One year after ransomware attack, the Nunavut government says all computer systems are restored

But information and privacy commissioner says “the ransomware attack is still being blamed for an inability to produce records for access to information requests.”

469
Here’s a look into the storage area in Iqaluit where the Government of Nunavut IT teams reformatted computers affected by last November’s ransomware attack. The effort took months. (Nunatsiaq News file photo)

The Government of Nunavut says it has recovered from last November’s crippling malware attack on its computer network.

“All GN system applications have been restored to the functionality at the point of the ransomware attack,” the Community and Government Services Department said in an email to Nunatsiaq News.

But Elaine Keenan Bengts, Nunavut’s information and privacy commissioner, says that’s not the case.

In her annual report, tabled on Oct. 21 in the Nunavut legislature, she said the GN had not been able to fully restore its systems nine months after the attack.

“Email records, in particular, are still not fully recovered or at least the ransomware attack is still being blamed for an inability to produce records for access to information requests,” she said in her report.

A year ago yesterday, on Nov. 2, 2019, Premier Joe Savikataaq and other key Nunavut government officials woke up to terrible news, that the territorial government’s computer system had been infected by a malware program and was no longer functional.

Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a ransom to the attacker.

In many cases, the ransom demand comes with a deadline and if it’s not paid in time, the data is destroyed forever.

In the GN’s case, ransomware encrypted individual files on 5,000 servers and workstations.

The GN was given a 48-hour deadline after Nov. 2 to contact the ransomware attack’s perpetrators and another deadline of 21 days to pay them a ransom.

But the GN didn’t pay, instead choosing to use backup data on reformatted or new equipment, within a new system.

“We completely rebuilt after the ransomware,” Savikataaq told Nunatsiaq News in a later interview. “I am so thankful that the ransomware and COVID didn’t come at the same time.”

And there was even a silver lining of sorts to last year’s ransomware woes, according to the GN: the cloud-based tools acquired following the ransomware attack “prepared the environment for GN staff to be able to work from home at the time the pandemic emerged.”

And these tools were supported by remote virtual private network protection. This was installed on the portable devices, allowing GN staff to work securely from home.

But Keenan Bengts said her work as information and privacy commissioner continued to be hampered even months after the ransomware attack.

She said the number of IT experts within the GN appeared to be limited and “most of them appear to be pre-occupied with the bigger issues with respect to [the] attack, and then with the requirements to allow employees to work from home during the pandemic.”

She said they had little time to devote to requests for recovery documents to respond to access to information requests.

“I suppose it was inevitable that the ransomware would be blamed for the inability to find records responsive to access requests and this is playing out now. How prevalent it becomes as an excuse for non-production of records remains to be seen,” Keenan Bengts said.

Overall, the GN and many Nunavummiut continued to suffer from the fallout from the ransomware attack for months.

The Health Department’s chief of staff told Nunatsiaq News about the computer shutdown’s huge impact on operations.

The attack also held up new income support applications and left at least one applicant, a mother with several children, with an empty refrigerator and cupboards.

Education faced new challenges: without computers, a teacher said, “we were plunged back to using basic resources.”

The situation remained serious into December, with no email connections through the GN system. In Iqaluit offices, there was no telephone access unless you knew the direct number.

Even in March, some applications needed more work to be brought online, others were not accessible to everyone and some awaited upgrades, CGS said at the time.

CGS said then that it was still trying to complete the restoration of old emails, from before the ransomware attack, using data from the backed-up servers.

Tackling the malware attack was also costly for the GN.

The cost of the ransomware attack for CGS was $7.29 million, the department told Nunatsiaq News.

This figure includes the cost of all service contracts, purchases of hardware and software, and staff overtime, CGS said.

That figure doesn’t include the cost to other government departments.

CGS said no study has been “completed specifically on the efficiency impact of the ransomware attack.”

But a report on the ransomware incident has been compiled for submission to the legislative assembly, CGS said.

Microsoft’s Detection and Response Team, called “DART,” which sent a team to Nunavut last November, was to hand over its analysis of the ransomware attack by late April.

“As this report has yet to receive final approval for submission, it cannot be shared with the public yet,” CGS said.