Photo by Whitehorse Star
Highways and Public Works Minister Nils Clarke
Photo by Whitehorse Star
Highways and Public Works Minister Nils Clarke
Highways and Public Works Minister Nils Clarke was asked repeatedly in the legislature on Thursday whether the Yukon government paid a ransom as a result of a recent cyberattack.
Highways and Public Works Minister Nils Clarke was asked repeatedly in the legislature on Thursday whether the Yukon government paid a ransom as a result of a recent cyberattack.
“Did the Government of Yukon receive a ransom demand during the cyberattack last month? And if so, did they pay it?” asked Yukon Party MLA Stacey Hassard.
Clarke’s response did not directly address the question.
“What I can advise is that the Yukon government is an active member of the Canadian Centre for Cybersecurity,” he responded.
“We attend weekly briefings with the centre about emerging threats and receive all security alerts and recommendations for actions to be taken.”
Clarke continued by saying the government recently updated Google Chrome to address a security vulnerability.
It turns out, the answer is no.
But that information wasn’t provided until a press briefing a little under an hour later.
“I can confirm this attack was not ransomware and there was no ransom demanded. There was no ransom paid,” Clarke said.
The type of cyberattack is called distributed denial of service, and is intended to overwhelm computer systems with unusually high levels of traffic.
It began on Sept. 14 and lasted multiple days, though most services were restored the same day.
Clarke was able to confirm there is no evidence of unauthorized access to any personal information or government files.
“The attacks were not designed to gain access to internal information, we were able to introduce some measures to minimize the impacts of the attack and make services available again within the same day,” he said.
Clarke was also asked in the legislature if this attack was linked to recent cyberattacks in other territories and provinces.
“Can the Government of Yukon provide an update on the investigation into the cyberattack in Yukon and confirm whether or not it was executed by the same pro-Russian hacker group that attacked Quebec the day before?” Hassard asked.
Clarke would not give an answer to this in the legislature either.
“Recently, on September the 14th, 2023, the Yukon government experienced a distributed denial of service attack,” was his response.
“The attack resulted in the inability to access to https://yukon.ca websites and disrupted access to cloud services by internal government employees.”
Later, talking to reporters, he confirmed they were likely connected.
“We do have reason to believe that it is connected,” Clarke said.
“The RCMP and the Canadian Centre for Cybersecurity are still investigating this matter.”
Asked by reporters if there is a policy for or against paying ransoms in these situations, Clarke would not confirm, saying this is generally not discussed in public.
He did talk a bit about what he thought of the success of paying ransoms in general.
“In paying ransom for anything, whether it’s ransomware, or kidnapping, in general, it’s a slippery slope,” Clarke said.
“And generally speaking, it’s likely difficult to come up with any sort of satisfactory compensation that is going to end the matters.”
Later Thursday afternoon, Highways and Public Works spokesperson Madison Guthrie sent out a clarification, saying that policies regarding the paying of ransoms is not public information.
“The Government of Yukon’s position on paying ransom for a cyberattack is confidential as it is part of our security approach to protecting government data,” she wrote.
In order to encourage thoughtful and responsible discussion, website comments will not be visible until a moderator approves them. Please add comments judiciously and refrain from maligning any individual or institution. Read about our user comment and privacy policies.
Your name and email address are required before your comment is posted. Otherwise, your comment will not be posted.
Be the first to comment