Ransomware Attack on Canadian Territory

Ransomware Attack on Canadian Territory

Nunavut, Canada's largest and most northerly territory, is working hard to recover from a ransomware attack that struck over the weekend. 

The sophisticated cyber-assault was launched on the sparsely populated territory's government network at approximately 4:00 am on Saturday morning, resulting in the swift encryption of multiple Word documents and PDF files. 

Users trying to access the infected government network were confronted with a ransom note that read: "Your network has been penetrated. All files . . . have been encrypted with a strong algorithm . . . we exclusively have decryption software for your situation."

The threat actors behind the attack instructed users to download an encrypted browser and visit a specific URL within the next 21 days. Users were told that the sooner they pay, the lower the price they will be charged to recover their encrypted files.  

In an attempt to contain the attack, the government shut down parts of its network, leaving many government employees unable to access their email or voicemail. All government services requiring access to electronic information were impacted by the attack, with the exception of Qulliq Energy Corporation. 

"The nature of the government is we're a centralized organization, so it has impacted the file servers of different departments and it's impacted some of our communities as well," Nunavut's director of information, communications, and technology, Martin Joy, told CBC News

The ransomware is believed to have been triggered when an employee working late on Friday night clicked a link in a malicious email or web advertisement. Joy said the ransomware appeared to be DoppelPaymer, which Nunavut's security systems hadn't been trained to detect.  

In a statement released yesterday, the Nunavut government wrote that "there is no concern at this time with the loss of personal information or privacy breaches."

Contingency plans have been implemented to ensure uninterrupted services to the local community, and the government stated that it "expects the majority of files will be restored, using existing up-to-date back-ups."

Minister of Community and Government Services Lorne Kusugak said in a statement in the legislature Monday that it would be at least a week before services were restored. 

Speculating on why threat actors might have targeted Nunavut, Emsisoft’s Brett Callow commented: "US entities are on very high alert, bolstering their IT, and so are less likely to be compromised. Because of this, big game hunters are increasingly looking for opportunities in other countries."

Source: Information Security Magazine