P.E.I. government documents surfacing online after data breach
'We're recommending curious people not go looking for this site' says province
P.E.I. government documents have surfaced online after the government reported a ransomware attack that happened last weekend.
Ransomware attacks involve deploying malicious software to lock victims out of their files or network using encryption, and demanding payment to have the files returned.
A group of hackers infamous for publicly shaming victims until they pay up claims to have deployed an attack against the government of P.E.I., stealing what they claim is 200 GBs of data.
The files, which the group has posted as "proof" of the theft, were viewed by CBC News. They appear to be internal government documents including payments made to local law firms, tenders issued to local consultants and office supplies purchased within a government department.
"Represented here companies do not wish to co-operate with us, and trying to hide our successful attack on their resources," reads the website, viewed by CBC News. "Wait for their databases and private papers here."
Officials with the province said they have not been in touch with the attackers and they will not be paying a ransom. They said the attack came from outside Canada.
'True citizen data'
The province had previously said they did not believe any citizen data left the network during the attack.
We highly recommend no one go looking for this data because they could put themselves at risk.— John Brennan
"We've been doing monitoring of the internet and different websites and systems to make sure that no data was being published publicly about citizens," said John Brennan, director of business infrastructure services with the province.
"Very recently we've been notified and found that some government data has been stolen outside of the network and we've been reviewing and validating that it is true citizen data."
The malware was originally discovered on the government's server network on Sunday, Feb 23. Officials said the virus was active for 90 minutes before it was contained.
The evening of Monday March 2, the province sent a written news release revealing a "small amount of data was moved from government of P.E.I. servers."
"Citizens should be aware that we're taking every step possible to ensure we're reviewing and monitoring to protect any data that has been stolen from government," said Brennan.
'Steal data for financial gain'
Refusing to pay ransoms is not an unusual stance for affected institutions, as paying the attackers can be seen as feeding organized crime.
"Some organizations have decided to pay the ransom. When they've done so, sometimes they get an encryption key that works, other times you get an encryption key that doesn't work. And the database is still held by the criminal organization," said Brennan.
He urges people not to search online for the group claiming responsibility or the leaked files.
"We're recommending curious people not go looking for this site," he said.
"These individuals are specifically trying to steal data for financial gain, and going to any website that is posting that data poses a risk to the citizen and their computer systems," he said
Brennan said the RCMP is now involved in the investigation.
Government contacting those affected
In Monday's release, the province said it would contact people affected by the breach directly.
"One of the departments we've communicated with has communicated with the impacted citizens," said Brennan, adding "we're not going to comment publicly about what data has been released."
"We are contacting those citizens directly and assisting them through that."
An official with the province confirmed to CBC News that one of the leaked files is related to agriculture.
The P.E.I. Federation of Agriculture said it's unfortunate to see farmers' information implicated.
"We're monitoring the situation, trying to gather as much information as we can, and ensure that if someone does call, that we've got some kind of answer," said Robert Godfrey, the federation's executive director.
"Certainly wishing the government all the best and getting this corrected as soon as possible."
'Isn't the time for partisan activities'
Opposition Leader Peter Bevan-Baker said the situation is complicated because the scope of an attack like this is not always immediately apparent.
"I think the initial hope was that this was something minor and insignificant. That's clearly not the case. This is something much more serious than that," said Bevan-Baker.
"They're becoming more and more sophisticated. It's sort of an arms race between those who are keen to get data —and obviously it can be potentially very lucrative thing to do — and those that have a duty to protect that data, and all of the time the stakes are getting higher."
Bevan-Baker said he's been kept informed of the situation and had a briefing from the head of information technology services in the premier's office. He has an information-sharing agreement which he presumes will mean daily updates.
"This isn't the time for partisan activities," he said. "This is a time when all of us who are working on the government side, as civil servants working for islanders, come together to make sure that everything is being done to mitigate any potential threats."
Investigation continues
The province told CBC News the investigation is ongoing and they will continue to share information with Islanders as it becomes available.
If Islanders are worried about protecting their data, officials said they should continue to maintain practices to keep their data secure: be aware of any unusual social media activity on social media accounts, don't open unusual emails or attachments, and avoid any websites that are deemed to be a risk.
More from CBC P.E.I.
With files from Jessica Doria-Brown and Catharine Tunney