One year after ransomware attack, the Nunavut government says all computer systems are restored

But information and privacy commissioner says “the ransomware attack is still being blamed for an inability to produce records for access to information requests”

Here’s a look into the storage area in Iqaluit where the Government of Nunavut IT teams reformatted computers affected by last November’s ransomware attack. The effort took months. (File photo)

By Jane George

The Government of Nunavut says it has recovered from last November’s crippling malware attack on its computer network.

“All GN system applications have been restored to the functionality at the point of the ransomware attack,” the Community and Government Services Department said in an email to Nunatsiaq News.

But Elaine Keenan Bengts, Nunavut’s information and privacy commissioner, says that’s not the case.

In her annual report, tabled on Oct. 21 in the Nunavut legislature, she said the GN had not been able to fully restore its systems nine months after the attack.

“Email records, in particular, are still not fully recovered or at least the ransomware attack is still being blamed for an inability to produce records for access to information requests,” she said in her report.

A year ago yesterday, on Nov. 2, 2019, Premier Joe Savikataaq and other key Nunavut government officials woke up to terrible news, that the territorial government’s computer system had been infected by a malware program and was no longer functional.

Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a ransom to the attacker.

In many cases, the ransom demand comes with a deadline and if it’s not paid in time, the data is destroyed forever.

In the GN’s case, ransomware encrypted individual files on 5,000 servers and workstations.

The GN was given a 48-hour deadline after Nov. 2 to contact the ransomware attack’s perpetrators and another deadline of 21 days to pay them a ransom.

But the GN didn’t pay, instead choosing to use backup data on reformatted or new equipment, within a new system.

“We completely rebuilt after the ransomware,” Savikataaq told Nunatsiaq News in a later interview. “I am so thankful that the ransomware and COVID didn’t come at the same time.”

And there was even a silver lining of sorts to last year’s ransomware woes, according to the GN: the cloud-based tools acquired following the ransomware attack “prepared the environment for GN staff to be able to work from home at the time the pandemic emerged.”

And these tools were supported by remote virtual private network protection. This was installed on the portable devices, allowing GN staff to work securely from home.

But Keenan Bengts said her work as information and privacy commissioner continued to be hampered even months after the ransomware attack.

She said the number of IT experts within the GN appeared to be limited and “most of them appear to be pre-occupied with the bigger issues with respect to [the] attack, and then with the requirements to allow employees to work from home during the pandemic.”

She said they had little time to devote to requests for recovery documents to respond to access to information requests.

“I suppose it was inevitable that the ransomware would be blamed for the inability to find records responsive to access requests and this is playing out now. How prevalent it becomes as an excuse for non-production of records remains to be seen,” Keenan Bengts said.

Overall, the GN and many Nunavummiut continued to suffer from the fallout from the ransomware attack for months.

The Health Department’s chief of staff told Nunatsiaq News about the computer shutdown’s huge impact on operations.

The attack also held up new income support applications and left at least one applicant, a mother with several children, with an empty refrigerator and cupboards.

Education faced new challenges: without computers, a teacher said, “we were plunged back to using basic resources.”

The situation remained serious into December, with no email connections through the GN system. In Iqaluit offices, there was no telephone access unless you knew the direct number.

Even in March, some applications needed more work to be brought online, others were not accessible to everyone and some awaited upgrades, CGS said at the time.

CGS said then that it was still trying to complete the restoration of old emails, from before the ransomware attack, using data from the backed-up servers.

Tackling the malware attack was also costly for the GN.

The cost of the ransomware attack for CGS was $7.29 million, the department told Nunatsiaq News.

This figure includes the cost of all service contracts, purchases of hardware and software, and staff overtime, CGS said.

That figure doesn’t include the cost to other government departments.

CGS said no study has been “completed specifically on the efficiency impact of the ransomware attack.”

But a report on the ransomware incident has been compiled for submission to the legislative assembly, CGS said.

Microsoft’s Detection and Response Team, called “DART,” which sent a team to Nunavut last November, was to hand over its analysis of the ransomware attack by late April.

“As this report has yet to receive final approval for submission, it cannot be shared with the public yet,” CGS said.

Share This Story

(10) Comments:

  1. Posted by Concernd on

    Should keep some typewriter with carbon copy paper as back up O , and lots of type writer ribbion

  2. Posted by Skeptic on

    Has any MLA asked directly if the GN paid the ransom indirectly?

    If you remember the timeline, the fall sitting of the Legislative Assembly was in session. Ransomware hit and it looked increasingly unlikely that the GN would be able to recover files.

    Then the Legislative sitting ended on a Thursday. On the following Monday the GN miraculously announced that it managed to recover all the encrypted data – something other Corporate and State entities hit by the same DoppelPaymer ransomware have been unable to do.

    The hacking outfit behind DoppelPaymer also leaks information from its victims to extort them into paying. They established a website called “Dopple Leaks” to leak the info of victims that dont pay. The Government of Nunavut is not listed on this website.

    I think some straightforward questions and answers are necessary here. If the Government of Nunavut used public funds to pay off a hacking group, likely indirectly through one of its hired consultants, then Nunavummiut deserve to know.

    • Posted by Unik on

      It was not paid.

      If I remember correctly only 30% of companies who pay these hackers get their information back. And almost never all of it.

      • Posted by Skeptic on

        And you know this how?

        Your 30% argument only bolsters mine. How is it that the GN was able to recover all their data, despite much larger and more technologically sophisticated parties like Pemex being unable to do so?

        If the GN paid off hackers, we deserve to know.

        • Posted by Disgruntled on

          This article specifically states that the GN did not pay. Read the article before you comment.

          • Posted by Skeptic on

            I did read the article. Did you read my comment?

            Have you bothered to look up Doppel Leaks?

            Have you stopped to consider how the GN managed to pull off a complete recovery with no loss of information despite other much larger, much more sophisticated organizations being unable to do so?

            Isn’t it interesting how no one in the legislature seems interested in asking very basic questions about it?

        • Posted by QAnon on

          The GN was able to recover (almost) all their data because they regularly back it up externally. That’s not a secret. It’s even stated in this article: “But the GN didn’t pay, instead choosing to use backup data on reformatted or new equipment, within a new system”. It was also in the linked article from November 7 of last year: “The backups of GN data appear to be OK, Wells said, so “we are not anticipating any loss of data at this time.”
          .
          But you continue on with your conspiracy theories.

  3. Posted by Dinasaur on

    Have any of you worked in a data center?
    .
    I have.
    .
    Back-ups can be kept on-line. Those can be encrypted by ransome-ware.
    .
    But a proper back-up process requires storage that is not only off-line, where ransonware cannot get at it, but off-site, so it cannot get dammaged, even if the data-center burns to the ground.
    .
    As far back as the early 1970s we stored back-up copies in bank vaults. And we did not use just one back-up location, we used two different ones that were not subject to the same risks.
    .
    It’s not rocket science. It’s nothing new. This is how its done.

  4. Posted by No Heads Rolling on

    $7 million dollars and the same people in CGS management who let this happen are still working here. Hard to believe incompetence could result in this kind of loss, which does not account for most GN employees not having a computer for 5 months. There is some silver lining, but CGS keeps cutting back basic features available through Office 365 for no apparent reason. Most departments would be better off running their own IT, and it would save a lot of money.

Comments are closed.