More than a month after a ransomware attack on the Resort Municipality of Whistler (RMOW) took services offline (including email, phones and the municipal website), the municipality says an investigation into the incident is starting to wrap up.
More than 300 employee laptops were restored from May 28 to 30 “as an important first step to ensure that we can relaunch our programs and services securely,” said manager of communications Gillian Robinson, in an email, adding that email services are gradually returning and the full version of whistler.ca should be available by week’s end.
Other RMOW services—including payment systems, accounts payable systems and internal file sharing—should come back online over the next couple of weeks.
“It’s important to note in most cases, the RMOW is starting from near-scratch, rebuilding and rehabilitating our systems to ensure that each is fully secure before bringing them back online,” Robinson said.
“We are also working with cyber security experts to build further resilience in our system to evolving [cyber security] threats.”
While a cyber investigation into the attack is wrapping up, the criminal investigation is still underway, Robinson added.
“The RMOW expects to share its learnings from the [cyber security] incident with the community and with other municipalities as appropriate,” she said.
“The RMOW looks forward to sharing those insights when the forensic investigation is fully complete. As you can appreciate, this is a very thorough investigation but we hope to provide this by the end of June.”
So far, the investigation has not found evidence that the public’s private personal information was accessed, Robinson said, adding that if that changes, the RMOW will notify affected individuals directly.
Under the Privacy Act, the RMOW is allowed to collect personal information if there is a valid reason to do so and as long as it is only used for the purpose it was collected for.
“The RMOW takes the storage and protection of personal private information under its care very seriously and is required to do so by law,” Robinson said.
Meanwhile, on May 20, the RMOW engaged Pique in litigation over its ransomware coverage, seeking to dictate what details Pique can publish about the events.
The RMOW argued that it was seeking to protect the privacy of staff. Pique opposed the application, arguing that there was no basis for any such order.
The matter was heard briefly on May 21 by Supreme Court Justice Sandra Wilkinson, who declined Whistler’s request for a temporary order restricting Pique’s coverage until the matter could be fully argued.
Pique will defend itself in the lawsuit in due course.