Canada

The City of Hamilton alerted customers of a recent ransomware attack connected with a third party vendor that sends emails to water customers. In a release, staff say the “possible data breach” may have ties to Neptune Technology Group, who replace and maintain water meters, and a third-party mailing vendor that informs residents of a need to replace a meter. The city said “Hamilton Water considers this is a low-risk incident for residents, but felt it important to inform the community." It’s believed 2,387 out of about 156,000 accounts may have been subject to attack giving access to personal information like names and mailing addresses. Neptune Technology Group has stopped using and sharing information with the mailing vendor as a precaution.

Ontario Cannabis Store (OCS) said on August 9 it still can’t fulfill or deliver new orders after a cyber incident at the U.S. parent company of its distribution partner, Domain Logistics. As a result of the incident OCS has had to close its warehouse. The OCS says there is “currently no indication that OCS systems or its customers’ information was targeted or compromised as a result of this attack.”

Legacy Supply Chain - U.S. parent company of Domain Logistics - detected unusual activity on its network on August 5th. The IT network and a number of applications were taken offline "impacting order processing for a small number of Legacy customers".

The cyber incident locked and encrypted its internal server. St. Marys officials first became aware of the attack around 11 a.m. Wednesday 20 July, prompting staff to lock down the town’s IT systems and isolate its network to prevent any further damage, said Mayor Al Strathdee. “Since that time, we realized that it is a malware attack. There was a message asking for ransom,” he said.

According to cybernews.com, a group known as LockBit has taken responsibility for the recent ransomware attack, listing the small Southwestern Ontario town among its victims in a post on the dark web and is allegedly threatening to release troves of sensitive information if the Perth County town doesn’t pay up.

The Toronto Transit Commission's Wheel-Trans online booking portal, trip-planning apps and other communications systems down after the transit agency was hit by a ransomware attack. The TTC first learned about the hack Thursday night when an IT employee found “unusual network activity." The TTC said the attack was initially “minimal” but then became progressively worse by mid-Friday. TTC resorted to emergency radio communications backup system to maintain communication with vehicle operators. Online ride booking service was also disrupted, but passengers could still book rides by telephone.

TTC continues to investigate ransomware attack

Thousands of Newfoundland and Labrador residents had appointments cancelled as a result of the attack, ranging from blood work to cancer care. Patient and employee information has been stolen from three out of the four regional health authorities. System had to be rebuild from scratch taking over a month. Sources say ransom was paid, but decryption key did not work. Later reports indicated 200,000 patient and employee files were taken from a network drive.

UPDATE: July 2022: Newfoundland and Labrador's largest health authority has notified 37,800 people that their privacy was breached as part of last fall's devastating cyberattack.

Toronto, Canada-based Superior Plus Corp. revealed the company suffered a ransomware attack Sunday, which had an impact on the firm’s computer systems.
Upon learning of the incident, the company said it took steps to secure its systems and mitigate the impact on its data and operations. Superior retained independent cybersecurity experts to help deal with the matter in accordance with industry best practices.
Superior temporarily disabled certain computer systems and applications as it investigates this incident and is in the process of bringing these systems back online.

Australian and North American units of the world’s largest meat works, Brazil’s JBS SA, suffered a cyberattack over the weekend by an assault on its information systems, effectively shutting down at least 9 plants in the USA, one in Canada and one in Australia. Shutdowns lasted 2 days.

JBS produces 23% of America's meat.

Manufacturing shut down for IoT solution provider, Sierra Wireless, as the company fell victim to a ransomware attack on its internal IT systems Saturday, company officials said.
Once the company learned of the attack, its IT and operations teams immediately implemented measures to counter the attack in accordance with established cybersecurity procedures and policies that were developed in collaboration with third-party advisors.

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.