A small Canadian town is being blackmailed by a global ransomware gang

The Canadian city of St. Marys, Ontario, has been hit by a ransomware attack that has locked personnel out of internal systems and encrypted data.

The small town of around 7,500 residents seems to be the latest target of the infamous LockBit ransomware group. On July 22, townofstmarys.com was listed as a victim of the ransomware and samples of files stolen and encrypted in a post on the dark LockBit website.

Screenshot taken from a ransomware group's website.  The text reads: “The town of St. Marys is located at the intersection of the River Thames and Trout Creek, southwest of Stratford in southwestern Ontario.  Rich in natural resources, namely the River Thames, the land that now forms St. Marys was traditionally used as a hunting ground by First Nations peoples.  European settlers arrived in the early 1840s. Stolen Data (67GB): Financial Records, Plans, Department, Confidential Data”

LockBit ransom list for the city of St. Marys

In a phone call, the mayor of St Mary’s Al Strathdee told: The edge that the city responded to the attack with the help of a team of experts.

“To be honest, we are somewhat in shock,” Strathdee said. “It doesn’t feel good to be the target, but the experts we hired have identified the threat and are helping us respond. The police are interested and have special resources for the case… people are working on this 24/7.”

Strathdee said that after the systems were locked down, the city received a ransom from the LockBit ransomware gang, but has not paid anything to date. In general, the Canadian government’s cybersecurity guidelines discouraged paying ransoms, Strathdee said, but the city would follow the incident team’s advice on how to proceed.

Screenshots shared on the LockBit site show the file structure of a Windows operating system, with folders corresponding to municipal activities such as finance, health and safety, sewage treatment, real estate files, and public works. Under LockBit’s standard practices, the city was given a deadline to pay to unlock their systems or else see the data published online.

Brett O’Reilly, communications manager for the City of St. Marys, directed The edge to a St. Marys press release detailing the city. According to the statement, essential municipal services such as transit and water systems were not affected by the incident, and the city is trying to unlock IT systems and restore backup data.

According to an analysis by Recorded future, the LockBit group alone was credited with 50 ransomware incidents in June 2022, making it the most prolific global ransomware group. In fact, St. Marys is the second small town to be targeted by LockBit in just over a week: On July 14, LockBit listed data from the city of Frederick, Colorado (population 15,000) as hacked, a claim currently under investigation by city officials. The LockBit listing for Frederick is currently demanding a $200,000 ransom for not publishing the data.

Increasingly, smaller municipalities are being targeted by sophisticated global ransomware groups with extensive technical knowledge and resources. In March, the FBI’s cyber division issued a notice to private industry partners of government agencies, noting that ransomware attacks “put pressure on local U.S. governments and public services.”

Show Love ❤️