Cyberattacks hard to track says IT expert after Manitoba child welfare agency gets hit

Brittany Hobson
APTN News
An expert in cybersecurity says cyberattacks are hard to track and there is little information about the people who take on this type of crime.

“It’s really hard to measure the extent of the problem because most private companies will sweep ransom attacks under the carpet if they possibly can,” said Brett Callow, spokesperson for the company Emsisoft.

“It’s not information they want to be in the public domain.”

Callow said geographic locations of these attacks make it hard to investigate them. In cases where police have laid charges the accused lived in other parts of the world.

A child welfare organization in Manitoba is the latest to be hit by a cyberattack.

The RCMP’s Integrated Technological Crime Unit is now investigating.

The Southern First Nations Network of Care (SFNNC) first noticed the attack on Sept. 21.

The organization is one of four authorities in Manitoba who manages child and family services agencies.

Justin Richard, an IT manager with one of those agencies, was brought in to assist.

“It was a virus breach. At the time the IT department followed their disaster recovery plan as best as they possibly could,” Richard explained to reporters at a media conference Sunday afternoon.

“They identified the issue, they isolated the issue, they tried to cleanse it the best they could and they tried to restore from backup.”

After that proved unsuccessful the organization immediately shut down all systems leaving eight agencies without access to important day-to-day programs.

“Quite simply we do not have access to any sort of computers,” said Clemene Hornbrook, action CEO for the authority.

The programs are part of the SFNNC’s internal network and were used for documentation, communication and processing financial information.

Richard doesn’t believe the data was compromised after monitoring the network connection. He said if it was compromised there would be a spike in data that leaves the network, which was not the case in this attack.

“The data is intact. It’s just we’re having a little trouble accessing it at this point,” said Richard.

The attack on the organization’s internal network prevents employees from accessing the larger child and family services system but there is a plan in place for agencies to access that system, Hornbrook told reporters.

“All agencies have implemented their contingency plans and they are working with their teams to ensure that there’s the least amount of disruption,” she said.

Hornbrook would not say whether attackers demanded a ransom or whether the SFNNC paid a ransom, citing it’s being investigated by RCMP.

Callow said these attacks can happen to anyone.

“The malware is spread through mass spam campaigns or through people scanning the Internet looking for vulnerable systems to be accessed,” he told APTN by phone from his home in Shawnigan Lake, B.C.

Callow estimates 90 per cent of cases of ransomware incidents happen because of an email attack or through an, “improperly secured remote access solution.”

He said these crimes are on the rise but there is limited data available.

In the past year, the Federation of Sovereign Indigenous Nations (FSIN) and the Government of Nunavut both reported being victims to these attacks. The FSIN went as far as paying the hackers in Bitcoin – a form of electronic currency – but the Government of Nunavut refused to pay.

The Manitoba government said in a news release that it has offered technical support and other resources to the authority and other partners in child welfare, as needed.

The province, which the release said was advised of the issue late Friday, is also limiting remote access to its computer systems to ensure security until the problem is resolved.

In the meantime, Hornbrook has this message for her clients.

“We have a strong staff that will assist in whatever way they can. I’m asking for patience for agencies as they sort through this.”

For now, the system is still down and there’s no word on when or if it will be back up and running.

[email protected]

@bhobs22

 

Contribute Button