IT staff at the Yukon government has had to repel at least three ransomware hacking attempts since 2016. (123RF)

Near miss: Yukon government repelled ransomware attacks

‘We were lucky that it was caught in time’

Pierre Chauvin | Special to the News

Information technology staff at the Yukon government repelled ransomware hacking attempts in 2016 and 2017, documents obtained by the News show.

Emails obtained through Access to Information show bureaucrats expressed their relief that two different ransomware infections were rapidly quashed.

“(Redacted) was infected by Ransomware (“Zepto”) in August/2016 – it encrypted 18,000 files on one of our network drives before we shut it down, wiped the drive and restored prior backup,” wrote Health and Social Services finance director Peter Hayes in a January 2017 email to information and communications technology, a branch of the Department of Highways and Public Works.

“We were lucky that it was caught in time.”

There was a third infection attempt in June 2016 but the email describes the ransomware as so poorly made it failed to infect the computer.

Ransomware programs hold hostage a user’s data for ransom.

When an unsuspecting user clicks on a malicious link, the ransomware is downloaded and encrypts the user’s files rendering them useless unless a ransom in paid, allowing for the data to be decrypted.

“The good news is that we were able to isolate those (infected computers) and in every case we stopped them before they were able to replicate broadly across the network,” said Michael Johnson, manager for data and application support at ICT.

In all three cases no ransoms were paid, no data was lost, and no information left the government networks, he said.

“(Staff) have been trained that if a machine appears to be infected, they’re taken off the network so (the ransomware) is not able to replicate itself.”

Those attacks can be fairly difficult for large organizations to remedy, said Ivan Beschastnikh, an assistant professor of computer science at UBC.

Companies can rely on software to constantly scan computers for ransomware, but that’s only one part of the solution. Companies can also “sanitize” links, turning them into regular text to make it harder for users to simply click on them, he said.

In a previous email Hayes asked ICT staffers for their advice on buying ransomware protection, suggesting licences for Malwarebyte, which costs $50,000 for three years. The government ended up buying Malwarebyte.

While such software can appear expensive at first, it’s less expensive than dealing with a ransomware infection, Beschastnikh said.

“(If during) one such attack (the government) loses data that it took them a decade to collect for example, then it’s a major loss and recovering that kind of data might be impossible in some cases,” he said.

“I think the reason a lot of organizations are afraid is because the potential for damage can be quite high.”

The Yukon government has also been running campaigns to train government employees to recognize suspicious links, Johnson said. As part of that campaign harmless emails with suspicious-looking links are sent to employees — and those who do click on the links get a message informing them they fell for it.

“We’ve had great success,” said Johnson. “We have a fairly astute workforce that hasn’t fallen for these.”

Major companies and governments across the globe have been struggling with ransomware attacks for the past couple of years. The Guardian reported in May 2017 that over 45,000 attacks in 100 countries have taken place. Among those affected last year was the U.K.’s National Health Service, which in some cases led to hospitals being unable to treat patients and use equipment such as X-ray machines.

Large-scale infections could also lead to service disruptions here.

“Whenever we have to isolate those machines and take them offline, there’s a potential to impact services or deadlines for those people,” Johnson said.

But for the most part, the government doesn’t run the type of specialized computers found in a hospital, he said, and employees can use a virtual desktop environment to continue working.

But not everybody is as lucky. IT World Canada reported that a Canadian company ended up paying $425,000 in June 2017 to get its data back.

For Beschastnikh that business model of attacks is here to stay. Ransomware relies on the availability of cryptocurrencies for untraceable ransom payments and the high-grade security of cryptography to make it impossible to decrypt the data without the encryption key.

“It’s the combination of the two that makes (ransomware) very potent,” he said.

“I don’t see it going away.”

In the end those three attempts shows the YG is able to handle ransomeware, Beschastnikh said.

“I’m impressed they were able to deal with it so well.”

Contact the Yukon News at editor@yukon-news.com

computersinformationransomware

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

A Copper Ridge resident clears their driveway after a massive over night snowfall in Whitehorse on Nov. 2, 2020. Environment Canada has issued a winter storm warning for the Whitehorse and Haines Junction areas for Jan. 18. (Crystal Schick/Yukon News file)
Winter storm warning for Haines Junction and Whitehorse

Environment Canada says the storm will develop Monday and last until Tuesday

Maria Metzen off the start line of the Yukon Dog Mushers Association’s sled dog race on Jan. 9. (Gabrielle Plonka/Yukon News)
Mushers race in preparation for FirstMate Babe Southwick

The annual race is set for Feb. 12 and 13.

The Yukon government is making changes to the medical travel system, including doubling the per diem and making destinations for medical services more flexible. (Joel Krahn/Yukon News file)
Subsidy for medical travel doubled with more supports coming

The change was recommended in the Putting People First report endorsed by the government

Chloe Sergerie, who was fined $500 under the <em>Civil Emergency Measures Act</em> on Jan. 12, says she made the safest choice available to her when she entered the territory. (Mike Thomas/Yukon News file)
Woman fined $500 under CEMA says she made ‘safest decision’ available

Filling out a declaration at the airport was contrary to self-isolation, says accused

Yukon University has added seven members to its board of governors in recent months. (Crystal Schick/Yukon News file)
New members named to Yukon U’s board of governors

Required number of board members now up to 17

Yukonomist Keith Halliday
Yukonomist: Your Northern regulatory adventure awaits!

“Your Northern adventure awaits!” blared the headline on a recent YESAB assessment… Continue reading

Yukoner Shirley Chua-Tan is taking on the role of vice-chair of the social inclusion working group with the Canadian Academy of Health Sciences’ oversight panel and working groups for the autism assessment. (Submitted)
Canadian Academy of Health Sciences names Yukoner to panel

Shirley Chua-Tan is well-known for a number of roles she plays in… Continue reading

The Fish Lake area viewed from the top of Haeckel Hill on Sept. 11, 2018. The Yukon government and Kwanlin Dün First Nation (KDFN) announced they are in the beginning stages of a local area planning process for the area. (Crystal Schick/Yukon News file)
Local area planning for Fish Lake announced

The Government of Yukon and Kwanlin Dün First Nation (KDFN) announced in… Continue reading

Whitehorse City Hall. (Joel Krahn/Yukon News file)
City hall, briefly

A look at decisions made by Whitehorse city council this week

Fire damage, photographed on Jan. 11, to a downtown apartment building which occurred late in the evening on Jan. 8. Zander Firth, 20, from Inuvik, was charged with the arson and is facing several other charges following his Jan. 12 court appearance. (Gabrielle Plonka/Yukon News)
More charges for arson suspect

The Inuvik man charged in relation to the fire at Ryder Apartments… Continue reading

The grace period for the new Yukon lobbyist registry has come to an end and those who seek to influence politicians will now need to report their efforts to a public database. (Mike Thomas/Yukon News file)
Grace period for new lobbyist registry ends

So far nine lobbyists have registered their activities with politicians in the territory

Most Read