NWT Power Corporation confirms ransomware attack

The Northwest Territories Power Corporation (NTPC) suffered a cyber attack on Thursday morning, appearing to come from a form of ransomware known as Netwalker.

In a news release issued late on Thursday evening, the company said that to “contain and neutralize the impact of this incident” it had shut down its information technology services, which in turn affected most of its operations.

NTPC said an investigation is taking place to determine the impact of the attack on generation, transmission, and distribution systems; and to see if any of its systems were broken into. At the time of writing, all electricity systems were working.

The corporation does not know how long the investigation will take.

“As a precautionary measure, NTPC has shut down its email system until it can confirm whether it has been compromised,” read the news release, promising further updates on the corporation’s social media channels.

In posts to social media on Thursday afternoon, the power corporation first identified it was “experiencing issues with its information technology systems.” Its website was down.

However, residents attempting to reach MyNTPC – the corporation’s online payment portal – were confronted by a simple list of four files.

One of the four files opens a text document which states: “Hi! Your files are encrypted by Netwalker.”

The message continues: “The only way to get your files back is to cooperate with us and get the decrypter program.

“Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.”

Link to Covid-19 phishing emails

Netwalker is a relatively new ransomware variant first documented by cybersecurity firms last summer.

Government agencies and corporations elsewhere have already been attacked by Netwalker, including a transportation firm in Australia and a government health agency in Illinois.

Security software manufacturer Cynet says the spread of Netwalker has recently been linked to phishing emails that play on people’s fears about the new coronavirus.

For example, Spanish authorities last month stopped an attack in which emails sent to healthcare workers contained an attachment allegedly containing information about Covid-19. The attachment installed the Netwalker ransomware.

Netwalker is not the same as the ransomware that infected the Government of Nunavut’s computers in late 2019.

Last November, the NWT government told Cabin Radio it “vigilantly monitors for suspicious activity and continues to do what is needed to protect the information in our custody and control.”

In March, industry minister Katrina Nokleby had urged people to “please be vigilant about scams involving Covid-19” as she shared a link to a report featuring the use of ransomware against government agencies.

Yellowknife North MLA Rylund Johnson said on Thursday evening: “Following Nunavut’s ransomware attack, I requested a reassessment of the GNWT’s security.

“The power corp is a different network yet, given the increasing frequency of these attacks, we need a territory-wide investment in our cybersecurity.

“Presently it’s a matter of when, not if.”