An organization representing indigenous tribes in Canada recently paid a ransom in bitcoin worth thousands of dollars in order to regain access to computer files that had been encrypted by a hacker.
According to the Canadian Broadcasting Corporation (CBC), over C$20,000 worth of bitcoin was paid out by the Federation of Sovereign Indigenous Nations (FSIN) to an anonymous hacker who had breached the organization’s computer systems. FSIN, which represents 74 First Nations in the Canadian province of Saskatchewan, was reportedly first contacted five months ago when the hacker emailed a staff member demanding to be paid bitcoin worth over C$100,000 in order to allow access to encrypted files.
Per sources who spoke with the CBC, the hacker not only managed to gain control of the federation’s email system and internal files but also stole some data including files related to internal land claims, youth athletes as well as their coaches. Additionally, the hacker who managed to remain undetected for an unknown period of time, also accessed the treaty card numbers, social insurance numbers as well as the health claims of the federation’s staff and executives.
After the computer security breach was detected a meeting of the audit committee and the treasury board of the FSIN was held with some of the proposals being put forward being informing the police as well as going public about the attack. However, none of the suggestions were effected but the audit committee and the treasury board warned members of staff and the executives of the FSIN not to pay the ransom arguing that there were no guarantees the hacker would keep his side of the bargain and release the files.
Despite the committee’s warning, negotiations with the anonymous hacker continued quietly with the ransom eventually getting paid. According to the CBC, three members of the committee sought an explanation over the action that had been taken behind their back but they did get any. It is understood that a private cybersecurity firm has since then been contracted by the FSIN.
The move by FSIN’s executives to pay the ransom is similar to that taken by a Canadian town last month. Early in September, the town of Midland in the province of Ontario paid an unknown amount in bitcoin following a cyberattack which crippled the processing of marriage applications, reloading of transit cards, issuance of permits, email services and the processing of payments.
Unlike in the case of FSIN and Midland though, cyber thugs did not meet with the same luck when they hacked the computer systems of Carleton University in Canada’s capital, Ottawa, almost two years ago. As CCN reported at the time the educational institution simply refused to pay up the two bitcoin per machine that was being demanded and instead relied on its own IT department to secure and restore the affected network.
Featured image from Shutterstock.