Officials revealed that the IT system owned and operated by the government of Nunavut fell victim to a ransomware attack.
Joe Savikataaq, premier of the most northerly region of Canada, disclosed the security incident in a tweet on November 2 and revealed that recovery efforts were ongoing.
1/2 The GN IT system was hacked early this morning, by a virus that has targeted public services. We’re working around the clock to see the scope of the issue & get everyone back online. You will not have access to your GN account until we understand the full extent of the issue.
— Premier Joe Savikataaq (@JSavikataaq) November 2, 2019
About a day later, an update posted on the Nunavut government’s Facebook page named ransomware as the cause of the security incident:
The ransomware encrypted individual files on various servers and workstations. As a result, all government services requiring access to electronic information stored on the GN network are impacted, except Qulliq Energy Corporation.
The Nunavut government’s Facebook statement didn’t identify the specific strain of ransomware that was behind the attack. But CBC reported that the filenames and ransom note used by the threat were similar to previous attacks involving the “Unlock11@protonmail.com” family.
In its statement, the Government of Nunavut reassured citizens that the incident had not compromised any personal information or produced a privacy breach.
According to the update, government officials isolated the network, notified IT security experts and began working with the IT system’s internet service provider upon learning of the incident. They then helped various departments within the government to implement contingency plans while they began working on restoring electronic data access for healthcare, justice, education and other affected services.
The Government of Nunavut said that it expects it’ll be able use existing data backups to recover a majority of files affected by the attack. The entity didn’t provide a date for when it expected it would conclude this recovery effort, however.
Ransomware incidents such as the one described above highlight the need for government entities to take steps to prevent a crypto-malware attack. This resource is a good place to start.