cyber security | Ransomware infects military supplier CMC Electronics

Ransomware has infected CMC Electronics, which will help modernize Canadian Army helicopters. The company shut down its network to protect its data.

Posted yesterday at 8:00 AM.

Hugo Juncas

Hugo Juncas

The attack came on Tuesday, a day after Ottawa announced that CMC would be among the three companies tasked with upgrading the CH-146 Griffons.

“On May 31, CMC discovered third-party interference in its network that disrupted its operations, in connection with a ransom demand,” wrote Paul Holmes, a public relations specialist hired by parent company TransDigm of Cleveland. “We shut down our network to protect our systems and data, and immediately launched an investigation with the help of cybersecurity and cybercrime experts.”

The Alfef gang uploaded low-resolution copies of documents apparently stolen from the Montreal company on Tuesday. Since then, the CMC website has been discontinued.

On Wednesday, CMC management initially declined to comment on the computer attack. “We won’t have a statement to present to you today. That’s all we can tell you,” said a declining to name herself at a company reception in the Saint Laurent neighborhood.

In a discussion about ransomware?

As of Wednesday, CMC no longer appears on Alphv’s hidden web (dark web). Usually this is a sign that the target has contacted hackers. “We can assume that the negotiation process has begun, since public disclosure of the victim is generally used to pressure the victim into obtaining a ransom payment,” Alexis Dorais-Joncas, leader of the security intelligence team at the antivirus company, tells ESET.

According to the FBI’s April briefing on this cyber threat, Alphv gangs “usually demand multi-million dollar ransom” in cryptocurrencies such as bitcoin or mono.

In its memo, the FBI specifies that it recommends against bending over.

“Paying does not guarantee data recovery. It can also encourage criminals to target other organizations, distribute ransomware, or fund illegal activities. The FBI understands, however, that when the victim is unable to act, the Evaluate all options to protect shareholders, employees and customers. »

Griffon team

Along with Bell Textron Canada Limited and engine maker Pratt & Whitney Canada, CMC will be part of the consortium responsible for modernizing the Canadian Army’s CH-146 Griffon helicopter fleet, which was revealed Monday.

Photo courtesy of KEN BELIWICZ Company

Canadian Griffon on a mission to the United Nations in Mali in 2018

National Defense reported that its contracts are subject to information security requirements. “This is a mandatory aspect of all agreements between the Government of Canada and third-party service providers,” said the department’s director of media relations, Daniel Le Beauthélier. We continue to monitor this situation, while ensuring the protection of national defense and armed forces information. »

The Central Military Commission has collected $19.6 million in military contracts in the country since 2011, according to National Defense figures.

Brett Kalow, threat analyst at antivirus firm Emsisoft, believes the government needs to improve cybersecurity in military supply chains. “The attack on a military contractor has potential national security implications,” he said.

In early May, another gang claimed responsibility for an attack on a military provider, Top Aces air combat training company, from Dorval. The Lockbit 2.0 gang threatened to release 44GB of company data, but this revelation never happened.

“We have not found any trace of ransomware in our network,” said company spokeswoman Erin Black. Unlike the CMC site, the Top Aces site has always been up and running.

colonial pipeline

One thing is for sure, fave shouldn’t be taken lightly. The hacker group is also linked to the attack on the largest pipeline network in the United States in May 2021, according to a report by Brett Kahlo.

“Alphv is a new ‘brand’ of the BlackMatter gang, which in itself was a rebrand of Darkside, the ransomware that attacked Colonial Pipeline,” he explains.

The attack paralyzed the days of the most important refined products oil pipelines in the United States, of which Caisse de Depot et placement du Quebec is a major contributor.

However, the same individuals are not necessarily behind both hacks. “Alph Ho Ransomware as a Service Brett Callow explains: Its creators “rent” it to other criminals, and use it to launch their attacks. They could be anywhere, including Canada. »

read more

  • 60
    The number of victims of the Alphv / BlackMatter / Darkside / Blackcat hackers last March

    Source: FBI Flash Report April 2022 on this hacking ring

    The number of ransomware cyber attacks will increase between 2021 and 2020. This type of hacking has become the major threat to organizations in the world.

    Source: SonicWall Cyber ​​Threat Report 2022

#cyber #security #Ransomware #infects #military #supplier #CMC #Electronics

Leave a Comment

Your email address will not be published.