In the second week of 10th September 2018, the municipal employees belonging to Mekinac—the Canadian region between Quebec City and Montreal—were in for a major shock. As they arrived at their offices and turned their computers on, they were greeted with threatening messages that basically stated that all of their files and data were encrypted.
For ransomware removal, the municipality management received a ransom demand of 8 bitcoins or $65,000 which had to be transferred in the crypto wallets of the cybercriminals. Subsequently, the IT department engaged the perpetrators in a conversation and decreased the ransom by almost a half .i.e. $30,000, after which payment commenced. During all this time, the servers of the region were non-functional for almost two weeks.
In the aftermath of the attack, analysts have identified a major vulnerability in the government servers of Quebec. Professor Jose Fernandez—professor and malware analyst from the Polytechnique Montreal Engineering School—said that the cybersecurity of Quebec was no short of an embarrassment as he been continuously trying to warn the government officials to rectify their errors. However, he stated that despite his warnings, no seriousness was given to the issue in the last 15 years.
Bernard Thompson—the Mekinac’s reeve—explained that the demand for ransom was a really complex conundrum for his department. Mekanic is responsible for managing about 10 municipalities with the combined population of approximately 13,000 people.
According to Thompson the payment was particularly challenging because it affected their moral compass; they felt uneasy to comply with the demands of such cyber extortionists.
Fernandez felt that the attack was ironic because Quebec is reputed as a prominent cybersecurity and AI hub while the provincial government struggled with its out-dated security protocols and policies, making Quebec one of the most vulnerable Canadian provinces.