Ransomware attack handled properly by province, expert says

A privacy expert says the P.E.I government followed best practices in its transparency and handling of a recent ransomware attack, based on information that has been released to date.

The malware was discovered on the government's server network on Sunday afternoon. Government officials said the virus was active for 90 minutes before it was contained.

The public was alerted to the attack in a press release on Tuesday evening.

"There's kind of a tendency when this happens to lock your doors and pull down the blinds and not talk to anyone until you figure out every single detail, but this kind of coming forward and providing lots of details … I hope gives people confidence and reassurance," said Mike Smit of the School of Information Management at Dalhousie University. 

Submitted by Mike Smit

"It's not uncommon for breach notification to go out upwards of six months after the breach actually happens."

Government officials said the attack was ransomware, which is a type of virus that blocks access to a computer system or data, usually through encryption, until the victim pays the attacker and receives a key to undo the encryption.

P.E.I. government officials said they did not pay ransoms to attackers and they have not been in contact with whoever planted the malware.

"We never talk about systems that are 100 per cent secure," Smit said. 

"What we do is we put in time and money and energy to make them as secure as we possibly can and to respond appropriately if indeed there is a gap somewhere, knowing that there will always be that gap."

Officials said the malware came from outside of Canada, and the incident is under investigation.

Investigation continues

Officials do not believe Islanders' personal information was extracted during the incident. 

"If through that investigation we do find that some citizen data has been impacted or left the network, we will absolutely update the public at that time," said John Brennan, director of business infrastructure services with the province.

Though the province has not confirmed how the virus got into its systems, Brennan said generally individuals within the networks are targeted through the sending of emails with contaminated downloads or website links. 

"Viruses are always evolving and, for organized crime, this is their new channel to gain revenue," he said.

"Our defences are always evolving as well, and I would say in this case it was a new type of virus. However, our systems did alert us early which allowed us to take preventive steps and minimize the impact."

Jessica Doria-Brown/CBC

He added that government is not sharing specifics of the incident at this time, as revealing information could set the network up for future attacks.

The investigation includes two streams, Brennan said: investigating how the virus got onto the server and restoring the data from before the malware was attached, so as not to bring it back into the network. 

"Unfortunately it's going to take the time it takes. We're not putting a hard timeline around it," Brennan said.

"We are not going to take any action to restore that data until we're very confident that the network is secure again."

He said the virus could have been laying dormant for some time. The province contacted federal government cybersecurity organizations and there are 30 people on his team working on the investigation. 

More from CBC P.E.I.