Ransomware attack hits international fisheries organization in Halifax
The Northwest Atlantic Fisheries Organization helps manage fish stocks in international waters
An international fisheries organization based in Halifax that previously had questions raised about its cybersecurity has been hit by a ransomware attack.
The Northwest Atlantic Fisheries Organization (NAFO) helps manage fish stocks in international waters in the northwest Atlantic for a dozen members, including Canada, the European Union and Russia.
The attack was disclosed on May 24 note to stakeholders.
"The NAFO servers have been compromised by ransomware and are currently unavailable. The NAFO Secretariat is working to resolve the issue. We will provide further details shortly," wrote Lisa LeFort, senior executive assistant to the executive secretary of NAFO.
The NAFO website has been down all week and a web-based data sharing program needed for an upcoming annual science meeting has not been restored either.
'It's certainly a word of warning,' says cybersecurity expert
In most ransomware cases, the target's data is encrypted by the attacker who then demands payment for a key to unlock the data.
It's unknown if this was a random bot attack or if NAFO was deliberately targeted.
"Either way, it's certainly a word of warning for any small organization with a presence on the web," said Mike Smit, a cybersecurity expert at Dalhousie University.
Smit said an attack like this is extremely awkward for small organizations, especially if they don't have a backup system for their data.
"You really face a difficult choice because the best thing for your organization is to get that data back and that might involve paying a ransom," Smit said.
"But from a community or social perspective, paying these attackers only encourages them to do it again and then to attack more people.
"And so it's really it is a dilemma to figure out. Do I need these files badly enough that I'm willing to pay this money? But [it's also] recognizing that the expense is more than just the money you pay."
A learning opportunity
Smit said it's unusual for an organization of this size to be targeted since bigger organizations tend to have deeper pockets.
Notifying stakeholders about the incident is the right response, he said.
"I think that for the moment, their most important course of action is to restore their operations and to work closely with their stakeholders to make sure that they're doing that," Smit said.
"But I think it would be really valuable to hear from them in the fullness of time about what happened because I think that other non-governmental organizations and small businesses could really learn from what happened to them."
NAFO is not discussing the incident.
"We have no comment at this time," Dayna Bell MacCallum, scientific information administrator, said in a brief response to CBC News.
2015 assessment raised cybersecurity questions
NAFO underwent an infrastructure security assessment by Deloitte in 2015, which raised questions about cybersecurity.
One of the recommendations was that NAFO considered implementing a "security information and event monitoring system that would either prevent, detect or warn of the presence of installed software."
The response was not encouraging.
"The NAFO secretariat noted that they did not think this was needed, and that it would be very expensive to implement and may require training. The Chair noted that it would be good to provide Contracting Parties with the potential costs for reference," the assessment read.
Ill-timed attacked
The server attack hit less than a week before an annual meeting that addresses total allowable catches, the science on specific species and other conservation advice to member countries.
The meeting, which takes place over a two-week period, generates hundreds of pages of documents that need to be updated.
This year, it was going to be carried out virtually.
Alternate meeting plan
"As a result of the recent security attack on the NAFO servers, SC SharePoint is still down with no certainty of it being restored before the end of this week," LeFort wrote this week.
"We are working on an alternative SharePoint to be hosted on an off-site server which we hope will be up and running in time for the start of our meeting.
"I hope I will have some positive news for you today, however, for the time being, we will need to use email to distribute relevant documents."