Nunavut government warns residents about fraudulent calls, cybersecurity
City of Iqaluit says it is not subject to ransomware attacks
Nunavut’s Department of Justice is warning residents about fraudulent phone calls from people who pretend to work for the department or for the Nunavut Court of Justice.
The department says they’ve received reports of such callers asking potential fraud victims for social insurance numbers.
Matilda Madekufamba, a senior policy analyst in the Justice Department, says Nunavut justice officials never make such calls and would never ask for social insurance numbers.
The RCMP also knows about these calls, Madekufamba said.
But phone calls aren’t the only method used to gain financial information, the Government of Nunavut says.
Cyber attacks, or attempted online data breaches, occur every day in the GN.
In fact, the GN can receive an average of 4,000 to 5,000 attempted cyber attacks per week, says Martin Joy, director of information and communication technology at the GN.
None of these attacks have been successful, since the GN updated its security system a few years ago, he said.
“We have multiple different layers of security and programs and hardware and software that create layers between our sensitive data,” Joy said.
But as technology continues to evolve, Joy says his team is always monitoring these attacks.
“We’re constantly investing in more security, looking at different patterns. It’s a full-time job. You can’t just do it once,” he said.
The cyber attacks can take two different forms, Joy said.
One form is a through a phishing email, which, similar to fraudulent calls, might ask for banking information to pay an invoice, for example.
“They’re sending out huge volumes of emails hoping that one or two per cent of the clients they hit with it will actually put in their financial information,” Joy said.
The other form of attack is through ransomware, which targets a computer’s internal data. This includes things like Word documents, Excel sheets, photos and PDFs, Joy said.
“It just looks for all those files and then it encrypts them with a security algorithm that’s complicated and can’t be broken by regular software tools,” Joy said.
Ransomware may be inadvertently downloaded to a computer by opening email attachment or clicking on a pop-up advertisement, he said.
The attacker will demand a ransom, usually in the form of a cryptocurrency called bitcoin, to unlock the encrypted files, Joy said.
“Bitcoins, you can’t track those once they’re spent electronically. So it’s a very anonymous way to exploit and get people to pay for those files to come back. And you’re not ever guaranteed to get your files back.”
While Joy said the GN’s security system is strong enough to prevent ransomware from getting through, small offices and home computers don’t always have the same level of protection.
“The most important thing is that any person in any organization should have backups of their data. And having a copy of your data which is not connected to your workstation.”
The GN also restricts what web pages its employees can access and do not allow access to external email accounts.
“We take a lot of the guesswork away. We take more of a rigid line,” he said.
At the municipal level, the City of Iqaluit says it has not been subject to ransomware attacks.
“The City of Iqaluit is very concerned about the integrity of the information stored on its network and does maintain a daily data backup system,” said Rubina Hoque, the city’s acting communications manager, told Nunatsiaq News.
Hoque said the city is also in the process of “a significant IT infrastructure upgrade” that includes an update of its backup systems.
“These upgrades include increasing overall dedicated storage space for the generation and long-term retention of backup data as well as installation of redundant offsite data backup resources,” Hoque said.
The project is scheduled to be completed by the end of 2019, Hoque said.
The Department of Justice encourages people who receive suspicious phone calls to contact the Canadian Anti-Fraud Centre.
You can reach the centre by phone at 1(888) 495-8501, or electronically through the Fraud Reporting System.
the City of Iqaluit says it has not been subject to ransomware attacks
Bold statement. GN gets thousands weekly and Iqaluit doesn’t get any?
You usually only become aware of attacks if they are successful. Until someone opens a suspicious message, there is no way of knowing just what the intention was.
If in doubt, don’t.
Every organization has scanners, filters, system policies, and employee training to minimize the risk of malware. It’s obvious the city meant they haven’t experienced any successful ransomware attacks, not that they’re impervious to them.