Nova Scotia

Ransomware attack hits international fisheries organization in Halifax

An international fisheries organization based in Halifax that previously had questions raised about its cybersecurity has been hit by a ransomware attack.

The Northwest Atlantic Fisheries Organization helps manage fish stocks in international waters

The Northwest Atlantic Fisheries Organization recently relocated from its longtime offices in Dartmouth, N.S., seen here, to Summit Place in Halifax. It was recently hit by a ransomware attack. (Paul Withers/CBC)

An international fisheries organization based in Halifax that previously had questions raised about its cybersecurity has been hit by a ransomware attack.

The Northwest Atlantic Fisheries Organization (NAFO) helps manage fish stocks in international waters in the northwest Atlantic for a dozen members, including Canada, the European Union and Russia.

The attack was disclosed on May 24 note to stakeholders.

"The NAFO servers have been compromised by ransomware and are currently unavailable. The NAFO Secretariat is working to resolve the issue. We will provide further details shortly," wrote Lisa LeFort, senior executive assistant to the executive secretary of NAFO.

The NAFO website has been down all week and a web-based data sharing program needed for an upcoming annual science meeting has not been restored either.

'It's certainly a word of warning,' says cybersecurity expert

In most ransomware cases, the target's data is encrypted by the attacker who then demands payment for a key to unlock the data.

It's unknown if this was a random bot attack or if NAFO was deliberately targeted.

"Either way, it's certainly a word of warning for any small organization with a presence on the web," said Mike Smit, a cybersecurity expert at Dalhousie University.

Smit said an attack like this is extremely awkward for small organizations, especially if they don't have a backup system for their data.

"You really face a difficult choice because the best thing for your organization is to get that data back and that might involve paying a ransom," Smit said.

"But from a community or social perspective, paying these attackers only encourages them to do it again and then to attack more people.

"And so it's really it is a dilemma to figure out. Do I need these files badly enough that I'm willing to pay this money? But [it's also] recognizing that the expense is more than just the money you pay."

A learning opportunity

Smit said it's unusual for an organization of this size to be targeted since bigger organizations tend to have deeper pockets.

Notifying stakeholders about the incident is the right response, he said.

"I think that for the moment, their most important course of action is to restore their operations and to work closely with their stakeholders to make sure that they're doing that," Smit said.

"But I think it would be really valuable to hear from them in the fullness of time about what happened because I think that other non-governmental organizations and small businesses could really learn from what happened to them."

NAFO is not discussing the incident.

"We have no comment at this time," Dayna Bell MacCallum, scientific information administrator, said in a brief response to CBC News.

2015 assessment raised cybersecurity questions

NAFO underwent an infrastructure security assessment by Deloitte in 2015, which raised questions about cybersecurity.

One of the recommendations was that NAFO considered implementing a "security information and event monitoring system that would either prevent, detect or warn of the presence of installed software."

The response was not encouraging.

"The NAFO secretariat noted that they did not think this was needed, and that it would be very expensive to implement and may require training. The Chair noted that it would be good to provide Contracting Parties with the potential costs for reference," the assessment read.

Ill-timed attacked

The server attack hit less than a week before an annual meeting that addresses total allowable catches, the science on specific species and other conservation advice to member countries.

The meeting, which takes place over a two-week period, generates hundreds of pages of documents that need to be updated.

This year, it was going to be carried out virtually.

Alternate meeting plan

"As a result of the recent security attack on the NAFO servers, SC SharePoint is still down with no certainty of it being restored before the end of this week," LeFort wrote this week.

"We are working on an alternative SharePoint to be hosted on an off-site server which we hope will be up and running in time for the start of our meeting.

"I hope I will have some positive news for you today, however, for the time being, we will need to use email to distribute relevant documents."

About the Author

Paul Withers

Reporter

Paul Withers is an award-winning journalist whose career started in the 1970s as a cartoonist. He has been covering Nova Scotia politics for more than 20 years.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

now