‘No timeline for recovery’ as NTPC battles ransomware

The NWT Power Corporation’s website remains down and there is no sense of when normal operations might be restored after a ransomware attack that began on Thursday.

On Friday afternoon, a spokesperson for the corporation told Cabin Radio it had “not set a timeline for recovery” as it plans how to handle the ransomware, which demands money in order to restore files.

The ransomware is believed to be a variant named Netwalker that has already caused problems for healthcare providers and government agencies worldwide.

Spokesperson Doug Prendergast said on Thursday night “activity in most of the corporation’s business areas” had been affected, but power generation continued.

On Friday, Prendergast said employees would be paid “as scheduled.”

He added: “The process was definitely complicated by our IT challenges but all employees will be paid.”

Ransomware usually finds its way into government networks through phishing emails. Netwalker’s creators have recently used the Covid-19 pandemic as a means of fooling unsuspecting staff, sending them an email with the ransomware attached as a file supposedly containing information about the coronavirus.

It’s not clear if that’s how Netwalker infected the power corporation in this instance.

Saying the corporation had no idea when systems would be back to normal, Prendergast told Cabin Radio: “Our investigation will be thorough to ensure that we identify all potential issues.

“Restoration will not occur until we have a high level of confidence that it is safe to do so.”