Whistler Resort Municipality Hit with Ransomware Attack

The Resort Municipality of Whistler (RMOW) in British Columbia, Canada suffered a ransomware attack last Wednesday, April 28, 2021. Following this, Silicon Angle revealed that the local government resulted in temporarily suspending its services, with the impact possibly affecting thousands.

Located just an hour over the north of Vancouver, Canada, the Resort Municipality of Whistler is touted as one of the country’s premier ski resorts.

Bleeping Computer states that the municipality gains around three million visitors every single year, with the town having approximately 12,000 residents. The ski resort is also recognized for having hosted the 2010 Winter Olympics alpine skiing events back in the day.

Whistler Hit with Ransomware Attack

The ransomware attack launched at Whistler’s website is considered one of the newer variants existing in the market, said Bleeping Computer. The news site said that its researchers, as well as other ransomware researchers, have yet to see this kind of attack, most likely pointing to a new scheme. Meanwhile, Silicon Angle notes that the ransomware is a double-tap attack.

After gaining unauthorized access and hacking into the network systems of the resort municipality, the cybercriminals responsible for the ransomware claimed to have successfully obtained around 800 gigabytes worth of archived data and materials.

Among those compromised by the cybersecurity incident include the personal information of individuals. These include their names and addresses, passwords, email dumps, email databases, SQL database, statistics, network scheme, services, and other private documents.

Following this, Bleeping Computer reports that the ransomware gang took to threatening the municipal government of Whistler that they will be selling the data they have retrieved from the website via an online auction over the next seven days.

The ransomware gang also left a warning on the website and included a link to the dark web, with Silicon Angle revealing that the dark web address led to a chat site where the attackers are slated to negotiate a payment for a ransom to release the security of the website.

Given the extent of the incident, the non-essential services of the town have been suspended after the RMOW has taken down its website, email, and phone services. Some in-person services have also been suspended, with both of these being taken as a precautionary measure.

As of writing, RMOW said that they are currently working with security experts. They have also leveraged the services of the Royal Canadian Mounted Police to further investigate the matter. The RMOW urges the public the maintain vigilance regarding scams and other similar attacks that may ask for individuals’ personal details.