Sep 21, 2019 by CR Team

Latest updates pertaining to the Stratford City Hall ransomware attack have emerged. According to reports, a total of 10 bitcoins at $7500 per BTC was paid by the body as a ransom to the hacker who crippled its computer systems on April 14 this year. 


As per official Q&A published on Stratford City Hall’s website, the ransomware attack was carried out in the morning of Sunday, April 14. This is what happened:

On Sunday, April 14, 2019, the City of Stratford became aware of a breach of its computer systems. It was determined that a malicious threat actor (attacker) was able to install and execute malware on six of the City’s physical servers, as well as two virtual servers. The attacker then began encrypting the City’s systems, making them unavailable for use.

Post knowledge of the attack, all City Hall servers were disconnected from the internet, all user endpoints (desktop computers, laptops, printers, etc.) were disconnected from the City network to prevent the spread of infection.

Big-Four behemoth and multinational professional services network, Deloitte stepped in to provide assistance in managing and assessing the incident.

However, there was no loss of critical information. As Mr. Kevvie Fowler, the Global Incident Response Leader at Deloitte stated:

Based on procedures performed and information available, Deloitte did not identify any evidence of loss, access or disclosure of PII in relation to the ransomware incident.

Negotiations were initiated with the attacker to restore access to the City’s information systems. Two weeks after the incident was discovered, the government body returned to normal business operations on April 29.


“We have insurance coverage involved and we made that decision (to pay the ransom) in consultation with our insurer and in the best interests of protecting data,” Stratford Mayor Dan Mathieson said.

Stratford City Council was advised to pay off the ransom by the insurance company as it was found to be ‘acceptable’ and in the City Hall’s ‘best interest’. As reported by the London Free Press, during the 15-day period, the ransomware managed to jeopardize Stratford’s email and telephone systems, as well as certain functions of its website.

Explaining the delay in announcement of the bitcoin ransom payment, Mayor Mathieson said that the same was requested by the police and Orr Insurance, City’s official insurance broker.

The Stratford police and the Ontario Provincial Police are investigating further into the matter.

Responding to a query about whether or not, adequate security measures are implemented to fend off further such attacks, Stratford City Hall said:

The City of Stratford views cybersecurity and the security of personal information as a priority, and has security measures in place that are updated regularly. That includes a strong password policy, network segregation between servers and workstations, and minimal system privileges for users in the network. Deloitte has noted that those security controls potentially limited the impact of the ransomware incident. Additional security measures have now been implemented to further reduce the risk of another attack.

Original article seen on Bitcoinist (Himadri Saha)