Microsoft steps up to help Nunavut government with ransomware recovery
Move to regroup under Microsoft could be a cost saver, government says
(Updated, Nov. 29 at 9 a.m.)
Microsoft Corp. is helping the Government of Nunavut get its computers back online after the Nov. 2 ransomware attack.
Microsoft sent in its Detection and Response Team, or DART, to support the GN’s information technology staff, said Dean Wells, the territory’s chief of information technology.
According to Microsoft, DART helps provide solutions to customers dealing with cyberattacks.
Microsoft has sent three members from DART and a technical account manager to Nunavut. The support is provided under a contract that was signed before the ransomware incident, the GN said.
The GN said the team arrived with tools specifically designed for them to bring the GN’s systems back online “in a secure operating environment.”
The GN’s new computer network, set up after the ransomware virus disabled its old system, uses Microsoft’s latest software and cloud data storage, which includes advanced cybersecurity, said Wells.
The GN has gone to a new Microsoft system, he said, because it made sense to start fresh and “make something good out of a bad situation.”
The GN declined to offer more information about the specific name of the product being used to run the new network, “for security reasons.”
But the GN plans to regroup its various information technology services under Microsoft, which Wells said could lead to some cost savings.
“We’re a government and we get a special rate and pricing from them,” he said.
Members of Nunavut’s legislative assembly will learn more about the price tag for the ransomware recovery during the winter sitting of the territorial legislature, Nunavut Premier Joe Savikataaq told Nunatsiaq News this week.
Overall, the cost of rebuilding the GN’s computer operations is likely to be “substantial,” Savikataaq said.
That effort includes the physical reformatting of 5,000 computers throughout Nunavut.
“We don’t have extra funds just lying around, but the GN doesn’t have a choice but to spend the money,” Savikataaq said.
Microsoft and McAfee, a cybersecurity company, want to know what happened, he said. That’s because the ransom virus that got into the GN’s network shouldn’t have got in.
“But it did,” Savikataaq said. “It should not have been breached.”
Savikataaq said it’s not 100 per cent certain that a similar situation won’t happen again.
“You can’t say never because it’s a war being fought out there, not just by us, but by other organizations and governments,” he said.
Wells also said the risk of ransomware attacks remains high. He said it’s like being stalked by big-game hunters, whose prey now includes governments.
The cost of the loss of productivity at the GN this month, when so many were unable to go online, has not yet been tallied.
“We’re working through it,” Savikataaq said. “It did affect our operations but it didn’t cripple us. This is just one of the issues we have to deal with.
But “everything should be caught up,” Savikataaq said.
Asked about why he had stated in a recent news release that the disruptions were “minimal,” Savikataaq responded that they could have been worse.
He said there weren’t as many complaints as could have been expected because people understood “we’re doing the best to fix it.”
“I don’t know if they knew what was going on, but they knew it was being worked on,” Savikataaq said.
This story has been updated to include a more complete quotation from Dean Wells, the territory’s chief of information technology, about the reasons for switching to a new Microsoft system.