GN remains “open and available” following ransomware attack
Malicious software encrypts files on GN servers, workstations, rendering them inaccessible
The cyber attack that has crippled the Government of Nunavut’s communications system means that if you’re going to the Qikiqtani General Hospital or local health centres, you need to bring your health card and medication. “Restoring electronic data for services related to health, family services, education, justice and finance, is a priority,” the GN said on Sunday evening. (File photo)
“A new and sophisticated type of ransomware” has affected the Government of Nunavut’s electronic communications system, but essential services will not be affected, the GN said on Sunday evening.
There may be delays, but GN services will remain “open and available” the GN said in a Nov. 3 news release.
“I want to assure Nunavummiut that we are working non-stop to resolve this issue,” said Nunavut Premier Joe Savikataaq in the Sunday release.
“Essential services will not be impacted and the GN will continue to operate while we work through this issue. There will likely be some delays as we get back online, and I thank everyone for their patience and understanding.”
The penetration of the territory’s internet communications was first revealed on Saturday, Nov. 2.
Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a ransom to the attacker.
In many cases, the ransom demand comes with a deadline and if it’s not paid in time, the data is destroyed forever.
The GN said it is difficult to say how long it will take to get everything back to normal “at this early stage.”
The GN’s phone systems work, but for direct dialing only, the GN said.
But voice mail and phone services in communities are not affected, the release said.
The phone systems at the Qikiqtani General Hospital, schools across the territory, the Baffin Correctional Centre and Nunavut Arctic College are not affected, the GN said.
The GN will announce weather closures or other government messages via social media or on the radio—not through email, the news release said.
The release said GN departments have implemented contingency plans to ensure uninterrupted services to Nunavummiut.
“Restoring electronic data for services related to health, family services, education, justice and finance is a priority,” the release said.
But if you’re going to the QGH or health clinic, bring your health card and a list of any medication you take, the GN said.
The ransomware has encrypted individual files on various servers and workstations, the release said.
As a result, all government services requiring access to electronic information stored on the GN network were affected, with the exception of the Qulliq Energy Corp.
But there was “no concern at this time with the loss of personal information or privacy breaches,” the GN said, adding that ransomware does not distribute information to other parties and can only block the GN from further accessing the information.
“Once the issue was identified, the GN took immediate action by isolating the network, notifying cyber security experts and working with our internet software providers,” the GN said.
The GN said again that it’s working to ensure that data is restored and accessible as soon as possible, and “expects the majority of files will be restored, using existing up-to-date back-ups.”
All the more reason for Hamlets or Municipalities invest more in cyber security. If the GN is vulnerable obviously the hamlets are in jeopardy.
its called ransonware for a reason. is the gn going to have to pay coin or did they get lucky with the backups?
I believe there’s backups.
I don’t believe there are any intentions of paying the ransom.
The major ransomware “provider” was hacked a few weeks ago. The unlock keys have been made public.
Of course, the GN may have its own made-in-Nunavut ransomware, but I doubt it.
Details are available here:
https://it.slashdot.org/story/19/10/12/0044211/ransomware-gangs-victim-cracks-their-server-and-releases-all-their-decryption-keys
“A user got his revenge on the ransomware gang who encrypted his files by hacking their server and releasing the decryption keys for all victims,” writes ZDNet.
One of the gang’s victims was Tobias Frömel, a German software developer. Frömel was one of the victims who paid the ransom demand so he could regain access to his files. However, after paying the ransom, Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then retrieved the crooks’ database from their server. “I know it was not legal from me,” the researcher wrote in a text file he published online on Pastebin earlier Monday, containing 2,858 decryption keys. “I’m not the bad guy here,” Frömel added.
Besides releasing the decryption keys, the German developer also published a decrypter that all Muhstik victims can use to unlock their files. The decrypter is available on MEGA [VirusTotal scan], and usage instructions are avaiable on the Bleeping Computer forum.
In the meantime, Frömel has been busy notifying Muhstik victims on Twitter about the decrypter’s availability, advising users against paying the ransom.
Time to find out what department made proper back ups.
Also I am sure someone clicked on something to get the malware downloaded into the GN. All new employees require proper orientation and must be advised not to use email for personal use, and to not click on links provided in email. Especially if its not work related.
I think ransomware goes after the back-ups though too. That’s probably the problem that they are trying to solve.
Back ups should be stored off site so that when this stuff happens you dont start from scratch.
GN has been very careless about IT networks since its inception. A security expert who provides IT security to multinationals proved that there were security loopholes. GN took it casually, reason being the staff working is not fully aware of these security breaches. There is lot of talented staff in Iqaluit but they are kept away from GN IT shop said expert
Lots of IT guys working for hamlets, NTI, and other orgs asuring their bosses today that their systems are good, then making a mad dash to create a “daily”. backups and storing them offsite.
I’d have more hope in the GN making daily backups than one of these small orgs that only have one or two IT staff. But obviously the ramifications of the GN being crippled by ransomware have a bigger effect since they deliver regular services.