Cyber Incident Victim: City of Saint John
Date:
Nov 2020
Location:
Canada
Summary
A cyberattack severely disrupted the municipal IT infrastructure of the City of Saint John, causing widespread outages affecting its website, online payment systems, email, and customer service applications. Critical operations such as transit and water treatment remained functional during the incident. The municipality collaborated with federal and provincial authorities to restore services, estimating recovery would take several weeks. Officials stated there was no evidence of personal data compromise, though investigations with law enforcement were ongoing. While ransomware involvement was suspected, the city withheld specific details to avoid aiding attackers or hindering the response efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 15, 2020, the City of Saint John, Canada, publicly disclosed a disruptive cyberattack that crippled its municipal IT infrastructure. The incident forced the shutdown of the city’s entire network, including its official website, online payment platforms, email systems, and customer service applications. While critical services such as public transit, water treatment, and wastewater management remained operational, the attack caused widespread disruption to administrative and public-facing digital services. City Manager John Collin stated recovery would require weeks rather than days, though no specific timeline was established. The city collaborated with provincial and federal authorities to investigate and restore systems but withheld technical details about the attack vector, compromised systems, and containment measures to avoid aiding the perpetrators or compromising the investigation. Collin confirmed no evidence indicated personal data theft or exfiltration, though determining this remained a priority with promises of public notification if findings changed.
The Saint John Police Force led the investigation with support from the National Cybercrime Coordination Unit and New Brunswick RCMP Digital Forensics Unit. Media reports speculated ransomware involvement, though officials did not confirm malware specifics or attribute responsibility. Collin acknowledged all recovery options remained under consideration, including potential ransom payment, without explicitly confirming or denying such negotiations. The city emphasized its coordinated response with higher-level government partners while maintaining public assurances about essential service continuity. This incident reflected a broader pattern of ransomware attacks targeting municipalities, as seen in prior incidents affecting cities like New Orleans, Baltimore, and Riviera Beach. Restoration efforts focused on gradual system recovery without disclosing technical countermeasures or forensic findings that might benefit threat actors.