Nunavut government has spent $5M to cope with November ransomware attack

Minister says new “state-of-the-art” system will help prevent future attacks

Here’s a look into the storage area in Iqaluit where the Government of Nunavut IT teams reformatted computers affected by last November’s ransomware attack. The work on fixing the system isn’t done yet. (File photo)

By Jane George

The Government of Nunavut has so far spent just over $5 million to deal with the ransomware attack that knocked out its computers on Nov. 2, says the Department of Community and Government Services.

The department’s minister, Lorne Kusugak, recently told the legislature that the territory is now developing a “state-of-the-art” computer system designed to prevent similar attacks.

But the public will have to wait until next month to learn the details of what took place when someone exposed the GN’s computer network to the malicious software.

Microsoft’s Detection and Response Team, called “DART,” which sent a team to Nunavut last November, plans to hand over its analysis of the ransomware attack by late April, Kusugak said on Feb. 27.

“We hope to have the information, the post-mortem information by the end of April. I will know at that time what information we can share regarding that matter,” he said.

Obtaining that “post-mortem information” is part of the GN’s effort to improve cybersecurity, Kusugak said during the Nunavut legislature’s committee of the whole examination of the Department of Community and Government Services’ operations budget.

“We will use advanced protection going forward. We’re focusing on a cloud-first approach for all applications,” Kusugak said.

Among other actions, the GN has upgraded its workstations to the latest operating systems, and will conduct security awareness campaigns for all users in all government departments, he said.

Kusugak said there were over 700 attempts a day to penetrate the GN’s system before the Nov. 2 attack, but “up until that moment when someone pressed that button, we were safe.”

“I think this was a real wakeup call for staff across Nunavut to be more mindful of what could happen in an instant when you’re using a computer,” he said.

The forensic analysis will respond to some of the many questions asked by MLAs during the committee of the whole discussion, he said.

The ransomware discussion included questions from Arviat North–Whale Cove MLA John Main and Iqaluit–Manirajak MLA Adam Lightstone about why the attack took place in the first place and if the GN had done enough threat assessments before the attack.

Dean Wells, the territory’s corporate chief information officer, who accompanied Kusugak at the committee session, said the GN had not done any direct penetration testing before the attack.

“The attack that we encountered was a brand-new stream of malware, and therefore there were no tools to fight against it anyway at that point in time,” Wells said.

Kusugak said the Microsoft team and other cybersecurity experts said they had not encountered this type of malware before the attack on the GN.

“The GN security patches were up to date and monitoring tools were in place. At the end of the day I don’t really believe it would have mattered if we had done that,” Kusugak said about the lack of threat assessments.

Lightstone wanted to know whether contractors working before the ransomware attack were also those who worked to help with the cleanup.

Wells said they were, because they “were the best people to help us bring the network back live again.”

The GN was given a 48-hour deadline after Nov. 2 to contact the ransomware attack’s perpetrators and another deadline of 21 days to pay them a ransom.

But the GN didn’t pay, instead choosing to use backup data on reformatted or new equipment, within a new system.

That took time, but the forensic analysis of the ransomware attack will lack a big piece of information: it won’t include any estimate of the cost of the ransomware in lost productivity at the GN.

“We didn’t track and I’m not aware of any department that tracked loss of time or not getting work done because of the computer,” Kusugak said.

Kusugak appeared to minimize the impact of the ransomware attack on the GN.

“Monday morning happens and you’re not allowed to turn on your computer, what do you do after you get your coffee?”

Many conversations happened over the phone and people-to-people interactions happened a lot, Kusugak said.

That’s despite comments from the Health Department’s chief of staff to Nunatsiaq News about the computer shutdown’s huge impact on operations.

The situation remained serious into December, with no email connections through the GN system. In Iqaluit offices, there was no telephone access unless you knew the direct number.

Even now, repairs to online services are not yet complete, Main said, referring to a recent ransomware update that has not been made public.

In all 25 communities, there has been a complete recovery of the core services, but there are still some things that need to be worked on, including the FANS system for student financial assistance, Main said.

“I’m just using examples; the fur tracking system, Department of Environment in Ottawa, MEDITECH is still being worked on in the communities,” he said.

“Right now we don’t have a date where they will all be complete,” Kusugak said.

In response to a request for more information about the recovery, CGS said in an email that the new computer network is functional, but some applications need more work to be brought online, others are not accessible to everyone and some await upgrades.

As well, CGS said it is trying to complete the restoration of old emails, from before the ransomware attack, using data from the backed-up servers.

Share This Story

(12) Comments:

  1. Posted by Julie on

    C’mon CGS… no virus penetration tests conducted on the network and system prior to the GN ransomware attacks (?). That is like the military not simulating being at war via conducting regular war games. I trust that the high-priced contractors CGS employs to ensure the GN system is not compromised have been let go. And that the indeterminate employees have been sent for retraining.

    Good for you Adam & John for not letting this item be trivialized & swept under the rug.

  2. Posted by programmer 1 on

    Microsoft’s Detection and Remediation Team detects non-Microsoft software and ensures it is replaced with Microsoft products.
    .
    In other words, it is Microsoft’s elite sales team. And the GN seems to have bought everything in their store.
    .
    It would be too funny for words if it eventually turns out that Microsoft was responsible for the ransomware attack. I cannot imagine a more effective marketing tool.

    • Posted by Polar Bear on

      Microsoft was responsible for the ransomware attack so that it could then sell the solution to the GN vs. a computer-illiterate employee clicking on a spam link.
      .
      Hmm I wonder which is more likely…

      • Posted by Julie on

        The blame lies with the dept & individuals tasked with protecting the GN networking in the first place. They failed miserably. Microsoft just a recipient of overall CGS incompetence.

        • Posted by Seriously? on

          Oh please! Blaming CGS for this attack is like blaming the dentist because YOU ended up with a cavity. You can spend millions and have a state of the art security system protecting your house, but if some idiot forgets to lock the door, then you can hardly blame the system, can you?

          • Posted by Julie on

            Your analogy confirms my assessment Seriously?. U tripped yourself up. Btw. A pc user in the GN shd not he offered an opportunity to open a hazardous attachment in the first place. CGS just not up to the task.

            • Posted by Seriously? on

              Clearly you didn’t understand the analogy.

  3. Posted by a on

    All due respect guys but … if the department that compiled the $5 Million price tag is the same one that is running the infomatics operation we are in deep doodoo. Heck there was at least that much lost in productivity across health and education.

    If we add the extra contracted and overtime technical wages and the capital costs that number would quadruple very easily. There is also a factor for software, another for HR costs including employee-turnover, client compromise across all departments. And we aren’t out of the water yet and are at best running at 75%.

    Like much else that Mr. Kusugak says, his figures merit inspection. For his own benefit he might consider reasonableness tests before opening and inserting.

    Maybe Mr. K was just referring to costs for CGS wages. Small world.

  4. Posted by Cloud on

    The cloud is not some magical place in the sky… It is space on someone else’s computer….

  5. Posted by Help Desk on

    Congratulations! Gave the Help Desk another reason to be unhelpful and rude to GN employees. It will allow them to send out more emails about the volume of requests they receive and that you should expect a week before receiving a response that is unsatisfactory and asking for other irreverent, cumbersome information. This is because of the ridiculous situation and processes they have created and enforced. Has anyone ever had a good experience in corresponding with Help Desk?

    • Posted by *Irrelevant on

      Correction: irrevelant not irreverent. If that had of been in my message to the Help Desk, they would have been unable to process my request because Edu It probably deals with emails surrounding incorrect words. The kind of hokum you receive back from them… it’s a joke.

      • Posted by I heart Helpdesk on

        I have had great experiences with HelpDesk in Cambay.

Comments are closed.