The Saskatchewan Liquor and Gaming Authority is investigating a cyberattack, after it was hit on Christmas Day.
The Crown corporation, which is headquartered in Regina, operates about 35 liquor stores in 24 communities, is responsible for regulating alcohol and cannabis and also operates and regulates many forms of gaming throughout the province.
"At the present time, SLGA does not have any evidence that the security of any customer, employee or other personal data has been misused," a news release issued by Matthew Glover, a spokesperson for the Saskatchewan government, stated.
Independent cyber security experts have been brought in to help and assess the impact. The incident is one of many that have been hitting government websites and organizations across the country.
In recent weeks, Quebec shut down close to 4,000 government websites following the threat of an international cyberattack, according to Éric Caire, Quebec's minister for government digital transformation.
Ontario and the federal government have also been targets.
Ransomware attacks, which usually occur through phishing scams when employees respond to suspicious emails thereby allowing hackers to gain access into organization's networks, are becoming more common. Over 100 ransomware attacks were targeted at important Canadian sites such as Rideau Hall this year, according to the Canadian Centre for Cyber Security.
Tina Beaudry-Mellor, the chief economic growth officer at Economic Development Regina, said these types of attacks usually result in two scenarios.
"What generally happens if the attacker gets access into some critical systems and network is that they suspend them and then ask for ransom in order to release them," she said. "The other scenario is when the attacker gets into the network and finds some confidential data specifically about vendors or customers, they will release all of that data into the black web for the dark web."
There has not been a lot of information released about the SLGA attack because the investigation is still in the early stages. However, various computer systems and applications have been disabled as a result of the incident.
Beaudry-Mellor said this issue is not as critical as the eHealth ransomware attack, which happened between Dec. 20, 2019, and Jan. 5, 2020.
"eHealth is obviously a much greater risk because there's private and personal identifying information on people's health records," she said. "So the thing that would be at risk here is business transactions between associates."
However, Beaudry-Mellor said she is concerned that these attacks are successfully infiltrating significant sites because of the lack of perimeter networks.
"They are what we call demilitarised zones. They are zones that protect your critical business operations," she said. "When an organization's response to a cyberattack is to absolutely shut everything down. What that means is that they actually don't know where the breach is and how extensive it is."
This is concerning, she said.
"Normally, what you would do is you would shut down those networks that are affected and work to resolve the problem. But shutting down the entire thing suggests that they are not actually sure where the breach is. One of the measures that we use to determine whether or not that breach is significant or not is, of course, the time it takes to detect an attack and then also the time it takes to get that attack and get those systems back online."
These attacks might increase in the new year because more people are working remotely, Beaudry-Mellor said. Companies have to find more efficient ways control devices, outside the company, that may be attached to critical systems.