Ransomware attack in Westmount | Hackers display sensitive files they allegedly stole

The hackers who attacked the City of Westmount published images of the files they allegedly stole on Tuesday. For the experts consulted The Pressthis publication in the hidden web presumably means that they have indeed copied the contents of these folders.

On Sunday, cybercriminals from the LockBit gang claimed responsibility for the attack on the municipality. They threaten to release 14 terabytes of stolen data within 14 days. In the meantime, they released images of folders named “Candidates”, “Human Resources”, “Public Security”, “Information Technology”, ” Mayor’s Office “(mayor’s office), ” Legal”.

Contacted by The Press, Westmount said nothing about the contents of these files. Impossible to know if they include, for example, contact information and social insurance numbers of employees, or information on public safety and computer security. The names of the files also suggest that the mayor’s files and communications subject to solicitor-client privilege may have leaked.

Folders presumably copied

If they display these channels, it is because they have indeed stolen the content, according to the experts consulted.

“There’s a good chance they copied everything,” says Patrick Mathieu, HackFest founder and cybersecurity expert.

This is also what Brett Callow, cyberthreat expert at Emsisoft thinks. “If a thief comes to your house, he probably won’t come out empty-handed! »

Westmount spokesman Sebastian Samuel simply says the city is awaiting analysis from VARS, a subsidiary of Raymond Chabot Grant Thornton that is helping it recover from the attack. “At this time, I don’t have any information that I can share. »

Unions want information

Made aware of the latest events, the Union of Municipal Officials of Montreal (white collar), which also represents Westmount employees, says it is “very worried about the nature of the information obtained by the hackers”. “It would be disastrous for the workers to experience a scenario like what has already happened elsewhere in Quebec,” said Guylaine Dionne, president.

She asks the City to communicate as soon as possible with the employees who may have suffered the theft of their personal data.

Guylaine Dionne invites the municipality to communicate the nature of the hacked data as soon as it has the information. “We are waiting for answers to our questions. »

The Union is preparing a complaint to the Commission d’accès à l’information. Under the new Law 25, organizations must take all necessary measures to protect the personal data they collect. They must also communicate quickly with the persons concerned in the event of a leak presenting “a risk of serious harm”.

The Syndicat des cols bleus regroupés de Montréal is also eager to learn more. “We are extremely concerned about the data leak,” said Alexis Lamy-Labrecque, Senior Advisor. We want to make sure that Westmount takes steps to protect our members’ data. »

A mass of data at risk

On Sunday, the LockBit gang announced on the hidden web that they had stolen 14 terabytes of data, or 14 billion kilobytes. In comparison, the hackers who stole considerable masses of data from Collège Montmorency claim to have 8 terabytes of information belonging to the cégep.

Hackers may exaggerate the amount of information stolen to better extort their victim, but stealing such a mass of data is far from impossible, according to experts.

Cybercriminals who use ransomware like LockBit often spend several months exploring a server and copying its contents before being detected or attacking by damaging the data.

Journalist specializing in cyber threats, Damien Bancal mentions that some hackers are able to copy the content of a server in just three days. “All you need is the right speed and downloading is just a detail,” he says.

No declaration to the Commission

To date, the Commission d’accès à l’information has not received a statement from the City of Westmount on a leak of personal data. “That does not mean that we will not receive any,” said spokesperson Emmanuelle Giraud.

After confirming problems with Westmount servers on Sunday evening, Mayor Christina Smith and the information technology (IT) department are no longer responding. They learned by The Press that a ransomware gang claimed responsibility for the hack.

The city issued a statement on Monday explaining that the cyberattack had caused computer loss and rendered emails unusable.

In an interview on Sunday, IT director Claude Vallières confirmed that computer equipment had been damaged. “We know we have encrypted servers, but we don’t know who attacked us,” he said.

He stated that he did not find a ransom note, such as those usually left by ransomware gangs like LockBit.

One thing is certain, Westmount could hardly justify the payment of a ransom, says Mario Paul-Hus, a lawyer specializing in municipal affairs. “I don’t think cities can use taxpayers’ money that way,” he says. Instead, he would advocate payment for work to restore damaged systems and databases and increase their robustness.