A monthly newsletter by the Nipissing First Nation (NFN) has revealed that the community had a ransomware incident in early May. Although most of the network remained unaffected, the attack was able encrypt an administrative server, causing issues for all departments of the administration. “NFN staff interrupted the attack once discovered and immediately shut down all servers, discontinued remote access and began working with an independent cybersecurity firm to mitigate the attack and conduct an investigation.” The investigation so far has not shown any evidence that any personal or confidential information has been released. At this time, the NFN has not publicly stated which ransomware family was involved but has promised transparency and to provide updates as any further news about the incident becomes available.
Analyst Notes
It is not currently known which ransomware family targeted the NFN or if it is following the trend of data theft before encryption. What is becoming increasingly clear, however, is that these infections should now be treated as data breaches as well. It is outstanding that the NFN staff detected the attack early on and quickly took proactive steps to protect the network and data from further harm. With proper endpoint monitoring, these events can be caught. Managed security services such as the Binary Defense Security Operations Center (SOC) provide 24/7 monitoring to quickly detect, contain and alert security teams to threats like these before they have the chance to spread throughout the network.
Source: http://www.nfn.ca/wp-content/uploads/2020/05/Enkamgak-June-2020.pdf
