Hackers were seeking nearly $17 million in ransom from the City of Saint John during last fall’s cyberattack which crippled the city’s IT services.
Senior city staff revealed the ransom amount for the first time Wednesday to members of the city’s finance committee.
“I’m pretty floored with that number,” Mayor Don Darling said after hearing details about the ransom amount.
City manager John Collin said they wanted to keep the number confidential at first in case they had to enter into negotiations with the hackers.
“We now know with certainty that we do not need to deal with these criminals … and we are at the point now where divulging the number would have no impact on our operational security because our networks are back up and secure,” Collin told committee members.
The city was forced to shut down all of its IT systems after the Nov. 13 attack. City staff said the wide-reaching attack involved the encryption of most Windows-based servers and many “system endpoints,” including laptops and computers.
Collin said when they were first contacted by the hackers in mid-November, the ransom amount was 670,000 Bitcoin which, at the time, translated to nearly $17 million.
“Bitcoin has continued to go up, depending on when we would have done ransom discussions,” he said.
Today, Collin said 670,000 Bitcoin would be worth about $49 million, or nearly three times the initial amount in November.
But even if city officials had paid the ransom, Collin said there was no guarantee their systems would have been properly restored.
“I’m very glad that the team worked as hard as it did to ensure that we did not have to pay any form of ransom, and certainly nothing as ridiculous as what these criminals were asking for,” he said.
Instead of paying the ransom, the city decided to rebuild its entire network from scratch — a process that continues today.
It would normally take three to five years to rebuild a system, according to chief information officer Stephanie Rackley-Roach, but the city has completed most of it in about four months.
Overall recovery costs are anticipated to be nearly $3 million, which includes consulting services, network hardware, licenses and support, vendor and hardware for application restorations, among other costs.
Staff anticipate more than 85 per cent of the recovery costs will be recovered through insurance policies. The remaining $400,000 to $500,000 would be absorbed into the IT operating budget or reserves for what Collin described as “betterments” to the system.
“Those betterments would have most likely been incurred by us in the next year or two in any event,” said Collin.
“I certainly, from my perspective, would not characterize this money as lost money or wasted money. It’s being spent arguably just a little bit earlier than perhaps we would have otherwise have done so.”
Follow
