Canadian Nurses Association hit by cyber attack

The Canadian Nurses Association says it has suffered a cybersecurity incident, but isn’t commenting on a report that the attack was ransomware.

“We can confirm having experienced an IT security incident on April 3, 2023 which impacted some of our systems,” Alexandre Bourassa, the association’s public affairs lead, said in an email to IT World Canada. “The incident did not impact our operations.”

He was responding to a query about  a tweet on Sunday by Brett Callow, British Columbia-based threat analyst for Emsisoft, who said the Snatch ransomware gang now lists the CNA as a victim. Bourassa was told about the tweet but didn’t directly answer whether the attack was ransomware.

The CNA represents 460,000 nurses in all categories — registered, nurse practitioners, licensed and registered practical nurses, and registered psychiatric nurses — across the country. Provincial and territorial nurses’ associations represent members in negotiations with their respective governments.

According to researchers at Sophos, the Snatch malware reboots an infected Windows computer into Safe Mode, where most security software doesn’t run. Then it encrypts the victims’ hard drives. Sophos believes the Snatch gang has been operating since 2018.

At the time of the 2019 Sophos report, the gang commonly penetrated enterprise networks by automated brute-force attacks against vulnerable, exposed services such as Windows RDP (remote desktop protocol). In one incident Sophos investigated, the attackers initially accessed the company’s internal network by brute-forcing the password to an administrator’s account on a Microsoft Azure server, then logged into the server using RDP.

The attackers installed surveillance software on about 200 machines, or roughly five per cent of the organization’s computers, Sophos found. After that, the attackers installed several malware executables, one of which appeared to be designed to give the attackers remote access to the machines without having to rely on the compromised Azure server. The attackers also installed a free Windows utility called Advanced Port Scanner to discover additional machines on the network they could target.

According to an April report by researchers at Gridinsoft, a Ukrainian antimalware provider, those behind Snatch usually don’t steal data before encrypting it.

Besides disabling the third-party antivirus software, the report says Snatch ransomware also suspends Windows Defender in a well-known way – through editing the Group Policies. To prevent any recovery attempts, it also removes the Volume Shadow Copies and the backups which were created with basic Windows functionality. This, the report notes, is a common ransomware tactic.

In his response to IT World Canada, Alexandre Bourassa of the CAN said the association immediately launched an investigation and hired leading third-party experts for assistance efforts. “As a precautionary measure,” he added, “we notified the appropriate law enforcement authorities. We are unable to provide further details while this investigation is ongoing.

“We are working closely with our industry-leading partners to implement enhanced security measures to protect our systems, and to prevent this type of incident in the future.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now