Ransomware attack delays government services in Nunavut, Canada
Nunavut, Canada’s northernmost territory, suffered a ransomware attack on Saturday, which impacted most of the local government’s network and Internet-based services. The government believes it will eventually be able to recover all systems from backup, and is currently prioritizing the restoration of systems used for health, education, justice, finance and family services. Some government services are being performed with significant delays because departments have been forced to switch to manual operations.
Based on the ransom note, which was published by the Canadian Broadcasting Corporation (CBC), the ransomware used in the attack seems to be DoppelPaymer, a strain that is often distributed as a payload of the Dridex banking Trojan. The ransom note urges the Nunavut government to visit a Tor website in order to pay for the decryption key. It is not clear how much money the threat actors are demanding, but it seems the Nunavut government does not plan to pay.