Connect with us

Hi, what are you looking for?

Tech & Science

Government services in Nunavut caught in ransomware cyberattack (Includes interview)

Government officials for the Nunavut region have stated that a “new and sophisticated type of ransomware” struck the territory. This led to all government services which rely on access to electronic information stored by the authority being impacted. Services affected included medical services, family and education, finance, and the Nunavut legal system.

In these types of ransomware attack, malware is typically included in an email link and if opened this infects a computer or network and locks out the rightful operators using encryption. Hackers then demand a payment of cryptocurrencies in exchange for decrypting locked information and systems.

To understand more about the cyberattack, Digital Journal spoke with Peter Goldstein, CTO and co-founder, Valimail. Goldstein began by placing the recent attack in the wider context: “The ransomware attack on Nunavut was not an isolated incident. Local government offices and agencies have been increasingly popular targets, with recent attacks in Florida, Baltimore, Atlanta and Texas causing almost $20 million in losses. ”

Looking at the Nunavut specifically, Goldstein highlights a series of flaws that helped the attack to happen: “Unfortunately, the Nunavut attack shows why many security systems based on machine learning systems fail. This ransomware infection began when an employee unwittingly clicked on a link that the system hadn’t been trained to detect yet.”

He moves on to consider how and why ransomware attacks take place, considering inherent weaknesses with the cyber systems of many companies: “These attacks have one thing in common: The initial infection point is almost always a spear-phishing email. This kind of phishing attack is based on impersonation, meaning the senders utilize fake sender identities that can be extremely hard to detect.”

In terms of preventative measures, Goldstein recommends: “To stop ransomware and other crippling cyberattacks, we need to validate and authenticate sender identity. By taking steps like properly enforcing Domain-based Message Authentication, Reporting & Conformance (DMARC) and implementing advanced anti-phishing solutions that confirm senders’ identities before allowing emails to enter employees’ inboxes, governments can add a crucial defensive layer to keep ransomware attacks at bay.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

Once part of a botnet, their devices can be used to launch attacks without their knowledge, potentially making them liable for criminal charges.

World

Democracy happens to be the only form of government you can actually do anything about. If it goes, you have no options.

Business

Pro-Palestinian demonstrators blocked San Francisco's Golden Gate Bridge.

Tech & Science

When IoT devices run on outdated firmware or do not get updated regularly, they become easy targets for cybercriminals.