According to Canadian Broadcasting Corporation (CBC), an organization representing native tribes of Canada, recently paid ransomware in bitcoin worth CAD 20,000 to regain access to the hacked files by an anonymous hacker.
The bitcoin paid by the Federation of Sovereign Indigenous Nations (FSIN), Canada’s indigenous tribe’s organization to an anonymous hacker that was able to breach and scam its way into computer files of the organization.
They were contacted five months ago, for the first time via mail to one of the staff members of the company, demanding to be paid bitcoin worth C$100,000 to regain the access to hacked computer system and encrypted files.
According to some sources familiar with the matter says that the hack was a major dilemma as the hacker had not only stole some of the data file systems, but it took hold of important internal files with data concerning internal land claims. Most of all, the hacked system gave away the control of federation’s email system to the hacker.
The matters grew tenuous when the hacker was able to remain anonymous and untracked for quite a long time. As a result, the hack also gave the social insurance numbers, treaty card numbers, and the health claims of all the staff and executives of federation whose data stored on the online system.
As soon as the computer breach was detected, the committee held a meeting with the board of members and raising proposals which could help the matters, before disclosing information to police or public. Initially, there were no suitable proposals or suggestions for the matter, and the treasury board warned the staff members and the federations’ executives not to meet the demands of the hacker.
The reason behind decided not to pay ransomware was no concrete proof said that the breached system would be back or if the hacker will hold his side of the bargain. Despite the board members’ warning, the negotiations continued with the hacker, and the bitcoin ransomware ended up being paid by the organization.
CBC claims that three committee members asked for the reason behind the negotiations behind the back of the board but had no explanatory answers. It is understood that FSIN then contracted a private cybersecurity firm to deal with the matters.
This incident also reminds of the similar matter arising early September this year. A town in Midland, in Ontario province, paid an undisclosed amount of bitcoin as ransomware to a cyber attack which crushed their marriage applications, issuance of permits, transit cards, email services as well as payment processing.
Carleton University in Ottawa also suffered the same attack almost two years ago where the hacker demanded two bitcoin per machine. However, the education institution followed their procedures and relied on their IT department to retrieve the network securely.