The City of Montreal accuses the IT firm it called to the rescue after a major cyberattack of having in turn “taken hostage” data in order to use it as “negotiating leverage”.
The company in question, Vertisoft, completely denies these accusations and explains that it limited the City’s computer access because of its risky practices. She reached an agreement with the City in the last hours, she indicated late Wednesday afternoon.
The file concerns the Montreal Electrical Services Commission (CSEM), a paramunicipal organization responsible for managing underground cabling on the island of Montreal. On August 3, the CSEM was the victim of a cyberattack from a group of hackers called LockBit. They demanded 2 million US dollars to return the data.
Refusing to pay the ransom, the CSEM quickly called Vertisoft, from Victoriaville, to the rescue.
Its IT professionals restored the organization’s systems to the company’s servers rather than those that had been compromised.
But in mid-October, “Vertisoft withdrew, on its own initiative and without notice, the CSEM’s administrator access to all its data,” alleges the organization in a lawsuit filed Monday at the Montreal courthouse. “Since then, Vertisoft has repeatedly represented that it would restore administrator access, but has systematically neglected to do so, citing a variety of excuses that have evolved over the weeks. »
According to the City of Montreal, the company also requested payment of nearly $250,000 in costs.
Avoid a new attack
Vertisoft does not see things the same way.
The company assures that it was because of the CSEM’s poor cybersecurity practices that it refused to provide it with administrator access. The data of all Vertisoft customers could have been compromised, argued Me Vincent Langlois in telephone interview.
Vertisoft “never refused to transfer the data,” he assured. “They refused to do it in a disorderly manner and to jeopardize their own infrastructure in this context. »
We couldn’t accept working erratically. There is a deep disagreement between people at the CSEM and Vertisoft on good IT management practices and best practices to prevent a new attack from affecting the servers.
Me Vincent Langlois, Vertisoft lawyer
Me Langlois notably mentioned the sharing of administrator accounts between several individuals as an illustration of bad practice.
The EMSB “believed that there was no real danger in proceeding more quickly when we felt that things should be done very cautiously given the history.”
“A lot of lost documents”
In its lawsuit, the City of Montreal demands the immediate return of the data, as well as payment of $25,000 in damages. For several weeks, the CSEM has had to go through Vertisoft every time it wants to access its own data, which creates delays and payment delays, for example.
“Given the legalization of the case, the City will not comment on the case publicly,” said public relations officer Gonzalo Nunez by email on Wednesday.
Me Vincent Langlois, for his part, assured that an agreement for the transfer of data had been concluded on Wednesday between Vertisoft and the CSEM. At the time the lawsuit was filed, “we were – from our point of view – a few details away from completing the process.”
At the end of November, in a presentation at city hall, the boss of the CSEM spoke of the impacts of the cyberattack on his teams. However, he had not said a word about the problems with Vertisoft.
“I won’t hide from you that all employees were affected by the cyberattack, that’s for sure,” Robert Gauthier said. “There are a lot of working documents that have been lost, there is discouragement for many, that’s for sure. » He indicated that part of the EMSB’s document bank had been able to be rebuilt from attachments that were lying dormant in employees’ email boxes.
The August cyberattack is not the only problem encountered by the EMSB in recent months. In October, The Press revealed that the president of the organization had outlined plans to launch its service in the hydrogen market with a company with which he was closely linked. Sid Zerbo was quickly suspended for investigation, a position he still remains in.
With Louis-Samuel Perron, The Press