11 Canadian Ransomware Attacks You May Have Never Heard Of In 2021

Everyone heard of huge ransomware attacks in 2021 like Colonial Pipeline, ACER and the NBA. As a Canadian-based company we wanted to find the attacks that were a little closer to home. The following is a list of 11 cyberattacks on Canadian businesses that happened in 2021.

1. Superior Plus Corp

Superior Plus Corp, based of Toronto, distributes and sells propane, distillates and related products. Servicing over 780,000 customers in Canada and the US, they reported a ransomware attack on Sunday, December 12, 2021, affecting their computer systems. They are not sure how it happened but quickly took steps to mitigate risk. (BusinessWire)

‍

2. Toronto Transit Commission

In October 2021, the Toronto Transit Commission (TTC) were hit with a form of malicious software that encrypted their data. They aren’t sure if personal information was leaked. However, they did encrypt data and locked out users. Communications were not working and caused service disruptions. Interestingly, the TTC never submitted their cybersecurity report and many are wondering if that is what lead to the attack. (FlamboroughReview) (Toronto Star)

‍

3. D-Box

D-Box, entertainment provider, based out of Montreal, suffered a ransomware attack on their supply chain on July 14, 2021. D-Box separates internal systems from those managing its clients so the attack did not affect their partners. After some research, it seems like the intent of the attack remains unclear. They were able to get back up and running but there is no mention of whether or not a ransom was paid. (Latest Hacking News).

‍

4. Canada Post

In may 221, Canada Post was the victim of a malware attack through a third party vendor. It affected 950,000 parcels. Postal addresses, emails and phone numbers were exposed. They informed their shareholders and implemented proactive measures to avoid this from happening again. (The Daily Swig)

‍

5. Canada Revenue Agency

In August 2021, the Canada Revenue Agency (CRA )and GC Key accounts were subject to credential stuffing attacks. Approximately50,000 accounts were targeted. The security of taxpayers’ information was at stake. They were forced offline. (Global News)

‍

6. Heartland Farm Mutual

In July 2021, Canadian Insurance firm, Heartland Farm Mutual, was breached and may have exposed the personal data of clients. The hackers accessed an employees email inbox which contained the personal information of clients. They firm quickly took action to remove unauthorized access. (The Daily Swig)

‍

7. Bombardier

Airplane maker, Bombardier got attacked through the vulnerability in Accellion file sharing software. Although personal information of employees and clients were not leaked, airplane design documents and documents to spare parts were accessed through this attack. (Cybersecurity Insiders)

‍

8. Fortis Ontario

In March 2021, Fortis Ontario, the parent company of Cornwall Electric, a third party contractor responsible for billing was victim to a ransomware attack. Personal information was not leaked but all customers were told to keep high alert of suspicious activity. (Seaway News)

‍

9. Home Hardware Stores

In February 2021, Home Hardware Stores was attacked. Corporate data was appearing online but the company revealed their 1050 stores had no client data leaked. (Financial Post)

‍

10. City of Montmagne

On January 16, 2021, the Quebec city of Montmagne was hit with a ransomware attack that shut down their systems and phone lines. The hackers encrypted their data on their servers and then asked for a ransom. Systems were restored after 6 days. (The Press Stories)

‍

11. Promutuel

On January 14, 2021, Quebec-based insurance company, Promutuel, was hit with a ransomware attack that crippled its systems. Customers were not able to access their accounts and when Promutuel did not pay the ransom, the hackers leaked customer data online. (TechNadu)

Thoughts on 2021 Ransomware Attacks

The ransomware attacks affected organizations differently. Some were unable to function whereas others just needed to add extra measures of protection. There is one common denominator in each of these cases, and that’s lack of trust. There was uncertainty in each case and it seemed like no one knew what was happening. Cyber attacks are inevitable, but with the right business continuity measures in place, certainty and trust can remain.

__________________________________

‍

Are you a Veeam customer?

Get 1TB of Cloud Connect Backup for Free when you renew your Veeam Support Contract with Assurance IT: https://www.assuranceit.ca/veeam-with-assuranceit

‍