Cyberattack Recovery Expected To Cost $3M

Recovery from last fall’s cyberattack in Saint John is projected to cost the city nearly $3 million.

The figure is detailed in a new report set to be presented to the city’s finance committee Wednesday.

It includes consulting services, network hardware, licenses and support, vendor and hardware for application restorations, among other costs.

“The scope of the attack was wide-reaching with significant damage caused to the City’s IT infrastructure,” said the report.

According to the staff report, the Nov. 13 attack involved encryption to most Windows-based servers and many “system endpoints,” including laptops and computers.

The city was forced to shut down all of its IT systems, including its website, online payment systems, email and customer service applications as a result.

“The need to shut down the network and preserve the compromised environment for forensic investigation impacted business continuity with no ability to reuse the existing information technology equipment,” said the report.

City officials decided to rebuild the network rather than risk trying to restore hardware compromised in the attack, fearing that remnants of malware may lead to potential reinfection.

Staff anticipate more than 85 per cent of the estimated $2.95 million in recovery costs — about $2.5 million — will be recovered through insurance policies, with the rest absorbed into the IT operating budget or reserves.

While the new network is nearly complete, staff said “considerable work” remains to restore all of the applications used to deliver public services.

“Several financial and public safety applications have already been restored. Microsoft Office 365 has been implemented providing users with email, administrative applications, and collaboration tools,” said the report.

“Applications have been prioritized for restoration based on service impact, vendor availability, and the City’s IT Team resource capacity.”

City manager John Collin told council in January that it would likely take at least four to six months to build the new network and restore all services.

In an update to council the following month, Collin revealed that the city would not pay any ransom to the attackers.

“Between the reality that there has been little to no compromise of data, and that our corrupted data is recoverable through backup, I have decided to direct the staff to cease any exploration of ransom payment options,” Collin said on Feb. 22.

Collin added that the report was not a “firm guarantee” that no data was uncovered and reminded councillors of the importance of maintaining safe internet habits.