- In the City of Saint John, I'm responsible
for the strategic direction of our IT service area.
On November 13th, Friday the 13th,
I got a call on my personal phone.
I was told that a number of our systems were down
with fairly strong indications
that we had a ransomware attack.
When we got a chance to look at the ransom note
from the threat actor, it was 640 Bitcoin was their demand
for the decryption key,
approximately 12 to 14 million dollars.
After we understood that we were indeed, attacked
we had Bulletproof on site
and ready to support us in containment.
- When Saint John was attacked,
our team mobilized immediately.
We had a team on the ground within 12 hours,
supporting Saint John and providing value immediately.
Working through containment,
identifying whether there was exfiltrated data,
supporting forensics, supporting decision making
for the city.
- When Bulletproof came on site,
it was like they were part of the team, instant connection,
working with them side by side.
-  A lot of decisions need to be made quickly
and you don't always have every piece of data
that you'd love to have in that situation
when things are moving so quickly.
- In terms of managing chaos,
having so many stakeholders, many times answering questions
that I just didn't have the answers to -
Why did it happen?
How did it happen?
- we also had to deal with our Common Council
so that they could understand what it meant for the city,
how their services were impacted,
and the next steps.
- We came in with a very defined playbook
about protecting the organization as we brought it up
on a clean and established network that we knew
was in a good state,
leveraging the key power of Microsoft Defender for Endpoint
and Microsoft Defender for Cloud Apps
to ensure that no additional spread or intake of malware
could derail the rebuild process.
That was very important that we didn't have a setback
like having the malware sneak back into the organization.
There's multiple stakeholders involved in that,
and I think their expectation was
we were going to come knocking six months down the road
and say, okay we're ready to get reconnected.
In fact, with the focus of the team on the ground,
the multi-discipline team that Bulletproof put in play,
with the City of Saint John's key IT resources,
we were able to rebuild the key environments
that needed to be connected in a six week timeframe,
not a six month timeframe.
- The implementation of the Microsoft Security Stack
really gives us that endpoint visibility
that we never had before.
So, lesson learned that we can share
with other municipalities is making sure
that they are getting their councils on board to invest
in an enabling service like information technology.
The City of Saint John understood the level to which we rely
on technology to deliver public service.
It's not a matter of if you'll be attacked, it's when
and how can we support one another, pre attack
and after an attack.