The government of Nunavut is checking every individual computer in Iqaluit for the ransomware virus.
The government’s computer network has been shut down since the virus infected the system early Saturday morning.
Ransomware is a type of malicious software that allows hackers to view a computer’s files, gather information and spread through its network, unbeknownst to the user. Then, the virus encrypts the files and the attackers demand payments from victims to release the data.
There are approximately 2,000 computers that need to be formatted and updated in Iqaluit. The territorial government is trying to work on 40 computers an hour.
There are another 3,000 computers in the communities on the government’s network. The government’s IT department said once Iqaluit’s system is back up, they will decide the most effective way to get those communities’ computers functioning.
A government spokesperson said the computers will be collected and worked on at the Community and Government Services warehouse.
Right now the government’s IT department is trying to rebuild the network.
“The time-consuming part is we have to build a complete separate system and then take the backup data and information into that system to make sure that the virus is not transferred,” said Nunavut Premier Joe Savikataaq, in the legislature Wednesday.
Savikataaq said he doesn’t know when the network will be back to normal but it should be operational “within a week or two.”
Savikataaq said they are trying to gradually bring the system back online starting with essential services such as the Health and Justice departments.
As for the price tag of doing this, Savikataaq said they aren’t even looking at it right now. The government of Nunavut told CBC they will not pay the ransom.
Gov’t must ‘up’ its security, says expert
Brett Callow, a cybersecurity expert with the company Emsisoft, said sometimes paying the ransom is the most cost-effective and efficient option a company has. However, paying into cyber crime just makes the industry more profitable.
“The only way to stop ransomware is to make it unprofitable,” said Callow. He said the best way to do this is to be in a position where your systems aren’t vulnerable to cyber attacks.
Callow said avoiding these kind of cyber attacks is preventable, and many public entities can become vulnerable to attacks because of a lack of investment in IT.
“You don’t hear of banks being compromised by ransomware,” said Callow. “Government departments really need to up their security to a similar level.”
The government keeps monthly and yearly backups as well as taking a nightly snapshot, but the government has not yet confirmed if the backups are affected by the virus.
Backups are the failsafe an organization should be able to turn to, according to Callow.
“An organization should have multiple backups and those backups need to be protected from the ransomware server [that] cannot be deleted or encrypted,” he said.
Callow said this is the only case he has heard of where an entire government has been impacted by a ransomware.