well as to minimize any impact people might experience.” That included hiring an outside firm with expertise in incident response, and notifying insurers and Hamilton police.

“Once we have gone to a place where we have fully restored our systems,” the mayor added, “our city manager Cluckie and her team have committed to conduct a full review to understand how this breach was able to happen. Based on their findings, they have committed to me and the council that they will ensure the city puts in place appropriate systems and protocols to try to avoid something like this happening again.”