Canadian power company gets hit with Netwalker ransomware

May 12, 2020
ntpc northwest territories power corporation netwalker ransomware malware financial malware antimalware hacking dark web

A major power provider in Canada has just suffered a ransomware attack, Thursday afternoon. The Northwest Territories Power Corporation’s (NTPC) had an unexpected cyber security incident when its official website went down and had some of the pages taken over, showing what looks like a ransom note from the unknown hackers. The headline of the message says – “Hi! Your files are encrypted by Netwalker.”

The message appears on the official NTPC website (MyNTPC) and states that the files were taken and encrypted. The Netwalker malware even had a warning that any attempt to shut down their servers, reboot, or efforts to recover the files will result in damage and eventual loss of all their encrypted data.

A special message, allegedly directed to one of the executives of NTPC contains several instructions, including the “no shutdown” order to avoid data loss. The message also instructs the user to download “tor browser” – a browser designed to access the Dark Web. This will lead the user to verify the decrypted files via a series of codes provided by the hackers.

This pattern has led cyber security experts to believe that the hackers intend to either sell or leak the acquired data on the Dark Web if NTPC doesn’t cooperate. Although the message does not have any mention of ransom, it was advertised that decryption for a single file will be “for free”. Perhaps it was some sort of goodwill offer to enable the user to verify the legitimacy of the threat.

According to several cyber security researchers, the alleged hackers believed to have used a malware variant called – Netwalker – a ransomware that has been used to attack several utility companies, healthcare providers and government agencies worldwide.

This incident was immediately reported to the appropriate authorities and NTPC released a statement thereafter. They confirmed that a cyber attack indeed took place and that the proper authorities are now conducting their investigation. The website was also taken down and is now unavailable.

Several citizens and security professionals have expressed their disgust and frustration towards the act and ultimately condemned the hackers from doing such mindless and inhuman deeds in a time like this. Of course, they are referring to the global pandemic crisis caused by the coronavirus. With everything that’s been going on in the world right now, the last thing they need is an attack on a crucial branch of infrastructure, critical to their everyday lives.

No timetable has been set by the concerned authorities, which involved the Canadian Cyber Security Agency, Territorial and Federal Government agencies. NTPC, together with these agencies are still determining whether other areas of their operation were affected or compromised. This includes power generation, transmission and regional distribution systems. So far, the overall electrical systems continue at normal functioning capabilities.

The NTPC’s email system, however, was shut down in order to check if it’s impacted. In the meantime, visitors are advised to check NTPC’s social media account for further updates.

About the author

Leave a Reply