Kingston’s Royal Military College is one of four military training schools in Canada targeted in a mysterious cyber attack. Discovered on the morning of Friday, Jul. 3, 2020, the attack has temporarily disabled the University’s online network.
“It looks like all their core systems got hit,” said David Skillicorn, a professor of computing at Queen’s University. Skillicorn said the attack also affected RMC Saint-Jean in Quebec, the Canadian Forces College in Toronto, and the Chief Warrant Officer Robert Osside Institute.
According to a July 6 blog post by Greg Phillips, Dean of Engineering and Associate Professor of Software Engineering at the RMC, the insurgent software exploits security holes to install itself, then encrypts the contents of disks, rendering it inaccessible.
“RMC has turned everything off so that the infection doesn’t spread,” Skillicorn said. “That seems to be what’s going on from the outside.”
While Phillips identifies the incident as a ransomware attack, where hackers demand payment to restore the content on a breached network, Skillicorn said that hasn’t been confirmed.
“I think we don’t know for sure that it’s ransomware. The more interesting question is: Were they asked to pay a ransom? If they weren’t, then this is probably the effort by some other country to embarrass the Canadian government rather than to make money,” he said.
While questions remain, Phillip’s instructions to other users on the RMC computer network leave few doubts about the severity of the event:
“Do not do anything to a computer that is connected to the RMC network,” his update reads. “Do not turn it on, do not turn it off, do not reboot it, do not try to log in, and do not connect an external drive or USB key. Any of these actions could potentially make the situation worse.”
While Phillips said the college’s core services will come back online over the next few days, one at a time in priority, a complete recovery may take weeks.
In a best-case scenario, Phillips said the college’s data will be unaffected and faculty will resume work as if nothing happened. In a worst-case, the data will be non-recoverable, and faculty will have to rely on whatever backups they have. Phillips also noted the possibility of an “intermediate case.”
“If we’re particularly lucky it may be possible to recover encrypted data,” he wrote. “But this will take time.”
RMC College Information Services and Shared Services Canada are working with a team from the Canadian Forces Network Operations Centre that was dispatched to Kingston to assist. Phillips also notes that members of the RMC Computer Security Lab are providing consulting support.