Cyber Incident Victim: Prince Edward Island
Date:
Feb 2020
Location:
Canada
Summary
A ransomware attack targeted the government network, prompting immediate containment measures and an investigation to protect residents' information. The attackers, identified as Maze Team, publicly listed the victim for non-payment and leaked exfiltrated files as proof of compromise. While services remained operational, recovery efforts caused temporary slowdowns. Authorities asserted no evidence indicated personal data was affected and maintained transparency by notifying the public about the incident despite the lack of significant disruptions. The government emphasized its commitment to safeguarding information while continuing restoration processes.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 23, 2020, Prince Edward Island’s provincial government discovered malware on its network, later confirmed as a ransomware attack attributed to the Maze Team cybercriminal group. The attackers publicly listed PEI as a victim on their leak site, a tactic used to pressure non-paying targets, and published a sample of exfiltrated files as proof of compromise. PEI’s administration responded by immediately implementing undisclosed “best practice measures” to contain the malware and launching an investigation to assess the breach’s scope. In a public statement issued on February 25, officials emphasized their priority to protect residents’ personal information and asserted no evidence indicated such data had been compromised. Despite the attack, government services—including client payments—remained operational, though residents experienced temporary slowdowns due to ongoing recovery efforts.
The incident drew attention when Maze Team’s victim listing revealed the attackers’ failed extortion attempt, as PEI neither paid the ransom nor suffered significant service disruptions. DataBreaches.net contacted the province to inquire about the ransom amount and potential personal data exposure but received no publicized response. PEI maintained throughout its recovery phase that most compromised data likely constituted public records, minimizing perceived risks to individual privacy. Recovery efforts focused on eliminating residual malware and restoring full system performance while monitoring for unauthorized data disclosures. The province’s transparency in notifying residents contrasted with Maze Team’s inability to escalate the attack’s impact, underscoring PEI’s operational resilience against the ransomware campaign.