by Bim Parmar – 05/15/11
Up until March 15th, 2011, Nanaimo – a small city of 76,000 people in Western Canada, was mostly known for a decadent dessert bar and its annual bathtub race across Georgia Straight. However, on March 16th they became the first known victims of a zero-day virus strain called “qakbot”. The malware was first detected on March 15th and by the next day it infected over 440 computers at Nanaimo City Hall, forcing many city services offline and effectively shutting down operations.
The city shut down its Internet connection immediately as the virus spread almost instantly from workstation to workstation. According to the city’s Internet security providers, Nanaimo is using the best anti-virus programs possible to identify the new strain. Unfortunately, this version of the virus has a completely new signature that wasn’t recognized by their defenses.
City staff worked almost around the clock after the zero-day virus was discovered Wednesday and a dozen people worked overtime all day Saturday and Sunday in order to remediate the infected computers and get services back online. In addition to the remediation cost, the City had to purchase additional laptop computers in order to provide temporary services to citizens and businesses. The total cost to recover from this incident is expected to be in the tens of thousands.
Anti-virus alone is no longer enough. A layered security approach would have kept Nanaimo up and running.