Government officials for the Nunavut region have stated that a “new and sophisticated type of ransomware” struck the territory. This led to all government services which rely on access to electronic information stored by the authority being impacted. Services affected included medical services, family and education, finance, and the Nunavut legal system.
In these types of ransomware attack, malware is typically included in an email link and if opened this infects a computer or network and locks out the rightful operators using encryption. Hackers then demand a payment of cryptocurrencies in exchange for decrypting locked information and systems.
To understand more about the cyberattack, Digital Journal spoke with Peter Goldstein, CTO and co-founder, Valimail. Goldstein began by placing the recent attack in the wider context: “The ransomware attack on Nunavut was not an isolated incident. Local government offices and agencies have been increasingly popular targets, with recent attacks in Florida, Baltimore, Atlanta and Texas causing almost $20 million in losses. ”
Looking at the Nunavut specifically, Goldstein highlights a series of flaws that helped the attack to happen: “Unfortunately, the Nunavut attack shows why many security systems based on machine learning systems fail. This ransomware infection began when an employee unwittingly clicked on a link that the system hadn’t been trained to detect yet.”
He moves on to consider how and why ransomware attacks take place, considering inherent weaknesses with the cyber systems of many companies: “These attacks have one thing in common: The initial infection point is almost always a spear-phishing email. This kind of phishing attack is based on impersonation, meaning the senders utilize fake sender identities that can be extremely hard to detect.”
In terms of preventative measures, Goldstein recommends: “To stop ransomware and other crippling cyberattacks, we need to validate and authenticate sender identity. By taking steps like properly enforcing Domain-based Message Authentication, Reporting & Conformance (DMARC) and implementing advanced anti-phishing solutions that confirm senders’ identities before allowing emails to enter employees’ inboxes, governments can add a crucial defensive layer to keep ransomware attacks at bay.”