11 Shocking Canadian Ransomware Attacks of 2022

In 2022, Assurance IT reported on a minimum of four cybercrimes every week. We’ve reviewed some many stories over the year – even ones that were barely acknowledged by the media. In this article, we went back to identify the most shocking Canadian ransomware attacks of the year that didn’t get the attention they deserved.

‍

‍

1.      Former Canadian Government Employee Arrested for Involvement in Multiple Ransomware Attacks

‍

Sebastien Vachon-Desjardins was an IT Consultant for Public Works and Government Services in Canada. He was sentenced to 7 years in prison after pleading guilty to 5 charges related to theft of computer data, extortion, the payment of cyptocurrency ransoms and participating in the activities of a criminal organization. However, he was just extradited to the US where he faces more charges. He is alleged to have participated in the ransomware group called NetWalker.

‍

As part of an international law enforcement campaign targeting NetWalker, Vachon-Desjardins was arrested this January. His home in Quebec had 719 Bitcoin valued at $28.1 million and $790,000 in Canadian currency. The dark web site he used was also seized. (TechCrunch)

‍

‍

‍

Takeaway

We have this perception that these hackers are somewhere across the world, speaking another language, when in reality, they can be our neighbors.

‍

‍

2.      Ethical Hacking in Canada Government Under Investigation

‍

Are the Feds focusing on the wrong investigation after a Member of the Legislative Assembly of Edmonton hacked the vaccine records of the province?

‍

‍

A Member of the Legislative Assembly of Edmonton came out and admitted that he hacked the vaccine records of the province. He breached the website and accessed the records to demonstrate how easy it was to get to the information. He initially attempted it because someone told him there was a weakness in the system. (CBC)

‍

‍

Takeaway

Are the Feds focusing on the wrong investigation after a Member of the Legislative Assembly of Edmonton hacked the vaccine records of the province?

‍

Unfortunately, this story fell under the radar and didn’t get much more attention, leaving us with more questions than answers.

‍

Did he tell anyone he would try the breach?

‍

Did he do the hack while he was in a government building?

‍

Did he steal any data?

‍

Companies pay experts thousands of dollars to ethically hack their systems and help them find vulnerabilities.

‍

However, the organization always knows about the ethical hack before it takes place. If you’re trying to hack an organization ethically, it needs to be communicated to the party.

‍

‍

3.   Regina Public School Victim of Serious Cyberattack

‍

The BlackCat/ALPHV ransomware group is claiming responsibility of the Regina Public School cyberattack. The school does not have access to internet-based systems such as email and other education tools. The grading system, remote school and attendance is also not available. This caused some issues as the attack happened right before the end of the school year.

‍

The hackers claim to have stolen and made copies of 500 gigabytes of data including tax reports and health information like passports and social insurance numbers.

‍

The school immediately shut down its systems but has to decide whether or not it will pay the ransom. Other options include rebuilding the entire network off of backups. This is something the City of Saint John did in 2020 instead of paying a ransom of up to $20 million worth of Bitcoin. (CBC)

‍

‍

Takeaway

Foundations, hospitals, schools, government are pillars in society. Disrupting one of those pillars and people will take notice.

‍

Hackers know these industries don’t have a great cyber security posture and need to maintain “business continuity” as a main pillar in society.

‍

Cyber criminals are ruthless and want to cause as much chaos for the biggest payout as fast as possible. These pillars needed cyber security yesterday. Hackers will not leave them alone.

‍

‍

4.   Ontario County Hit with Ransomware Attack. Could be by Russian Cyber Criminals.

‍

Elgin County, located in the province on Ontario, Canada, was the victim of a cyber attack that left their website down for weeks. On top of that, 10% of their data was exposed online.

‍

Global News learned that the county is one of many victims of Russian-based ransomware syndicate.

‍

“When groups delist stolen data, as appears to have happened here, it can mean a number of things, including that the target organization’s paid, or that it has agreed to come to the negotiating table,” said Brett Callow, a Vancouver Island-based threat analyst. (GlobalNews)

‍

Takeaway

‍

We may not be physically fighting in the war but cyber attacks are going to be on the rise. Russian-based cyber groups are working endlessly to target businesses online.

‍

‍

5.      Bell Technical Solutions Hacked by Hive Ransomware Group

‍

Bell Canada’s subsidiary Bell Technical Solutions (BTS) got breached by Hive ransomware group on August 20th, 2022. Apparently, they accessed personal information of Bell’s employees including finances, recruitment, birthdays, COVID-19 information and more.

‍

“We took immediate steps to secure affected systems and we want to assure our customers that no database containing customer information such as credit and debit card numbers, banking or financial data was accessed in the incident,” a spokesperson said. (maplesyrup)

‍

‍

Takeaway

It was reported that they took immediate action but it isn’t clear if they told anyone right away. It was in the News a month after the attack. Usually, ransomware attacks get reported right away. It’s always interesting to see how companies react when they get breached.

‍

In this case, Bell Technical Solutions acted promptly. However, it doesn’t seem like they told anyone right away. Employees and customers of any company deserve to know if they may be the victim of identity theft.

‍

‍

6.      Hydro-Quebec Fires Consultants After Cyber Security Risk

‍

Hydro-Quebec found out that six consultants on payroll had downloaded a software that stimulates movement on their computer while working from home.

‍

In other words, the software moves the mouse to make it seem like they are actively working. Immediate action was taken and the consultants were let go.

‍

Now, Hydro is looking into their 11,000 remote workers. Hydro-Quebec said they don’t monitor activity of their employees but they do monitor their network for external threats.

‍

One of the representatives from the news outlet said that this kind of software poses cyber threats as many of them have ransomware built into them.

‍

So other than stealing time from the company, these consultants could have imposed much bigger risks to the organization. The original article is written in French. (LaPresse)

‍

‍

Takeaway

Companies should know exactly what software is on every endpoint – whether that is a computer, laptop, tablet or smartphone.

‍

The article tries to make it seem like these consultants were awful and Hydro-Quebec caught them. But it reveals they didn’t have the proper security measures in places.

‍

They’re clearly missing endpoint management. In many companies, you need to get permission to download software on your computer. That’s an extra layer of protection that we also recommend.

‍

‍

7.      Toronto Symphony Orchestra affected by Ransomware on Email Provider

Email provider, WordFly, admitted to having a network disruption on July 10th. A few days later, the Toronto Symphony Orchestra warned it’s patrons that their personal information may have been compromised.

‍

“We have come to learn that WordFly was subject to a ransomware attack,” the TSO said in its email. “As part of the incident, the attacker exported customers’ information from the WordFly environment, including patron information that WordFly was handling on behalf of the TSO.” (cp24)

‍

‍

Takeaway

You are only as strong as your weakest business partner. Third-party breaches are becoming more common and I wouldn’t be surprised if more companies implement stronger due-diligence processes when  I wouldn’t be surprised if due diligence on your vendors will be 100% required for every company in the future because of stories like this. This type of story is emerging weekly!

‍

‍

‍

8.      City in Ontario Hacked by Huge Ransomware Gang

The town of St-Mary’s was hit with a ransomware attack. At the time, they were only at 80% of their operations. Public services were not directly impacted and their operations seem to be working from an external perspective. Internally, they have identified a malware as the culprit.

‍

No ransomware demand was sent to the municipality, but the infamous ransomware gang, LockBit has posted a letter claiming to have a copy of the date. The town let authorities know and have hired external help to overcome this attack and restore operations. (FinancialPost)

‍

‍

Takeaways

If I were to ask you to identify St-Mary’s, Ontario on a map, most of you wouldn’t be able to locate it. Yet, somehow, one of the largest ransomware groups were able to find a vulnerability in their system. The LockBit group reportedly have been involved in over 39,000 ransomware attacks.

‍

What concerns me the most is the 67 GB of confidential and financial data that has been compromised. Regardless, if they can restore or not from their backup, the data has been compromised already. That could have a very big impact for a lot of people.

‍

‍

9.      Late Payday for Teachers and Staff in Waterloo

The Waterloo Region District School Board were breached affecting payroll. It was established that direct deposits will be done as they sort things out. However, they are not sure on a timeline as to when things will be restored.

‍

“At that time, spokesperson Estefania Brandenstein said she was unable to say what kinds of files — if any — may have been accessed or if the school board paid money to regain access to its system.” (CBC)

‍

Takeaway

Six months after this breach and they’re still working on the aftermath of the attack. This is unfortunate and we reached out to them if they needed help.

‍

10.     188 Flights Delayed

Sunwing passengers were stranded as a result of a breach of their external partner, Airline Choice. In other words, this is a story of a third-party breach.

‍

According to Airline Choice, hackers accessed and compromised systems containing data. Many people were told that their flights were delayed. Others were stranded unable to get on a flight. Boarding and check-in features were impacted and it became a nightmare for both passengers and Sunwing staff. 188 flights were impacted because of the hack. (CityNews)

‍

‍

Takeaway

Risk of third-party breaches will become top of mind. One of Toyota’s vendors got breached earlier this year. The car manufacturer had to stop operates of a handful of their plants. No matter how safe your company is, one of your business partners may not be.

‍

‍

11.      Quebec Farmers' union Attacked

‍

Employees couldn’t access its network at the Union Des Producteurs Agricoles (Union Of Agricultural Producers), Quebec’s farming association after suffering a cyberattack earlier this year. All their computers were affected. The incident should not impact the farmers in the short-term. The hackers are demanding a ransom in exchange for a decryption key. (MontrealGazette)

‍

Takeaway

‍

As a Montreal-based company, these ransomware attacks are hitting very close to home. We might be able to disassociate from the attacks because the “hackers won’t try to target us.” But this story makes it very real. Had farmers been impacted, we (consumers) would have been in big trouble.

‍

‍

11 Takeaways from ransomware attacks on Canadian companies

1.    Hackers can be anyone, including your neighbor.

2.    Not all cyber scandals get follows up.

3.    Hackers prey on the most vulnerable industries.

4.    The Media doesn’t cover the Ukraine-Russian war as much but you best believe we’re part of this battle…online.

5.    It will be illegal to hide ransomware attacks…one day.

6.    Endpoint management helps identify what software is on every computer.

7.    You are only as strong as your weakest business partner.

8.    Ransomware gangs do not discriminate – small or big, private or public, if you have a vulnerability, eventually a criminal will find it.

9.    The aftermath of a breach is long and expensive.

10. You are only as strong as your weakest business partner.

11. Ransomware attacks are happening every day – and they are close to home.

‍