Cyber Incident Victim: Prince Edward Island
Date:
Apr 2018
Location:
Canada
Summary
The Prince Edward Island government website experienced a ransomware attack that encrypted its files, rendering them inaccessible and displaying a countdown timer threatening deletion unless a Bitcoin ransom was paid. Officials confirmed no user data was compromised during the incident. The provincial government restored operations using backups without paying the ransom, identified the exploited software vulnerability, and implemented a patch to prevent recurrence. Service disruptions included temporary replacement of the website with ransom demands and error pages before full restoration later the same day.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 23, 2018, visitors to the Prince Edward Island provincial government’s website encountered a screen stating, “Ooops, your website have been encrypted!” alongside a warning that all files were inaccessible without the attacker’s decryption service. The message instructed users not to waste time attempting recovery and included a countdown timer indicating when the files would be permanently deleted. The ransomware attack blocked access to the website’s content, demanding payment in Bitcoin to restore functionality while leveraging the cryptocurrency’s anonymity features. Provincial officials discovered the compromise Monday morning, prompting an immediate shutdown of the site to contain the incident. Initial visitor attempts to access the domain later displayed a blank page before the government posted a generic outage notification. Scott Cudmore, Director of Enterprise Architecture Services, confirmed the attack exploited a specific vulnerability in the website’s underlying software, though he did not identify the application. He emphasized that investigators found no evidence of personal data breaches during their initial assessment, prioritizing data safety as the rationale for taking the site offline.
The government restored full website functionality by 4:30 p.m. the same day without paying the ransom, relying instead on pre-existing backups to rebuild the compromised systems. Cudmore explicitly stated the province refused the attacker’s financial demands and mitigated the exploited vulnerability by applying a software patch to prevent recurrence. Officials conducted post-incident analysis to verify the integrity of restored data and confirm the absence of data exfiltration. The attack caused temporary disruption to public access to government online services but resulted in no confirmed theft or exposure of sensitive information. Restoration efforts focused on eliminating the initial attack vector while maintaining operational continuity through backup protocols.