Canada

Copper Mountain Mining Corp. was the target of a ransomware attack on Dec. 27. The attack targeted the IT systems at its Copper Mountain Mine and corporate office. Copper Mountain said it implemented risk management systems, isolated operations, switched to manual processes, and preventatively shut down the mill "to determine the effect on its control system." "There have been no safety or environmental incidents as a result of the attack," the company said.

In August 2020, Mount Locker ransomware gang targeted Engineering and Technology giant ThyssenKrupp in what appears to be a data breach. Threat actors gained access to critical HR information and documentation regarding the company’s present and past employees through the ThyssenKrupp Materials group of firms in the United States and Canada.

Mount Locker ransomware operators advertise what seems to be 30 MB of data related to ThyssenKrupp System Engineering group.

Sunwing Airlines CEO, Mark Williams, revealed that the system the airline uses for check-ins and boarding was “breached” over the Easter long weekend. “A system that is up and running all the time, which never fails, was hacked,” Williams told CP24.

After 5 days, delays still occurring as service is restored. Williams told CP24 that due to the sensitive information that might have been breached, government agencies want to ensure that the breach has been remediated before resuming operations.

188 flights, thousands of passengers stuck and delayed when check-in systems taken offline, for 5+ days.

PAX reports the company targeted by the cyber attack was Illinois-based Airline Choice, which provides airline check-in and passenger security solutions.

On May 31, 2022, CMC Electronics (CMC) identified that an unauthorized third-party had gained access to their computer network and disrupted operations in connection with a ransom demand. They proactively took steps to shut down network to protect systems and data. AlphV ransomware claimed responsibility on their site.

Procurement records show CMC has done millions in work for the Canadian Armed Forces, chiefly in aerospace engineering and research and development — approximately $19.5 million since 2011, according to DND.
The majority of the contracts (66) were for research and development or engineering services.

According to the FBI, AlphV, also called BlackCat, had compromised at least 60 organizations worldwide as of March 2022..

The Quebec-based company, which makes snowmobiles, personal watercraft and all-terrain vehicles, said it had been the target of “malicious computer activity” and had taken “immediate steps to contain the situation.” BRP (formerly Bombardier Recreational Products) said it has hired cybersecurity experts to help secure its systems and support an internal investigation. Suspending operations could delay some transactions with customers and vendors, BRP said.

BRP provided an update on the situation on August 15: "The Company confirms that the malware infiltration came through a third-party service provider. BRP believes that the impact of the cyberattack was limited to its internal systems." "The evidence collected so far allows BRP to believe that the impact of this incident from a data privacy perspective should be limited. "

Canada Post disclosed that a third-party supplier named Commport Communications suffered a ransomware attack where threat actors accessed data stored in their systems. This accessed data includes shipping manifest data for large parcel business customers, including sender and receiver contact information, names, and mailing addresses.

In total, the breach affected 44 Canada Post commercial customers and 950,000 receiving customers.

The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS). BTS is currently investigating the incident with the help of the Royal Canadian Mounted Police's cybercrime unit.

Ransomware group Hive has accessed scores of personal information belonging to Bell’s employees, including files relating to finances, recruitment, birthdays, and COVID-19 information, along with other data.

The City of Hamilton alerted customers of a recent ransomware attack connected with a third party vendor that sends emails to water customers. In a release, staff say the “possible data breach” may have ties to Neptune Technology Group, who replace and maintain water meters, and a third-party mailing vendor that informs residents of a need to replace a meter. The city said “Hamilton Water considers this is a low-risk incident for residents, but felt it important to inform the community." It’s believed 2,387 out of about 156,000 accounts may have been subject to attack giving access to personal information like names and mailing addresses. Neptune Technology Group has stopped using and sharing information with the mailing vendor as a precaution.

Ontario Cannabis Store (OCS) said on August 9 it still can’t fulfill or deliver new orders after a cyber incident at the U.S. parent company of its distribution partner, Domain Logistics. As a result of the incident OCS has had to close its warehouse. The OCS says there is “currently no indication that OCS systems or its customers’ information was targeted or compromised as a result of this attack.”

Legacy Supply Chain - U.S. parent company of Domain Logistics - detected unusual activity on its network on August 5th. The IT network and a number of applications were taken offline "impacting order processing for a small number of Legacy customers".

The cyber incident locked and encrypted its internal server. St. Marys officials first became aware of the attack around 11 a.m. Wednesday 20 July, prompting staff to lock down the town’s IT systems and isolate its network to prevent any further damage, said Mayor Al Strathdee. “Since that time, we realized that it is a malware attack. There was a message asking for ransom,” he said.

According to cybernews.com, a group known as LockBit has taken responsibility for the recent ransomware attack, listing the small Southwestern Ontario town among its victims in a post on the dark web and is allegedly threatening to release troves of sensitive information if the Perth County town doesn’t pay up.