Tag: Canadian | Page 2

Canadian university dealing with ransomware attack on email system

June 3, 2023/in Internet Security

Canada’s University of Waterloo is dealing with a ransomware attack on its email system, the school confirmed this week.

On Wednesday, the school vice president Jacinda Reitsma said the university had stopped an attempted ransomware attack on May 30 and has been working to limit the impact of the initial breach that preceded the cyberattack. The Waterloo, Ontario-based school serves more than 40,000 students.

Reitsma explained that the school’s on-campus Microsoft Exchange email services were affected by the ransomware attack, sparing those who only use their cloud-based email.

But as a result of the attack the school had to disable the email system temporarily meaning students could not log in or create new accounts. Students also were not able to sign into other educational platforms with their email credentials, like Workday, Waterloo LEARN, and more.

“We are aware of a breach involving our on-campus email service (Microsoft Exchange). This service has now been isolated. Most Microsoft Exchange accounts are currently housed in the cloud and are not affected,” Reitsma said.

“This means that for most people on campus, your email access is unaffected. As we continue to investigate the impact of this breach, we may need to isolate more services which means you may not be able to access some systems throughout the day today.”

In an update on Thursday, the school said it was initiating a complete system shutdown and reset on Thursday night, which lasted about six hours.

Access to the school library’s online resources, including Omni and course reserves, were impacted by the outages. The school held a town hall to explain the situation to students and faculty with concerns about the incident.

On Friday, Reitsma said the reset was successful but noted that students and faculty will have to change their passwords before June 8. Those who miss the deadline will be locked out of their accounts and will need manual help from the school’s IT team.

The Royal Canadian Mounted Police told Canadian media outlet The Record that it discovered the attack on Tuesday and informed the Waterloo Regional Police as well as the university’s Special Constable Services.

No ransomware…

Source…

Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack

March 2, 2023/in Internet Security

Canadian bookstore chain Indigo this week confirmed that the personal information of both current and former employees was stolen in a ransomware attack last month.

The hack, Indigo says, took place on February 8 and resulted in the company taking down affected systems to contain the incident. The company was able to restore online payments and exchanges and returns two weeks ago.

The investigation into the incident has revealed that some employee data was compromised during the attack, but Indigo says it has no evidence that customer data was accessed. No credit and debit card information was impacted, the company says in an update d notice on its website.

Should the investigation reveal that any customer data has been compromised, Indigo promises to contact the impacted individuals immediately.

The ransomware deployed during the attack, Indigo says, was LockBit, which is known to be used by cybercriminals either located in Russia or with ties to Russian organized crime.

The company says it has already started notifying impacted individuals of the incident, but did not say how many were affected. Indigo currently operates more than 160 stores across Canada and has over 8,000 employees.

Indigo also says that it has been working with Canadian authorities and the FBI to investigate the attack and that it does not plan to give in to the attackers’ ransom demands.

The hackers, however, have threatened to publish the stolen data on the dark web starting this week, unless a ransom is paid.

“The privacy commissioners do not believe that paying a ransom protects those whose data has been stolen, as there is no way to guarantee the deletion/protection of the data once the ransom is paid. Both US and Canadian law enforcement discourage organizations from paying a ransom,” the company notes.

Source…

A small Canadian town is being extorted by a global ransomware gang

July 22, 2022/in Internet Security

The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.

The small town of around 7,500 residents seems to be the latest target of the notorious LockBit ransomware group. On July 22nd, a post on LockBit’s dark web site listed townofstmarys.com as a victim of the ransomware and previewed files that had been stolen and encrypted.

Screenshot taken from a ransomware group’s website. Text reads: “The Town of St. Marys is located at the junction of the Thames River and Trout Creek, southwest of Stratford in southwestern Ontario. Rich in natural resources, namely the Thames River, the land that now makes up St. Marys was traditionally used as hunting grounds by First Nations peoples. European settlers arrived in the early 1840s. Stolen data (67GB): financial documents, plans, department, confidential data” — LockBit ransom listing for the Town of St. Marys

In a phone call, St. Marys Mayor Al Strathdee told The Verge that the town was responding to the attack with the help of a team of experts.

“To be honest, we’re in somewhat of a state of shock,” Strathdee said. “It’s not a good feeling to be targeted, but the experts we’ve hired have identified what the threat is and are walking us through how to respond. Police are interested and have dedicated resources to the case … there are people here working on it 24/7.”

Strathdee said that after systems were locked, the town had received a ransom demand from the LockBit ransomware gang but had not paid anything to date. In general, the Canadian government’s cybersecurity guidance discouraged the paying of ransoms, Strathdee said, but the town would follow the incident team’s advice on how to engage further.

Screenshots shared on the LockBit site show the file structure of a Windows operating system, containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Per LockBit’s standard operating methods, the town was given a deadline by which to pay to have their systems unlocked or else see the data published online.

Brett O’Reilly, communications manager for the town of St. Marys, directed The Verge to a press statement issued by St. Marys in which the town gave further details. Per the statement, essential municipal services like transit and water systems have been unaffected by the incident, and the town is attempting to unlock IT systems and restore backup data.

According to an analysis by Recorded…

Source…

Canadian admits to hacking spree with Russian cyber-gang

June 29, 2022/in Computer Security

The leaders, who are still at large, communicate in Russian online and ensure that their malware does not infect Russian computer systems, or those of former Soviet countries whic …

Source…

Tag Archive for: Canadian