Cyberattack knocks out GN servers for most of Thursday
Government continues to fight ongoing cyberattack but says no sensitive information is at risk
The Government of Nunavut’s website was back online Friday after a cyberattack knocked it down for 12 to 16 hours on Thursday.
A GN spokesperson confirmed it was the victim of “distributed-denial of service cyberattack” in which hackers flood a system server with connection requests, overwhelming the server and putting it offline.
“Bot farms in several countries are pointing great amounts of traffic at our site,” said Casey Lessard, the communications director for the Department of Executive and Intergovernmental Affairs.
“We have implemented a solution [to] block bots and ensure real people can visit the site.”
Lessard said while the website was down, no data was lost.
“The only entity under attack is the GN website, which is not connected to the GN servers,” Lessard said in an email to Nunatsiaq News.
By Friday the website was responsive, however connectivity continued to be strained and on occasion it displayed error messages, an indicator that the site was still under attack.
“The website has been and continues to be the target of a distributed denial of service campaign,” Lessard said.
He stressed the GN’s internal network of servers was not impacted, and that only the public-facing GN website had been targeted.
No private or personal employee information is at risk, Lessard said.
On Thursday, four other provincial and territorial government websites were also inoperable.
The Prince Edward Island and Yukon governments confirmed in statements their websites had been victims of a denial of service attack similar to Nunavut’s.
CBC reported the Saskatchewan government also confirmed an attack and that the Manitoba government reported service delays, but attributed them to “an unplanned service disruption.”
Nunavut government websites have faced a number of cyberattacks over the past few years.
On Aug. 15, the GN warned of a phishing email scam that had the appearance of being official communication sent from the Premier’s office seeking assistance from individuals.
Email phishing is used by hackers to solicit private or secure information from unsuspecting recipients by masquerading as a trusted source.
The email was identified on internal government servers and did not appear to have gone beyond the GN’s systems.
Earlier this year, an attack targeted a number of Qulliq Energy Corp.’s databases, including payment processing. Later, QEC said there was no evidence that customer data had been compromised.
The attack led to the GN’s decision to take over the power company’s information technology systems on a permanent basis in June.
In November 2019, a ransomware attack crippled “essential electronic communications within the Government of Nunavut.”
During a ransomware attack, hackers use malware or a computer virus to encrypt data on a sensitive or private network. After legitimate users are locked out, perpetrators then demand a ransom to release the locked-down systems.
Hackers also threaten to delete sensitive information if the money is not paid within a certain deadline.
In March 2022, the GN announced it had spent more than $5 million “developing a state of-the-art computer system designed to prevent similar attacks.”