Image Credit: Shutterstock
August 08, 2021 - 9:00 AM
Last year’s cyber attack on the Regional District of Okanagan-Similkameen's online network showed staffers what it was like to work in the 'olden days'.
“Our communication was done by paper, handwritten cheques, sneaker networks (delivering pieces of information by foot), and then paper binders and policies,” Information Services Manager Danny Francisco told the directors of the regional district on Aug. 5, while presenting the findings of an audit on the attack.
Just over a year ago, on July 25, hackers (believed to be of European origin) created an account within the regional district's "work from remote" service, though the account only had limited access in the beginning. The users scoped out the system for about two weeks before attempting anything malicious.
READ MORE: Okanagan Similkameen Regional District staff still can't access email after attempted ransomware attack
“If you can imagine your home, a perpetrator coming into your lobby for a few weeks and after a bit of time they might be able to figure out your patterns – kind of what of work you do, where you go grocery shopping – just any information that helps them get further into the home,” Francisco said. “That’s what’s happened here.”
Eventually the account's status was elevated to gain administrative privileges. But fortunately, when the hackers chose to strike on Aug. 10, their activity managed to crash the regional district’s system, “and as soon as that crash happened, basically all the systems were offline, that actually protected us. So that crash ended up providing the protection from the malware.”
Francisco said there were firewalls, password protection, ransomware software and encrypted hard drive all in place.
“All the stuff you’re supposed to have and yet they still got in,” he said.
There were warnings of malware being received at the regional district, but only “about the normal entries we would see. Because it was done at such a low-lying level, it was on the noise floor. We get thousands of virus notifications that are already tracked, creates a noise-level and that’s common place. You don’t see one attempted attack one day and think ‘this needs to be looked at.’“
The company that audited the attack told the regional district that such ransomware attacks have evolved to become more sophisticated since last summer’s attack, and it’s likely the regional district’s system wouldn’t have crashed if a similar attempt been made this year.
The regional district was insured against such an event but the attack still cost $15,000 for the deductible.
“I’m not sure of the costs of the experts coming in, that was all covered by insurers,” Francisco said.
It took three months before basic services were back up and running, and another five months of dealing with recommendations and fine tuning the networks, he said, as well as months of scanning by the forensic companies to ensure no unwanted, lingering code still exists for the sake of being misused in the future.
“These are not things we can ignore anymore,” Francisco said. “The complexity and capability of the attacks is a multi-billion dollar industry, so we have to keep that in context… this now has to be a part of our DNA moving forward.”
To contact a reporter for this story, email Dan Walton or call 250-488-3065 or email the editor. You can also submit photos, videos or news tips to the newsroom and be entered to win a monthly prize draw.
We welcome your comments and opinions on our stories but play nice. We won't censor or delete comments unless they contain off-topic statements or links, unnecessary vulgarity, false facts, spam or obviously fake profiles. If you have any concerns about what you see in comments, email the editor in the link above.
News from © iNFOnews, 2021