North

'Under constant threat': N.W.T. monitors for cyber attacks

As the Nunavut government recovers from a recent ransomware strike on its computer network, the Northwest Territories government says it constantly monitors for cyber threats.

As Nunavut recovers from ransomware strike, the N.W.T. government says it doesn’t pay ransom to hackers

A silhouetted man hunched over a computer with data illuminated in the background.
A hooded man holds a laptop computer as cyber code is projected on him in this photo illustration. The Government of the Northwest Territories says it constantly monitors against cyber threats. (Kacper Pempel/Reuters)

It's been nearly a week since the Nunavut government's computer network was hit by a ransomware strike, and many of its systems are still down.

The cyber attack raises questions about the Northwest Territories' computer systems: how threatened is the network and what are officials doing to protect sensitive government data?

Any computer connected to the internet is vulnerable to a ransomware attack, but experts say that generally, hackers don't care as much about the data they've gained access to as they do about the cash they can get from holding that data hostage.

"Most of the time they're not actually interested in the data," said David Gerhard, a computer science professor at the University of Regina. "They know that the data is valuable to you, and that you'll pay to have access back to it." 

Ransomware is a computer program that locks down data on a computer system or network and demands that a user pay a ransom in order to regain access to it. Ransomware is often transmitted as viruses in emails.

This kind of attack is common, Gerhard said, and it's not hard for a computer system to be infiltrated. It can happen if a user clicks on a link in a bad email or visits a compromised website.

Hackers not likely to be foreign governments

While it's hard to know who is behind ransomware attacks, Gerhard said it's "very unlikely" that these hackers are acting on behalf of a hostile foreign government.  

"We've seen evidence that foreign governments are actively participating in activities that would try to influence democratic processes, elections, these kind of things, but a ransomware attack is not the same thing. A ransomware attack is a pretty low-hanging-fruit kind of attack," he said.

Gerhard likened a ransomware hacker to a street-level criminal who turns every door knob on the block until he finds one that's unlocked.

"These people left the door unlocked, we're going to walk in and bust up the joint," he said.

David Gerhard, a professor of computer science at the University of Regina, says a good backup system is a critical defence against ransomware attacks.

Clinton Scott, a manager of information security with the Northwest Territories government, took a similar view. He said ransomware hackers just want to make money. 

"It's not too much about gathering information, or collecting it and selling it," he said.

However, said Scott, a well-planned ransomware attack takes a notable amount of time and money to execute, "so it's not something that the average person will be able to do."

As is the case with any organization that's connected to the internet, said Scott, the N.W.T. government is "under constant threat" of a cyber attack.

While he wouldn't go into detail about the nature or frequency of attempted attacks, Scott did say the government has staff and equipment dedicated to monitoring for cyber threats.

He said government employees are trained on cybersecurity best practices, and they get regular emails with warnings about potential threats and tips for keeping their data secure.

"If something was out in the wild and we were aware of it, we would send a notification to employees to say, 'FYI, don't do this, or don't open this," he said.

The territorial government also communicates with federal cybersecurity officials, who share intelligence on threats relevant to governments and people in the North, Scott said.

Ransomware viruses can be installed as easily as opening an attachment in an email. (Chinnapong/Shutterstock)

Should the government pay ransom? 

Scott said that in the event of a ransomware attack, the government should not pay a ransom. Paying up could make the government more vulnerable, he said.

"You have no assurance that if you paid for something, that they would unencrypt it, for one, and secondly, that the thing that was in there causing it wouldn't come back in two weeks," he said.

Gerhard said the best way to deal with a ransomware attack is to have a recent backup of the entire computer system. That way, the organization can ditch the encrypted files and install previously saved versions. 

However, he said, having a fully-working backup of an organization's entire system is pretty expensive, and "not a lot of shops have that."

Gerhard added that the larger the organization, the bigger the challenge is of backing up its entire system. 

"If you have an IT [information technology] infrastructure that has hundreds and hundreds of employees, all with their own computers on their own desks, there's a chance that there's data that's not backed up properly, and then that just gets lost," he said.

When asked how often the N.W.T. government backs up its files, Beau Stobbs, a spokesperson for the Department of Finance, said "details on how the Government of the Northwest Territories backs up its computer system" would not be provided.