St. Marys, a small Canadian town hit by LockBit ransomware

On Wednesday 20th of July 2022, the Canadian town of St. Marys in Ontario experienced a ransomware attack that locked staff out of internal systems and encrypted data. The incident has been claimed by the LockBit ransomware group who posted a listing on their data leak site as well as provided some of the screenshots of the stolen files as evidence of the attack. Al Strathdee, St. Marys Mayor told new sources that the town was investigating the incident with the help of a team of cyber security experts. Currently, no evidence has been found in terms of if the incident impacted essential municipal services like transit and water systems.

“It’s not a good feeling to be targeted, but the experts we’ve hired have identified what the threat is and are walking us through how to respond. Police are interested and have dedicated resources to the case … there are people here working on it 24/7.” – Al Strathdee, St. Marys Mayor.

At this current time, no ransom has been paid to the ransomware group as the town is currently following the Canadian government’s cybersecurity guidance which discourages the paying of ransoms although the mayor stated the town would follow the incident team’s advice on how to engage further. Screenshots shared on the LockBit site show the file structure of a Windows operating system, containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works.