Ransomware attack handled properly by province, expert says

A privacy expert says the P.E.I government followed best practices in their transparency and handling of a recent ransomware attack, based on information that has been released to date.

Mike Smit commends province on transparency to date

Government officials say they are continuing the investigation into Sunday's incident. (Jessica Doria-Brown/CBC)

A privacy expert says the P.E.I government followed best practices in its transparency and handling of a recent ransomware attack, based on information that has been released to date.

The malware was discovered on the government's server network on Sunday afternoon. Government officials said the virus was active for 90 minutes before it was contained.

The public was alerted to the attack in a press release on Tuesday evening.

"There's kind of a tendency when this happens to lock your doors and pull down the blinds and not talk to anyone until you figure out every single detail, but this kind of coming forward and providing lots of details … I hope gives people confidence and reassurance," said Mike Smit of the School of Information Management at Dalhousie University. 

Mike Smit says defense systems can never be 100 per cent secure. (Submitted by Mike Smit)

Government officials said the attack was ransomware, which is a type of virus that blocks access to a computer system or data, usually through encryption, until the victim pays the attacker and receives a key to undo the encryption.

P.E.I. government officials said they did not pay ransoms to attackers and they have not been in contact with whoever planted the malware.

"We never talk about systems that are 100 per cent secure," Smit said. 

"What we do is we put in time and money and energy to make them as secure as we possibly can and to respond appropriately if indeed there is a gap somewhere, knowing that there will always be that gap."

Officials said the malware came from outside of Canada, and the incident is under investigation.

Investigation continues

Officials do not believe Islanders' personal information was extracted during the incident. 

"If through that investigation we do find that some citizen data has been impacted or left the network, we will absolutely update the public at that time," said John Brennan, director of business infrastructure services with the province.

Though the province has not confirmed how the virus got into its systems, Brennan said generally individuals within the networks are targeted through the sending of emails with contaminated downloads or website links. 

"Viruses are always evolving and, for organized crime, this is their new channel to gain revenue," he said.

"Our defences are always evolving as well, and I would say in this case it was a new type of virus. However, our systems did alert us early which allowed us to take preventive steps and minimize the impact."

John Brennan says the government is not going to take any action to restore data backups until they're confident the network is secure again. (Jessica Doria-Brown/CBC)

He added that government is not sharing specifics of the incident at this time, as revealing information could set the network up for future attacks.

The investigation includes two streams, Brennan said: investigating how the virus got onto the server and restoring the data from before the malware was attached, so as not to bring it back into the network. 

"Unfortunately it's going to take the time it takes. We're not putting a hard timeline around it," Brennan said.

"We are not going to take any action to restore that data until we're very confident that the network is secure again."

He said the virus could have been laying dormant for some time. The province contacted federal government cybersecurity organizations and there are 30 people on his team working on the investigation. 

More from CBC P.E.I.

With files from Jessica Doria-Brown


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.