Malware inflicts major cyber attack on Government of Nunavut’s network
“We are not sure how far it reaches,” Premier Joe Savikataaq says
(Updated, 4 p.m.)
A ransomware cyber attack appears to have crippled essential electronic communications within the Government of Nunavut, and some public services may be affected throughout the territory.
This means if you work for the Government of Nunavut, you may not be able to gain access to your email or consult online files, or if you reside in Nunavut, your access to public services may be difficult or impossible.
Nunavut Premier Joe Savikataaq issued a statement on Twitter on Saturday night, saying the GN’s internet system had been infected earlier on Nov. 2 by what he called “a virus that has targeted public services.”
“We’re working around the clock to see the scope of the issue and get everyone back online. You will not have access to your GN account until we understand the full extent of the issue. This affects more than just Iqaluit, but we are not sure how far it reaches,” Savikataaq said.
1/2 The GN IT system was hacked early this morning, by a virus that has targeted public services. We’re working around the clock to see the scope of the issue & get everyone back online. You will not have access to your GN account until we understand the full extent of the issue.
— Premier Joe Savikataaq (@JSavikataaq) November 2, 2019
In a Facebook post, the GN identified the virus as a ransomware attack.
Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a bribe to the attacker.
In many cases, the ransom demand comes with a deadline and if it’s not paid in time, the data is destroyed forever.
I knew this day would come with GN falling to ransomware. I’ve seen it in municipalities and other orgs. It was only a matter of time. This is why I’ve preached about cyber security so often in the past. It could be a matter of “Pay up or lose everything”. These are no joke.
— Kyle Sheppard (@Maqaiti) November 2, 2019
Later in the evening of Nov. 2, the GN issued another statement on Facebook: “GN IT is actively addressing the computer network issue, working with IT security companies and internet and software providers. Some Government services might experience delays. Thank you for your patience while we work to resolve this issue. At this time we do not have an estimate as to when services will be restore.”
Jimi Onalik, an associate deputy minister in the Department of Economic Development and Transportation, said on Twitter that the GN is now working with IT security companies, internet providers and software providers to fix the problem.
But as of the evening of Nov. 2, he said the GN cannot say when services will come back.
Work: Update GN network situation: GN IT is actively addressing the computer network issue, working with IT security companies and internet and software providers. Some Government services might experience delays. Thank you for your patience while we work to resolve this issue…
— Jimi Onalik (@kivalliqboy) November 3, 2019
Work, cont: At this time we do not have an estimate as to when services will be restored. Updates will be provided as they become available. Translations to follow when available.
— Jimi Onalik (@kivalliqboy) November 3, 2019
Ransomware is often spread through emails that contain malicious attachments, or by a technique called “drive-by downloading.”
This drive-by downloading takes place when a user visits an infected website. Then malware is downloaded and installed without the user’s knowledge.
Ransomware attacks use a “Trojan,” a fake website or legitimate-looking file that the user is tricked into downloading or opening when it arrives as an email attachment.
After that, the criminal who controls the malware threatens to publish the user’s data or perpetually block access to the data unless a ransom is paid.
Advanced malware uses a technique called cryptoviral extortion, in which it encrypts the files, making them inaccessible, and demands a ransom payment to decrypt them.
Usually that ransom is in the form of a cryptocurrency, called bitcoin, which needs to be paid to unlock the encrypted files.
Martin Joy, director of information and communication technology at the GN, told Nunatsiaq News this past July that the GN could receive an average of 4,000 to 5,000 attempted cyber attacks per week.
Joy said then that the GN’s security system was strong enough to prevent ransomware from getting through.
The GN also restricts what web pages its employees can access and does not allow access to external email accounts, he said.
But the incidents of ransomware scams in Canada are rising at an alarming rate, according to the RCMP.
In 2015, Canadians were affected by 1,600 ransomware attacks a day.
“By September 2016, the attacks nearly doubled. Those are the known cases. Unfortunately, many incidents still go unreported,” the RCMP’s online information on ransomware says.
“Extortion via ransomware is a criminal offence, and the money you pay will be used to fund criminals and/or criminal organizations and motivate them to further victimize others.”