The Royal Military College (RMC) of Canada in Kingston, Ont., is currently assessing damage done by a cybersecurity attack, according to the Department of National Defence (DND).
The college trains Canadian Armed Forces members in university-level degrees and welcomes students from across the country.
A statement from the department noted the attack affected the college’s academic network, which is used for general administration, student communications and research, but is separate from the DND and Canadian Armed Forces networks, which the DND says are currently unaffected.
The DND has not clarified the extent of the breach, but said the incident took place on July 3 and forced the college’s temporary disconnection from its academic network.
“RMC workstations were immediately isolated from the network to prevent further infection,” the DND statement read.
Currently, services for employees and students like emails are offline in order to prevent the “damage and spread” of the attack.
David Skillicorn, a professor at Queen’s University in the School of Computing Mathematics and Computer Science department of the Royal Military College, said it’s possible that the attack was a ransomware.
“They encrypt your files and then they tell you that they’ll decrypt them if you pay them some money, as with most extortion, that’s probably a silly thing to do because some criminals, at least, couldn’t decrypt your files even if they wanted to,” Skillicorn said.
He did say it takes some sophistication to shut down the entire network for the military college, but that it’s highly unlikely that an organization like RMC would pay a ransom. This, he said, points to other, non-monetary goals for a target like RMC.
“I’m sort of inclined to wonder whether this is an effort at embarrassment by some other country just because it’s supposed to be the military college and it’s got a strong cybersecurity program, and so it might be a little bit embarrassing they got caught this way,” Skillicorn said.
The professor noted that a blog post from an employee said the attack was ransomware, but DND has not confirmed that fact. Global News has also not been able to verify that the post was written by a RMC employee.
Skillicorn added that for the most part, ransomware attacks are more of a nuisance for large organizations since they back up their systems for these types of instances.
“In this case, I would expect the backups to be probably pretty good, but it’s taken already five days. And I suspect that’s because of an excess of caution,” Skillicorn said.
He also said ransomware attacks have become incredibly difficult to detect, and that all organizations are fighting against similar attempts on a daily basis.
Most ransomware attacks are done through a technique called spearfishing, he said, where a hacker is able to send an email nearly identical to an internal email.
“So that’s an email very carefully crafted with an attachment that does something bad, which rings no alarm bells in the person who receives it. And with the best training and the best will in the world, it’s incredibly difficult now not to click on that attachment when it’s from somebody you know,” he said.
DND has given no timeline for when they expect their systems to be back to normal but said they are still monitoring the situation.