Stephen Van Dine, Yellowknife’s city manager, said that due to early detection and response by the city’s IT team, findings so far indicate that no data was breached after a cyber security incident was detected last week.
“Because we had these basic checks in place and we mobilised based on that information relatively quickly, we were able to prevent what tends to happen in other organisations, where if they don’t move quickly, then really serious things can definitely happen.”
Yesterday, city officials announced that a cybersecurity incident is temporarily impacting access to some internal systems and online services. Van Dine said the issue was first discovered on Thursday thanks to a regular system check that flagged what could have been a serious breach.
Van Dine told True North FM that incident response protocols have been enacted including the implementation of additional measures to further enhance the city system’s network security. The additional security measures are impacting some city services currently.
City officials assured public safety and critical infrastructure systems remain fully operational.
City staff discovered the issue on Thursday after noticing suspicious activity that was flagged by the system.
“Thursday in the early morning hours, we had a detection or indication that there had been tampering or a potential cyber breach.”
At that point, the IT team began running queries and protocols and reached out to the city’s security firm to begin an investigation. Van Dine said that by the end of the week they had more information.
“By Friday, we had enough information to confirm that there was some malicious activity, suspicious activity and we advised all employees to reset passwords as a standard protocol.”
As the investigation continued, the city’s IT team took more action to keep the system secure.
“By Saturday, after we were able to assess well over 100 devices, we realised that the most prudent course of action would be to essentially, unplug City Hall from the internet which is what we effectively did on Saturday and we alerted residents, that we were having some technical issues at that time, while our investigation was continuing,” said Van Dine.
By Sunday, city staff including cyber security experts had a “ better sense” of the nature of the issue.
“By that time, we were able to confirm that we didn’t suspect that there had been any major corruption of personal data or taking of personal data. We were able to at that point, at least get a pulse check on whether there was any malware or ransomware that might have been invoked or corrupting our system.”
And at that point, the results of the investigation showed that no malware or ransomware had infected the system, said Van Dine. And “so far” all reports received have shown that the system is not corrupted.
“At this stage, we’re continuing to do our tech and our due diligence,” said Van Dine.
Looking back on what happened, the basic system checks were effectively able to prevent a security breach.
“What they were able to do based on the basic integrity checks and screen checks that we have, is flag that there was something going on and that flag was sufficient enough to motivate us into action.”
Van Dine said the city avoided what could have been a ransomware situation in which they would have had to pay someone to help them unlock the system.
“So, we were able to (avoid that) because we had these basic checks in place and we mobilised based on that information relatively quickly, we were able to prevent what tends to happen in other organisations, where if they don’t move quickly, then really serious things can definitely happen.”
Ransomware attacks on cities can not only impact private data and public security, but can also cost millions of dollars. In 2024, a ransomware attack on Hamilton, Ont. costed the city over $7 million dollars to date.
The cyber security incident was likely caused by what cyber security experts call a “seed” that is baited into a system. The security danger was flagged before it could cause damage.
“What we’ve learnt from our security provider is that there is a known entity out there that does look at these ransomware types of situations. They look to penetrate, they look for opportunities to seed websites all over the Internet. And if you’re unfortunate to click on a fairly innocuous site that could be a gateway error, an entry point into this potential corruption,” said Van Dine.
The cause is still being assessed and the IT team is making plans on how to reinforce the same system checks that helped alert them as well as looking to make additional plans to revamp security.
“Once this is all over, we’ll do a thorough review and see what we can do to update our practises to minimise this potentially happening again in the future,” said Van Dine.
Van Dine said the city’s IT team has worked hard to resolve the issue and is learning from the situation what the most effective ways are to protect the system.
“We’re certainly going to learn a lot from this exercise. We’re certainly thankful and grateful that the basic systems that we’ve had in place and the quick action and skill of our team to mobilise and and get additional assistance with with it,” said Van Dine.
“We are going to continue to unpack exactly all the things that got us to this point. Both the good things we’ve done and and whether there’s some things that we can improve upon and then we’ll assess what we need to do,” he added.
Van Dine said he is really proud of the I.T team and everyone who stepped up and alerted management quickly.
Van Dine said the city is hoping to “ring the all clear” soon.
“At the moment our point of sale is the most impacted part of the service to the public. We’ve been able to maintain all other levels of services to the public,” he said.
Yesterday, an announcement from city officials advised the public to delay payments until the system issues have been fully resolved.
City employees have had their access to email disrupted as well as not being able to access day to day documents because of temporary measures in place.
Van Dine expressed appreciation to city staff and to all Yellowknifers for being patient as the city works through the issue and the city hopes to get things fully back into service before the end of the week.
