How did Hamilton handle the $18.5M cyber ransom demand?

The City of Hamilton has revealed details about a significant cybersecurity breach that occurred on February 25, 2024. Cybercriminals demanded a ransom of $18.5 million CAD, but the city refused to comply. Instead, Hamilton managed to contain the incident within two days, maintaining essential services and recovering most systems using backups. Notably, no personal or health information was compromised. The attack was executed through a ransomware attack on an external server, encrypting data and systems. Despite the ransom demand, the city chose not to pay, aligning with expert advice and industry standards to avoid further risks and financial exposure. The city’s insurance claim for the incident was denied, and a legal review confirmed the denial was consistent with policy terms. Hamilton has since enhanced its cybersecurity measures and renewed its insurance. The financial impact of the breach amounted to $18.3 million CAD, covering immediate responses and system recovery. Moving forward, Hamilton has outlined a “Build Back Better” plan to strengthen its infrastructure, with funding strategies approved for the coming years. The city aims to leverage existing funds and reprioritize projects to ensure a more resilient and secure future.