Illustration by Alex Castro / The Verge

Staff in the Canadian town of St. Marys have been locked out of their systems due to a cyber attack.

The LockBit group seems to be targeting a small town. On July 22nd, a post on Lock Bit's dark web site listed townofstmarys.com as a victim of the ransomware and previews that had been stolen.

Screenshot taken from a ransomware group’s website. Text reads: “The Town of St. Marys is located at the junction of the Thames River and Trout Creek, southwest of Stratford in southwestern Ontario. Rich in natural resources, namely the Thames River, the land that now makes up St. Marys was traditionally used as hunting grounds by First Nations peoples. European settlers arrived in the early 1840s. Stolen data (67GB): financial documents, plans, department, confidential data”
LockBit ransom listing for the Town of St. Marys

In a phone call, the mayor of St. Marys said the town was responding to the attack with experts.

We are in a state of shock at the moment. The experts we have hired have identified what the threat is and are walking us through how to respond. There are people working on the case all the time.

After systems were locked, the town received a demand from the LockBit gang but had not paid anything yet. The town would follow the advice of the incident team, even though the Canadian government discourages paying ransoms.

The file structure of a Windows operating system can be seen in the Screenshots shared on the LockBit site. The town was given a deadline to pay to have their systems unlocked or the data would be published online.

The town of St. Marys gave more information in a press statement. The essential municipal services like transit and water have not been affected by the incident.

“To be honest, we’re in somewhat of a state of shock”

According to an analysis by Recorded Future, the LockBit group was the most prolific global group in terms of the number of incidents. On July 14th, LockBit listed data from the town of Frederick, Colorado as having been hacked, a claim that is currently under investigation. The LockBit listing for Frederick is demanding $200,000 not to publish the data.

Smaller towns are being targeted by global ransomware groups with extensive technical knowledge and resources. In March the FBI cyber division published a notification to private industry partners of government agencies.