PETYA – TAKING RANSOMWARE TO THE LOW LEVEL

A serious ransomware attack shuts down operations in Canadian region Nunavut

Ransomware remains one of the main cybersecurity threats for any individual or company. Vulnerability testing specialists report a serious ransomware infection that has crippled all computer operations in Nunavut, a remote Canadian territory.

In a statement, the local government said, “All government services that depend on access to digital resources have been affected by a sophisticated infection”.

At the moment, basic public services, such as electricity, have not been compromised, Premier Joe Savikataaq said; “Our vulnerability testing team has told us that there may be some failures when our systems are re-established,” the premier added. However, it is anticipated that the restoration of the systems could be a highly complex process for the administration of Nunavut, an area comprising huge territorial extension (almost 2 million km2), but which has only 35 thousand inhabitants.

Although the government of the region did not explicitly mention what kind of computer threat it is facing, local media accessed a copy of the ransom note found on Nunavut’s systems, which is in fact identical to the note delivered in the infections of the DoppelPaymer ransomware.

Vulnerability testing specialists at security firm Emsisoft believe this incident could be related to ransomware attacks detected by government organizations in different US territories. According to these reports, ransomware attacks in the US have decreased markedly, so attackers could be looking for a new victim, in this case, municipalities in Canada.

“Organizations in the US have better measures to protect against these incidents, so threat actors could move their operations against other, less complex targets,” the company’s report says.

This has been a hectic start to the week on cybersecurity issues for many companies and government bodies in various parts of the world. Just a few hours ago, specialists from the International Institute of Cyber Security (IICS) reported what appears to be a ransomware campaign against some Spanish organizations; one of the first victims was the broadcaster Cadena SER, whose listeners reported constant failures in the transmissions.