The Government of Nunavut has become the latest victim to a ransomware attack on Saturday, Nov 2, which had impacted its IT system.
In a tweet posted on Sunday, Nunavut Premier Joe Savikataaq said that the government’s communication network had been infected by what he referred to as a “virus that has targeted public services.”
“The GN IT system was hacked early this morning, by a virus that has targeted public services. We’re working around the clock to see the scope of the issue & get everyone back online. You will not have access to your GN account until we understand the full extent of the issue,” Savikataaq tweeted.
However, in a follow-up update, the Government of Nunavut identified the virus as a ransomware attack, a type of malicious software designed to lock users out of their computer system or data, usually by encrypting it, until a ransom is paid.
In most cases, the ransom comes with a deadline and threatens users to destroy data if the payment data hasn’t been met.
In a release posted Monday, Oct 4, the government revealed that the ransomware has encrypted individual files on various servers and workstations. As a result, civil servants from all government services, excluding Qulliq Energy Corporation, have been locked out from access to electronic information. Voice mail and government email accounts were also said to have stopped working.
In a screenshot obtained by CBC, a note instructing users to download an encrypted browser and visit a given URL within 21 days was displayed when users attempt to access the system.
"After that period if you do not get in contact link and the key for your data would be erased completely," the note reads.
To date, Nunavut's director of information, communications, and technology Martin Joy told CBC the government is currently working closely with security firm FireEye, Microsoft, and other cybersecurity experts to restore services and rebuild its system.
“There is no concern at this time with the loss of personal information or privacy breaches. Typically, ransomware does not distribute information to other parties and cannot access the content itself. It can only block the user from further accessing the information. Once the issue was identified, the GN took immediate action by isolating the network, notifying cybersecurity experts and working with our internet software providers. It is difficult to estimate recovery timelines at this early stage,” the government wrote.
Updates are expected to be provided as they become available through the government’s social media and radio.
