North

Nunavut ransomware attack impacting 'all government services'

The government of Nunavut's communications system was the victim of a ransomware attack early Saturday morning, and as of Sunday night officials still did not know when systems would come back online.

No estimate of when services will be back online, government says

Inside an empty legislative assembly room.
Nunavut's government IT system was hit by a ransomware attack early Saturday morning that is still unresolved. (Jane Sponagle/CBC)

The government of Nunavut's communications system was the victim of a ransomware attack early Saturday morning, and as of Sunday night officials still did not know when systems would come back online.

"The [government of Nunavut] IT system was hacked early this morning, by a virus that targeted public services," Premier Joe Savikataaq tweeted Saturday afternoon.

"I want to assure Nunavummiut that we are working non-stop to resolve this issue," Savikataaq was quoted as saying in a media release Sunday evening. "I thank everyone for their patience and understanding."

The release said "all government services requiring access to electronic information… are impacted," with the exception of Qulliq Energy Corporation.

A statement posted to the government of Nunavut's Facebook page Saturday afternoon confirmed that employees' access to their government accounts was compromised by "an issue with ransomware."

Ransomware is a type of malicious software that allows hackers to view a computer's files, gather information and spread through its network, unbeknownst to the user.

Then, the virus encrypts the files and the attackers demand digital currency payments from victims to release the data.

This ransom note appeared on government of Nunavut computers when users attempted to open any files. (Submitted)

A screenshot obtained by CBC shows the ransom note presented to users when they attempted to access the system.

"Your network has been penetrated," it reads. "All files … have been encrypted with a strong algorithm."

"We exclusively have decryption software for your situation."

The note instructs users to download an encrypted browser and visit a specified URL within 21 days.

"After that period if you not get in contact link and the key for your data would be erased completely," the instructions read in broken English.

The note provides an email contact and concludes, "the faster you get in contact — the lower price you can expect."

The file name and formatting of the ransom note suggests the ransomware fits the pattern of previous cases.

According to a description of the ransomware type from anti-malware company EnigmaSoft, the hackers could have relied "on spam emails containing corrupted attachments … to spread their threat."

Ransomware attacks have targeted a string of municipal governments, hospitals and businesses across the country in recent years, and cybersecurity experts say the attacks are on the rise.

'No concern' of privacy breaches, government says

Sunday's release said there is "no concern at this time with the loss of personal information or privacy breaches," though this could not be immediately verified.

Martin Joy, the government's director of Information Communications and Technology, told CBC personal medical records are on a secure server separate from other systems.

On Twitter, Iqaluit Coun. Kyle Sheppard said the attack could have "a major impact on [government] operations this week."

In a tweet he later deleted, Sheppard said he "knew this day would come."

"I've seen it in municipalities and other orgs.… This is why I've preached about cybersecurity so often in the past," he wrote.

"It was only a matter of time."

Sunday's release said recovery efforts were still at an "early stage," and it was "difficult to estimate recovery timelines."

Government services will continue to be available but "will be delayed," the release said. It also advised medical patients to arrive at their appointments with their health cards and any medication.

Government phones in Iqaluit have been impacted, the release said, but phone systems at Qikiqtani General Hospital, Baffin Correctional Centre and Nunavut Arctic College "are not affected."

The release also said schools across the territory should not be impacted.

With files from Sara Frizzell