Case Study | How to Overcome a Ransomware Attack

If it’s hard to imagine the pain of finding that your organization has just been hit with a ransomware attack, it’s harder still to imagine how to recover from one. Luckily for the City of Saint John, it knew who to call and what to do.

On Friday the 13th of November 2020, the City of Saint John in New Brunswick, Canada, was hit by a crippling ransomware demand. Even as the City was working harder than ever to deliver service during an unprecedented pandemic, the resolute municipality refused to submit to the demands to pay up. Instead, the City’s IT team worked with Bulletproof to rebuild critical systems and re-engineer the City’s cybersecurity posture.

Fast action, an integrated team, and the intelligent automated support of Microsoft Security solutions enabled the City of Saint John to bring critical services back online in an ambitious six weeks, avoiding the months—possibly years—that building a new network might take.

CoSJ Quote (1)

About the City of Saint John

The City of Saint John is Canada’s oldest incorporated city and the largest city geographically in the province of New Brunswick. The community, located along the Bay of Fundy on Canada’s East Coast, is home to about 70,000 people.

The City’s 15-person IT team supports 900 users over the vast network of services needed by a thriving community: everything from development to parks to water to public safety services.

Not If, But When

The City of Saint John has long had a concern for cybersecurity and the City’s IT team had begun to implement a continuous security improvement program well before the 2020 attack. After evaluating its security posture after some earlier minor attacks, the City collaborated with a third party to complete a security assessment on its environment, leading its IT team to create updated policies.

One major step the City took to improve its security posture was to work with Bulletproof to roll out a security incident and event management (SIEM) system and Security Operations Center (SOC) as part of Bulletproof’s all-encompassing B365 Enterprise solution. The City of Saint John IT department had further plans to expand monitoring to additional servers and user endpoints however, like municipalities everywhere, struggled for budget approval of cybersecurity solutions—often a hard sell for cash-strapped councils. The sympathetic City of Saint John Common Council underwrote improvements as funds became available, but progress was slow.

Like something out of a movie, CIO Stephanie Rackley-Roach was enjoying a vacation when she got a call from one of her management team members. At 11:00 PM. On Friday the 13th. “I knew it was bad news before I even answered,” she says.

The City of Saint John had been targeted by a ransomware attack, its IT operating environment held hostage for approximately 12- 14 million dollars to be paid in Bitcoin. The City’s IT team worked through the night to sever the City’s internet connection and begin assessing the damage. They also alerted Bulletproof straightaway. Fortunately, the City’s existing contract with Bulletproof for incident response services meant that the team could engage immediately and assemble a team that met onsite before 9:00 AM the next day.

“Bulletproof was our primary partner for containment and restoration. The attack impacted nearly every system.”

— Stephanie Rackley-Roach, CIO, City of Saint John

Jumping Into Action

Upon arriving in Saint John, the Bulletproof team met with Rackley-Roach and her IT Team to be briefed on the crisis, develop a plan of action, and bring City leadership onboard. While Rackley-Roach worked with the City’s executive leadership team to enact emergency procurement procedures and ensure crucial resources and services could be revived without delay, the Bulletproof team dove into action.

“Both the City of Saint John IT team and our Bulletproof people did a phenomenal job in managing everything that was thrown at them in that first surreal 24 hours,” declares Chris Johnston, Bulletproof’s former CEO. The operation was further complicated by COVID-19 social distancing restrictions and a remote command center was used to support Saint John and the onsite team to balance that risk.

“I don’t know how to adequately describe it for people who haven’t gone through a high stakes situation of such overwhelming intensity. Any IT executive confronted with a ransomware incident must balance urgent containment actions and communications internally with outside demands, like dealing with media, insurance, and City Council. Imagine everything coming at you all at once—and the pressure to make many critical decisions combined with a multitude of external pressures.”

— Chris Johnston, Former CEO, Bulletproof

Assessing the Damage

An immediate priority was determining the source of the breach. “That initial response is a very complicated operation with a lot of moving parts,” explains Bulletproof's former COO Jeff Shaw. “We had to deal with the complex technical issues of forensic analysis and sever partner connections in addition to the internet. For the CIO, it means navigating operational impact while also working with law enforcement, insurance, external counsel, partner organizations, and other stakeholders.” Bulletproof worked with the City’s IT to develop a detailed path forward, laying out the recovery steps.

Working as a single integrated team, the City of Saint John’s IT team and Bulletproof began to rebuild the City of Saint John operating environment, layering in security with the end-to-end Microsoft Security solutions stack. It deployed the Bulletproof 365 Enterprise system, which seamlessly merges Microsoft Sentinel with Microsoft 365 to deliver comprehensive intelligent security.

“We deployed Microsoft Sentinel to fix the ‘blind spot’ that happens with traditional log-based SIEMs,” explains Shaw. “The visibility and capability we get with Microsoft Sentinel far exceeds that of the previous SIEM. We brought the signal into our security operations center with Microsoft Sentinel for a real-time overview of the entire estate. It was critical to spot any threat that could delay reinstating the network and operating systems to fully restore IT functions.”

Implementing the Microsoft Security stack was already on the City of Saint John’s roadmap, so the Bulletproof team was able to swiftly rollout Microsoft Defender for Endpoint to secure the City’s servers and other endpoints, Microsoft 365 Defender, and Microsoft Defender for Cloud. “In this situation, where we needed ultimate confidence to ensure that everything brought back online was highly secure, the Microsoft Defender suite was critical,” says Johnston. “Defender for Endpoint is invaluable in alleviating the fear of residual malware in on-premises servers as systems come back online.”

Watch the story to hear how Bulletproof's Cybersecurity Solutions helped the City of Saint John overcome a ransomware attack and improve its security posture.

Setting Things Right

CoSJ Quote (3)

The City set the ambitious goal of reinstating the core IT operating environment in six weeks. “Our stakeholders found it difficult to believe we could be back online that fast,” Rackley-Roach says. “They thought a timeline of six to eight months was more realistic. But thanks to long hours from our dedicated IT and Bulletproof team, we had our core network, including critical services, up and running in six weeks.” Shaw presented the case for turning on the new network. “Before we could reconnect the City’s communication systems for public safety and law enforcement, we had to jump through a lot of hoops for stakeholders to prove that the new infrastructure was well-protected. We had a solid story to tell because we could show how well we had protected the estate with the Microsoft Security solution stack.”

All in all, it took 18 months to completely rebuild most of the City’s network and restore applications. Although she wouldn’t endorse the way it came about, Rackley-Roach is delighted with the modernized and resilient network the City now has. “The silver lining of our ransomware attack is that I go home at night feeling good about the state of our network,” she says.

Staying Vigilant

Now that the City’s network and applications are safe and secure, its IT team wants to keep it that way. Thanks to Bulletproof 365E and the power of Microsoft Sentinel, the City of Saint John now has 24/7 monitoring and support; because after all, cybercrime never sleeps. “This is the story of a lot of hard work by a lot of people to make a faster recovery than anyone thought possible,” says Johnston. For him, the City of Saint John is a testament to the interoperable nature of Microsoft Security solutions. “We’ve all lived in a multi-vendor world with limited visibility into security,” he adds. “That was the best we could hope for until the Microsoft Security solution stack was available, giving us a way to protect customers. We protect our own business with it.”

The City’s IT team and Bulletproof remain strong collaborative partners, meeting every month to review Microsoft Sentinel intelligence and strategize proactively. “It’s a hard way to meet people,” says Rackley-Roach. “But we have friends for life with Bulletproof.”

BPB365EBadgeEnterprise

Bulletproof CEO ebook cover v3 portrait copy checked

How exactly do you weather a perfect cybercrime storm?

As the way we work has evolved, cybercrime tactics have evolved as well. How can you protect your business in an increasingly volatile cybercrime landscape? Take action with this eBook designed to help CEOs, executives, and decision-makers understand today’s cyberthreat and what they can do to tackle today’s challenges and strengthen their security posture.

REDUCE BUSINESS RISK AND MAXIMIZE SECURITY FOR YOUR ORGANIZATION

Take a proactive approach when it comes to protecting your data. Combine the sophisticated power of Microsoft Sentinel with Bulletproof’s 24/7 security support for seamless, enterprise-grade security in one cost-effective package. Learn more about how Bulletproof 365 Enterprise can protect your organization from modern cybercrime.

C A S E S T U D Y
How Bulletproof Helped the City of Saint John Overcome a Ransomware Attack and Strengthen Their Security Posture

In a hurry? Save this article as a PDF.

About the City of Saint John

Not If, But When

Jumping Into Action

Assessing the Damage

Setting Things Right

Staying Vigilant

How exactly do you weather a perfect cybercrime storm?

REDUCE BUSINESS RISK AND MAXIMIZE SECURITY FOR YOUR ORGANIZATION

Share This

Call Us

1.866.328.5538

C A S E S T U D Y How Bulletproof Helped the City of Saint John Overcome a Ransomware Attack and Strengthen Their Security Posture

In a hurry? Save this article as a PDF.

About the City of Saint John

Not If, But When

Jumping Into Action

Assessing the Damage

Setting Things Right

Staying Vigilant

How exactly do you weather a perfect cybercrime storm?

REDUCE BUSINESS RISK AND MAXIMIZE SECURITY FOR YOUR ORGANIZATION

We're here to help solve your complex IT and security problems.

Share This

Call Us

1.866.328.5538

C A S E S T U D Y
How Bulletproof Helped the City of Saint John Overcome a Ransomware Attack and Strengthen Their Security Posture