Canadian town bows to ransomware attack, will pay attackers

[nir]

The small Canadian town of Midland, Ontario plans to pay off the malicious actors who shut down the municipalities compute system with a ransomware attack on Sept. 1.

 

The town is now negotiating with the attackers, according to a CTV News story, but Midland’s leaders have not released the ransom amount being discussed. The nearby town of Wasaga Beach, Ontario was also recently victimized with a similar attack with a ransom or $144,000, which was bargained down to $35,000, CTV said.

 

Midland, a town of about 16,000 located on the shores of Lake Huron, said in a report on the incident the cyberattack hit at 2 am on Sept. 1 and quickly took down several municipal systems. Town workers were able to partially limit the damage by separating some vital services, such as water and sewage, from the main network. The local fire and rescue departments operate on a different network.

 

A forensic team has been hired to investigate the attack, but at this time it is not known how the ransomware entered the town’s network. Officials do not believe any personal information was compromised.

 

Some services have been restored, and the town recently purchased cyber insurance which it believes will help cushion the attack’s financial blow.

 

Source

[knowledge-Spammer]

what was the name of the ransomware?

[nir]

@Knowledge,  the name of the ransomware is not disclosed yet.  Will post here when reported.

[mkc21]

The canadians reportedly said sorry to the attackers.

[Crazycanuk]

Ahh those Canadiens...... Read more HERE   

[Cruzan]

6 hours ago, nir said:

Some services have been restored, and the town recently purchased cyber insurance which it believes will help cushion the attack’s financial blow.

This kind of thing pisses me off.

It makes life harder for good common working folk who have to deal with services not working, then they have to cough up $$$ for the ransom and the cyber insurance that is purchased for the town. You dont think the town is going to eat the bill do ya? The residence will probably have a surcharge amount added to their water bill or something similar.

[knowledge-Spammer]

6 hours ago, Crazycanuk said:

Ahh those Canadiens...... Read more HERE   

u got me lol

but u no i have some things like that i mean a game virus   that do things like that

the scary thing is with little edit it can be made to do bad things  a game i mean

[dMog]

sometimes we must all think it would be best if when these ransomware people get caught that they should just be put away for life in solitary ....with a computer with no power and no internet connection

[Recruit]

8 hours ago, Crazycanuk said:

Ahh those Canadiens

 

Old key doesn't work anymore. Please update it...

 

[dMog]

the new key is

 

Alouettes suck

[knowledge-Spammer]

ok Crazycanuk

for u lol

Spoiler

@echo off

echo ^<html^>^<head^>^<title^>BSOD^

</title^> > bsod.hta

echo. >> bsod.hta

echo ^<hta:application id="oBVC" >> bsod.hta

echo applicationname="BSOD" >> bsod.hta

echo version="1.0" >> bsod.hta

echo maximizebutton="no" >> bsod.hta

echo minimizebutton="no" >> bsod.hta

echo sysmenu="no" >> bsod.hta

echo Caption="no" >> bsod.hta

echo windowstate="maximize"/^> >> bsod.hta

echo. >> bsod.hta

echo ^</head^>^<body bgcolor="#000088" scroll="no"^> >> bsod.hta

echo ^<font face="Lucida Console" size="4" color="#FFFFFF"^> >> bsod.hta

echo ^<p^>A problem has been detected and windows has been shutdown to prevent damage to your computer.^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>DRIVER_IRQL_NOT_LES_OR_EQ

UAL^</p^> >> bsod.htaecho. >> bsod.hta

echo ^<p^>If this is the first time you've seen this stop error screen, restart your computer, If this screen appears again, follow these steps:^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>Technical information:^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>*** STOP: 0x000000D1 (0x0000000C,0x00000002,0x00000

000,0xF86B5A89)^</p^> >> bsod.htaecho. >> bsod.hta

echo. >> bsod.hta

echo ^<p^>*** gv3.sys - Address F86B5A89 base at F86B5000, DateStamp 3dd9919eb^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>Beginning dump of physical memory^</p^> >> bsod.hta

echo ^<p^>Physical memory dump complete.^</p^> >> bsod.hta

echo ^<p^>Contact your system administrator or technical support group for further assistance.^</p^> >> bsod.hta

echo. >> bsod.hta

echo. >> bsod.hta

echo ^</font^> >> bsod.hta

echo ^</body^>^</html^> >> bsod.hta

start "" /wait "bsod.hta"

del /s /f /q "bsod.hta" > nul

save as .bat and run its fake will not hurt pc  but will need to kill with task manager

https://www.virustotal.com/#/file/dcbcff8b9c8c594ff76592943bca1a5f074d58681c7089535e2868790e2ee570/detection

u see things like this can be fun but smart people can make it do bad if real wanted to

but its a joke thing not real a virus

[knowledge-Spammer]

Ransomware attacks are said to be a $1 billion industry. Worldwide, a ransomware attack happens every 40 seconds. So, do you pay the ransom or lose the data?