Nunavut’s government has spent $5M to cope with November’s ransomware attack

Lorne Kusugak, community and government services minister, says a new “state-of-the-art” system will help prevent future attacks.

By Jane George, Nunatsiaq News - March 5, 2020
1556
Here’s a look into the storage area in Iqaluit where the Government of Nunavut IT teams reformatted computers affected by last November’s ransomware attack. The work on fixing the system isn’t done yet. (Nunatsiaq News file photo)

The Government of Nunavut has so far spent just over $5 million to deal with the ransomware attack that knocked out its computers on Nov. 2, says the Department of Community and Government Services.

The department’s minister, Lorne Kusugak, recently told the legislature that the territory is now developing a “state-of-the-art” computer system designed to prevent similar attacks.

But the public will have to wait until next month to learn the details of what took place when someone exposed the GN’s computer network to the malicious software.

Microsoft’s Detection and Remediation Team, called “DART,” which sent a team to Nunavut last November, plans to hand over its analysis of the ransomware attack by late April, Kusugak said on Feb. 27.

“We hope to have the information, the post-mortem information by the end of April. I will know at that time what information we can share regarding that matter,” he said.

Obtaining that “post-mortem information” is part of the GN’s effort to improve cybersecurity, Kusugak said during the Nunavut legislature’s committee of the whole examination of the Department of Community and Government Services’ operations budget.

“We will use advanced protection going forward. We’re focusing on a cloud-first approach for all applications,” Kusugak said.

Among other actions, the GN has upgraded its workstations to the latest operating systems, and will conduct security awareness campaigns for all users in all government departments, he said.

Kusugak said there were more than 700 attempts a day to penetrate the GN’s system before the Nov. 2 attack, but “up until that moment when someone pressed that button, we were safe.”

“I think this was a real wakeup call for staff across Nunavut to be more mindful of what could happen in an instant when you’re using a computer,” he said.

The forensic analysis will respond to some of the many questions asked by MLAs during the committee of the whole discussion, he said.

The ransomware discussion included questions from Arviat North–Whale Cove MLA John Main and Iqaluit–Manirajak MLA Adam Lightstone about why the attack took place in the first place and if the GN had done enough threat assessments before the attack.

Dean Wells, the territory’s corporate chief information officer, who accompanied Kusugak at the committee session, said the GN had not done any direct penetration testing before the attack.

“The attack that we encountered was a brand-new stream of malware, and therefore there were no tools to fight against it anyway at that point in time,” Wells said.

Kusugak said the Microsoft team and other cybersecurity experts said they had not encountered this type of malware before the attack on the GN.

“The GN security patches were up to date and monitoring tools were in place. At the end of the day I don’t really believe it would have mattered if we had done that,” Kusugak said about the lack of threat assessments.

Lightstone wanted to know whether contractors working before the ransomware attack were also those who worked to help with the cleanup.

Wells said they were, because they “were the best people to help us bring the network back live again.”

The GN was given a 48-hour deadline after Nov. 2 to contact the ransomware attack’s perpetrators and another deadline of 21 days to pay them a ransom.

But the GN didn’t pay, instead choosing to use backup data on reformatted or new equipment, within a new system.

That took time, but the forensic analysis of the ransomware attack will lack a big piece of information: It won’t include any estimate of the cost of the ransomware in lost productivity at the GN.

“We didn’t track and I’m not aware of any department that tracked loss of time or not getting work done because of the computer,” Kusugak said.

Kusugak appeared to minimize the impact of the ransomware attack on the GN.

“Monday morning happens and you’re not allowed to turn on your computer, what do you do after you get your coffee?”

Many conversations happened over the phone and people-to-people interactions happened a lot, Kusugak said.

That’s despite comments from the Health Department’s chief of staff to Nunatsiaq News about the computer shutdown’s huge impact on operations.

The situation remained serious into December, with no email connections through the GN system. In Iqaluit offices, there was no telephone access unless you knew the direct number.

Even now, repairs to online services are not yet complete, Main said, referring to a recent ransomware update that has not been made public.

In all 25 communities, there has been a complete recovery of the core services, but that there are still some things that need to be worked on, including the FANS system for student financial assistance, Main said.

“I’m just using examples; the fur tracking system, Department of Environment in Ottawa, MEDITECH is still being worked on in the communities,” he said.

“Right now we don’t have a date where they will all be complete,” Kusugak said.

In response to a request for more information about the recovery, CGS said in an email that the new computer network is functional, but some applications need more work to be brought online, others are not accessible to everyone and some await upgrades.

As well, CGS said it is is trying to complete the restoration of old emails, from before the ransomware attack, using data from the backed-up servers.