The Municipality of North Perth is responding to a significant cybersecurity incident discovered on November 26, 2025, marking the latest in a series of municipal attacks targeting Canadian public services. According to the municipality’s official statement, the event forced immediate containment measures and disrupted access to several administrative systems—most notably waste management and community planning services, which rely on digital platforms for scheduling, permitting, and service coordination.
While the investigation is ongoing, the attack has been attributed to WorldLe@ks, a threat actor that has become increasingly active across North America throughout 2025. WorldLe@ks is believed to be a rebrand of the Hunters International ransomware group, which pivoted from traditional file-encryption ransomware to a pure data-theft and extortion model. Since early 2025, the group has focused entirely on infiltrating networks, stealing sensitive information, and threatening to publish it unless victims pay a ransom—removing the encryption step that historically caused widespread operational outages.
In this case, the municipality reports no confirmation yet of what, if any, data was accessed or stolen. However, given WorldLe@ks’ established pattern of exfiltration-first operations, it is highly likely that the incident involves some degree of unauthorized data access. Municipal governments, with their extensive records on residents, zoning, permits, utilities, emergency services, and vendors, have become prime targets for this type of extortion-driven cybercrime.
The immediate priority for North Perth has been isolating affected systems, working with cybersecurity specialists, and maintaining essential operations. Waste management scheduling—normally automated—has been forced into manual contingency processes, creating delays and communication challenges across the community. Community planning and building-permit workflows, which rely heavily on digital documents and geospatial data, are also temporarily impacted.
North Perth emphasizes that core municipal functions remain operational, and public safety services are not affected. Still, the incident highlights a broader national trend: local governments are facing increasing pressure from cybercriminals who recognize that municipalities often operate with limited IT resources and aging infrastructure.
The rise of groups like WorldLe@ks underscores a shift in the cybercrime ecosystem. Encryption-based ransomware once dominated the threat landscape; now, data theft paired with the threat of public exposure is becoming the preferred tactic. This approach is faster, harder to detect early, and often more damaging to a victim’s reputation and legal exposure.
As forensic work continues, North Perth has committed to transparency and has informed law enforcement and privacy regulators. Residents are encouraged to monitor municipal updates as the investigation progresses.
