“Here’s the problem,” Tobok says. “This is no longer a bunch of kids sitting in mommy and daddy’s basement playing with computers. It is organized crime. So it is not that the town in particular was a target — everybody nowadays is a target — but what makes towns extremely attractive for the threat actors is that the towns will normally pay.
“Why? Because when the hackers encrypt all their data, they don’t have a choice, because otherwise their operations get seized. Meaning they can’t accept funds, they can’t pay funds, and they can’t really operate.”
Sept. 1 is a notable date for municipalities across Ontario: property taxes are due. On the one hand, the strike on Midland’s computers was non-lethal. Emergency services remained operational, as did the town’s water and waste management systems. Nobody was going to die. But Midland’s ability to cash or issue cheques, pay its bills and execute any financial transactions whatsoever was paralyzed.
“Basically, these guys have these towns by the balls,” Tobok says, adding that small towns (and even large cities) are cash-poor, to begin with, and most simply don’t have the budget to hire the best-of-the best IT workers to safeguard computer systems — or else they don’t prioritize it. Many private companies are likewise guilty, and adopt a hope-this-doesn’t-happen-to-us policy instead of viewing cyber-security as essential and preparing for the worst. Tobok also estimates about 70 per cent of ransomware attacks originate in Russia, and advises his clients not to pay ransom — if they have the appropriate systemic back-ups to weather an attack. Alas, most do pay, because 95 per cent of them lack in adequate back-ups. (Tobok’s largest pay-out for a private client was $800,000 in Bitcoin.)