Cyber Incident Victim: Mékinac Regional County Municipality
Date:
Sep 2018
Location:
Canada
Summary
A Quebec regional municipality fell victim to a ransomware attack after an employee clicked a fraudulent email link, leading to encrypted data and a complete server lockdown lasting two weeks. The municipality paid $30,000 in Bitcoin to regain access to critical files, facing significant operational disruption and moral dilemmas over funding criminal activity. Following the incident, the organization implemented enhanced security measures including firewall upgrades and proactive email filtering to mitigate future risks. Cybersecurity experts criticized provincial authorities for systemic vulnerabilities and inadequate support for local governments, contrasting with official claims of preparedness, while highlighting broader infrastructure weaknesses across the region.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 10, 2018, employees of the Mékinac Regional County Municipality arrived at work to discover a threatening message blocking access to all municipal files. The cyberattack rendered servers inoperable by encrypting critical data, paralyzing operations. The intrusion originated when an employee clicked a malicious link within a fraudulent email, allowing ransomware to infiltrate and compromise the systems. Municipal IT staff confirmed the malware’s encryption mechanism prevented any data recovery without external intervention. After two weeks of sustained server disablement, Mékinac’s administration authorized a Bitcoin ransom payment of $30,000 to the attackers, representing a partial fulfillment of the initial $65,000 demand. Bernard Thompson, the municipality’s reeve, characterized the payment as a necessary but morally fraught decision, citing the prohibitive cost and labor of manually reconstructing lost data as primary factors. The incident disrupted municipal services for the duration of the outage, though specific operational impacts beyond server inaccessibility were not detailed in available reports. No explicit mention of data exfiltration or secondary exploitation emerged, suggesting the attackers’ primary objective was financial extortion through encryption.
In response to the attack, Mékinac implemented immediate security enhancements, including firewall upgrades and proactive email filtering systems to detect malicious content. Thompson acknowledged these measures as direct improvements following the breach but did not specify whether backups or employee training protocols were revised. Professor José Fernandez, a cybersecurity expert at Montreal’s Polytechnique engineering school, cited the incident as evidence of systemic vulnerabilities across Quebec’s municipal IT infrastructures, criticizing provincial authorities for inadequate cybersecurity support over 15 years. Quebec’s Public Security Department contested claims of provincial unpreparedness, emphasizing its dedicated data protection units while noting municipalities retain independent responsibility for their networks. The incident underscored financial and operational risks to local governments lacking centralized cybersecurity resources, with Mékinac’s ransom payment reflecting a calculated trade-off between immediate recovery costs and prolonged operational paralysis. No subsequent attacks or residual effects were reported following the restoration of systems.