The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications.
The attack was discovered on May 8 and affected all departments of the administration but most of the network remained unaffected.
First Nations is a term for describing people that are original inhabitants of the land that is now Canada. Nipissing First Nation (NFN) is an urban reserve with 11 communities spread on the shore of Lake Nipissing.
Even with its small population, the NFN administration was not spared by ransomware, showing that the attackers only care about getting paid.
NFN appears to have countered this strike. In its monthly newsletter Enkamgak for June, the administration says that despite every department being affected, the staff was able to stop the attack.
“NFN staff interrupted the attack once discovered and immediately shut down all servers, discontinued remote access” - Nipissing First Nation administration
An independent security firm was called in to mitigate the intrusion and start investigating the incident. The inspection was continuing at the time of the update in the newsletter.
Some preliminary good news exists, though, as the investigation did not find “evidence that personal or confidential information has been released.”
For a long time, ransomware attacks were not considered as data breaches. But attackers realized that backups allow restoring the data they encrypt and towards the end of last year they started leaking data stolen from compromised networks to force victims to pay.
At least 15 ransomware groups are currently threatening victims with publishing sensitive files unless the ransom is paid. And they’re keeping their word.
The ransomware family targeting NFN has not been disclosed publicly, so it is unclear if the attackers are among those leaking victim data or not.
NFN announced that following this cyber attack they made investments in the security of its IT systems and started reviewing its practices. The administration has notified its members and will provide updates when new details are available.
In December 2019, the computer network of North Carolina Native American tribe was the victims of a ransomware attack, too. As a result, systems and websites of the Eastern Band of Cherokee Indians went down. Authorities arrested and charged a tribal member for that attack.