P.E.I. government website running again after ransomware attack
Site went down about 9 a.m. Monday
The P.E.I. government's website is up and running again after it was shut down following a ransomware attack early Monday morning.
"This morning, government's website was the victim of what's known as a ransomware attack," said Scott Cudmore, an information security official with the province.
"A ransomware attack is an exploit that exploits a vulnerability and allows an attacker to run a program that will encrypt or scramble all of the files on the machine's hard disk. And what it takes to unscramble them is a key, or a value that needs to be basically typed into this ransomware program."
The site went down just after 9 a.m. The government tweeted at the time that there had been a "service interruption" and the site would be back up shortly.
Public Notice: <a href="https://t.co/94sxN6QBU1">https://t.co/94sxN6QBU1</a> service interruption <br>The Government of Prince Edward Island website is temporarily unavailable and will be back up shortly. We apologize for any inconvenience. <br>Thank you for your patience
—@InfoPEIFor much of the morning, attempts to reach the page showed only a blank white screen. Late in the morning a page went up saying the site was unavailable.
'Not a small matter'
Service to the site was restored just after 4 p.m. Cudmore said the website was restored from a historical back-up and the vulnerability was fixed to prevent this particular type of attack from happening again. No ransom was paid.
"Typically the motivation for ransomware is profit and the largest users of this type of software is a criminal element, in fact it's organized crime," he said. "We do not know whether that was the case in this particular instance."
He wouldn't say where the attack originated from but said two other websites — one in Greece and one in the U.K. — were attacked at the same.
Cudmore said there is no evidence of a data breach and no indication that any user data has been compromised.
"We're pretty confident that there has been no data breach of privacy information," he said.
"We certainly take it very seriously and we also take our responsibility to safeguard any information or any data very seriously as well. It's not a small matter."
'Like they were being held ransom'
Two separate sources sent screen shots to CBC News of the message they said was appearing on the website before it was taken down early Monday morning. The message said that website files had been encrypted, were no longer accessible and could be recovered by paying with Bitcoin. There was also a field indicating payments could be made.
"The page looked like they were being held ransom," said Vicki MacEachern of Millcove, P.E.I., who said she saw the message when she clicked on links on the government website.
She said she was concerned and called a provincial government department to let them know what was going on.
"It was bizarre," said MacEachern. "My concern is how often do they have security checks on their website.
"It's just concerning, they have everybody's information, so doesn't make you feel very secure."
More P.E.I. news
ABOUT THE AUTHOR
