Yellowknife’s city manager says a “cybersecurity incident” that began days ago is now under control but could have led to a ransom demand had it not been addressed in time.
The city said on Saturday that staff email and some online services were disrupted. On Monday, City Hall formally linked the issues to a cybersecurity problem.
In a Tuesday afternoon interview, city manager Stephen Van Dine told Cabin Radio: “We believe it is under control at this stage … we’re certainly more confident than we were 48 hours ago.”
Van Dine said the city brought in expertise to tackle the problem. He gave few details about the precise nature of what had happened.
Governments and other targets of cyber attacks rarely share many details about those events, for various reasons – not wishing to divulge sensitive information about an ongoing response, for example, or hoping to keep vulnerabilities quiet while they are still being addressed.
Advertisement.
Advertisement.
Van Dine even stopped short of calling this a cyber attack. “I didn’t say it is. I didn’t say it isn’t,” he said.
City Hall says it essentially unplugged itself from the internet for a time over the weekend while trying to stop the issue from spreading.
At no point was a ransom demanded, Van Dine said – an outcome that’s quite common when governments are targeted this way – but he described the situation as one “where it might have led to that at some point.”
The cost to the city associated with mounting its response is not yet clear.
Advertisement.
Advertisement.
From June: Cybersecurity experts deliver warning over northern tech
Some city services remain unavailable or limited. Facilities are still cash-only for the time being, for example. City Hall hopes to have everything restored by the end of the week.
“We’ll do a deep dive and go over everything that has happened,” said Van Dine.
“There has been some learning as we go, but we’re going to take a systematic approach of going through all of the chronology – what we knew when, what was impacted – and then try to really understand what we can do to improve upon our current business practices, to make sure we can continue to be a reliable and consistent service provider to Yellowknife.”
Below, read a transcript of the interview.
This interview was recorded on September 16, 2025. The transcript has been lightly edited for clarity.
Ollie Williams: What can you tell us about what happened, how and when?
Stephen Van Dine: Yellowknife is connected to the world through the internet. The world is getting increasingly risky with cyber activity and we discovered something a little foul in the early hours on Thursday. From there, we started to investigate and determine whether or not we were potentially at risk.
Advertisement.
Advertisement.
Is this a cyber attack?
We’re calling it a cyber event. I guess there’s different terminology out there. I think good cyber hygiene just means we always need to be vigilant for things that could go awry. It seems as though we had some suspicions and we acted on them.
I recognize there are reasons to talk in quite vague terms about some of this but, if it’s not a cyber attack, how do you differentiate that? What makes you decide it’s not?
Well, I didn’t say it is. I didn’t say it isn’t. I’m not trying to be obtuse but essentially, we had indications on our system that looked like there was some kind of activity to get into our systems that shouldn’t be there. That’s what our early detectors had notified us, and then we swung into action to investigate and take measures to respond.
Are you being – or have you been – asked to pay a ransom?
I am not aware of any information to suggest it’s gotten to anything like that. What I think we have is a situation where it might have led to that at some point, but it seems as though we were able to not get there at this stage.
Based on what you’ve just said, is the situation under control from your perspective?
We believe it is under control at this stage. However, there’s work we’re continuing to do to make sure that we’re at the higher level of confidence. But right now we’re certainly more confident than we were 48 hours ago.
Advertisement.
Advertisement.
How did you get it under control? Did it require a third party, experts coming in? Did it require assistance from other levels of government? What had to happen behind the scenes?
There are things that happen behind the scenes for a reason, Ollie, and I can’t go into all the great details. There is expertise out there in this realm, and we made sure we accessed that expertise. With the assistance of that, we were able to take steps to respond and maintain the integrity of our information and our systems.
Loss of staff email appears to have been resolved. There are payment issues at city facilities and other issues with city services that were online. Do any of those issues remain outstanding? And if they do, do you have a timeline for getting them back?
We’re hoping to have everything restored by the end of the week. I want to thank city employees for their patience, because it certainly was a tough way to start the day on Monday. I want to definitely thank the public for their understanding and patience as we were having to respond the way we have.
What lessons does the city now need to learn from this?
We’ll do a deep dive and go over everything that has happened. There has been some learning as we go, but we’re going to take a systematic approach of going through all of the chronology – what we knew when, what was impacted – and then try to really understand what we can do to improve upon our current business practices, to make sure we can continue to be a reliable and consistent service provider to Yellowknife.
