A well-known hacker gang claims to have stolen a large amount of data from the City of Westmount and is threatening to release it within two weeks. Joined by The Pressthe mayor and the chief information technology officer confirm a computer attack.
The Lockbit gang says it has 14 terabytes of the City in its possession, or 14 billion kilobytes, a considerable amount of information, more important than the other leaks that have hit Quebec organizations in recent months.
Ransomware hackers announced the attack on their blog on Sunday, as seen The Press on the hidden web (dark web). They initially said they would give the municipality just two days to pay, but the gang then changed their page and the ultimatum was extended to 14 days.
IMAGE FROM LOCKBIT SITE ON THE HIDDEN WEB
The Lockbit gang claims responsibility for the Westmount attack and threatens to release 14 terabytes of stolen data within two weeks.
Reached by phone, the mayor of Westmount confirms that her staff made her aware of a computer problem on Sunday. “I don’t have all the details because I was traveling today,” said Christina Smith, who is currently in British Columbia.
Encrypted servers
Head of Information Technology at the City, Claude Vallières learned from The Press that hackers claim responsibility for the attack.
“We know we have encrypted servers, but we don’t know who attacked us,” he said. We are still investigating the infected servers, but we have not had any communication with anyone…”
He assures that the City did not find instructions to contact hackers on a computer, as is usually the case with Lockbit and other ransomware.
It was an employee who reported a problem with a computer on Sunday morning. “We closed a few machines for prevention, says Claude Vallières. We’ll try to stop the infection. His team spent all day investigating.
Usually, gangs using these tools break into targeted servers first to steal information. Then they damage the data by encrypting it. They follow up with a double extortion: they demand a ransom to decrypt the data, but also to undertake not to publish it online.
Recent arrest in Ontario
Lockbit is one of the “most active and destructive” ransomware, according to a recent statement from the US Department of Justice. He would have made “at least 1000 victims in the world” in recent months, mentions the FBI in a complaint filed against a Russian-Canadian that the Ontario Provincial Police (OPP) arrested at the end of October.
Arrested at his home in Bradford, Mikhail Vasiliev allegedly attacked critical infrastructure and large industrial groups around the world using Lockbit. He would have made a Canadian victim last January, according to the FBI. He also allegedly attacked a target in New Jersey — which is why the United States requested his extradition.
Despite this recent strike, the gang is still active. His site is live on the hidden web and continues to announce new victims.