P2020-ND-154

On June 12, 2020, an employee with the Organization turned on his computer and found that he could not access data files from the Organization?s server. The issue was caused by a malware infection known as ?REvil?; the first evidence of malicious activity was on June 10, 2020. The attacker actor(s) demanded a ransom in exchange for the decryption key, and if the ransom was not paid, the files would remain encrypted, and any data that had been extracted would be published. The Organization did not pay the ransom. The Organization reported that it can not ?positively establish that personal information, including information of individuals in Alberta, has or has not been removed from (its) systems?; however, ?its information technology consultants have established that approximately 10 GB of data was exfiltrated from its systems based on firewall logs?. The Organization reported that it is not possible to determine the nature of the data; however, certain information from its systems has been published on Twitter accounts and the Organization has located a website on the ?dark web? purporting to be from the attacker(s) which threatens to auction the information obtained from the Organization.
? The Organization reported that it was still investigating the extent to which this incident resulted in personal information being extracted from its systems.

File Type: pdf
File Size: 624 KB
Categories: 2020