Government of Nunavut slowly rebuilds computer network following ransomware attack
“Lots of people ask me when we will be back online and that’s a real difficult question to answer”
Now into the second week since the Nov. 2 ransomware attack that kicked the Government of Nunavut offline, employees in Iqaluit have started to see working computers reappear on their desks.
That’s a sign of progress in what is likely to be a lengthy process.
“Lots of people ask me when we will be back online and that’s a real difficult question to answer,” Dean Wells, the territory’s corporate chief information officer, told Nunatsiaq News.
The information technology team plans to continue getting things back online first in Iqaluit, department by department, “piece by piece, and then “community by community,” he said.
Last weekend, the territory-wide reformatting of computers affected by the cyberattack got underway after about 2,700 computers in Iqaluit were picked up and taken to a warehouse in the city.
There, the computers were cleaned and reformatted.
“And we took this opportunity to do some extra work and do some inventory,” Wells said.
IT teams have now started to reinstall some of the machines back in the departments of Finance, Family services, Justice and at the Qikiqtani General Hospital, he said.
That’s just the start.
It will be different process for the communities, Wells said, due to the lack of facilities—and “there aren’t as many machines.”
So it’s one process for Iqaluit and another for communities, he said.
Future plans involve IT staff travelling to communities outside Iqaluit where they will visit every work station and do the reformatting work onsite with local IT technicians.
This means that, for now, about 1,500 GN employees outside Iqaluit still can’t turn on their computers.
“We can’t do the communities until we get Iqaluit back online. We have to get here running first, and we’re not finished yet,” Wells said. “We’ll be a few days yet for sure.”
As for the ransom that the ransomware attackers hoped to walk away with, it wasn’t just about money, usually paid in the form of bitcoin, an online, unregulated currency.
Wells said “the way that they asked us to respond to them was innovative because they wanted us to provide information to them that would have revealed more to them” and perhaps opened the way for more future attacks on other systems.
Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a ransom to the attacker.
In many cases, the ransom demand comes with a deadline and warns that if it’s not paid in time, the data will be destroyed.
So the decision was made “we’re not going to do this,” Wells said.
The backed-up GN data is good back to Nov. 1, Wells said, so there shouldn’t be any loss of information in the long run.
For now, until the system is fully restored, the GN can be reached by phone, fax and voicemail.