External expert investigating NTPC ransomware attack
The Northwest Territories Power Corporation (NTPC) is releasing few new details about its investigation into last week’s cyber attack.
According to corporation spokesperson Doug Prendergast, the investigation is being led by an external cybersecurity expert with support from NTPC staff.
Prendergast said the investigation is ongoing. The corporation will not comment on specific details about the attack “as it would further compromise security.” That includes whether the corporation has been asked to pay a ransom or how the corporation’s systems have been impacted.
The corporation has said there is no evidence any private information was compromised.
In a tweet on Thursday evening, NTPC said the investigation “is going well” and staff had “a better understanding of what happened and how it happened.”
Last week, the power corporation suffered a cyber attack appearing to come from a form of ransomware known as Netwalker. The corporation shut down its information and technology services to “contain and neutralize the impact” of the attack before launching an investigation.
Prendergast said the corporation is taking a three-phase approach to restoring digital services.
The first phase involved data and information gathering and is complete, he said. The corporation is now focusing on analysis of that data and will then develop a plan to restore services, to be carried out once NTPC “has a high level of confidence that it can be done safely.”
There is no timeline for the restoration of digital services. So far there have been no reports of the attack affecting power generation itself.
Prendergast said the corporation has a number of security measures in place to prevent unauthorized access and regularly reviews its protocols.
“NTPC places a high priority on protection of its information technology systems,” Prendergast said in an email. “Unfortunately, cyber attacks are becoming increasingly sophisticated and aggressive, making it an ongoing challenge for individual computer users and larger organizations to keep malicious software from impacting their systems.”
Todd Sasaki, a spokesperson for the territorial Department of Finance – which oversees the GNWT’s digital security – told Cabin Radio the department would not comment as NTPC “is responsible for maintaining its own information security systems, policies, and procedures.”