Canadian Military Contractor Hit By Ransomware

The threat presented by ransomware continues to be evidenced in 2020 after an attack on a major Canadian defence contractor Bird Construction.

The Canadian construction firm that provides service for the Canadian military was apparently attacked by cyberattackers MAZE in December 2019, according to Infosecurity magazine.

Earlier this week cybersecurity firm FireEye warned attackers were attempting to use a recently patched critical Citrix bug to infect organisations with ransomware,

Data theft

Toronto-based Bird apparently had signed 48 contracts worth $406m with Canada’s Department of National Defense between 2006 and 2015, Infosec magazine reported.

And despite the reported theft of 60GB of data, which was said to include personal information on Bird staff, as well as data about a firm that Bird has also worked with on a number of projects, Bird claimed that the attack had no business impact.

“Bird Construction responded to a cyber incident that resulted in the encryption of company files,” it wrote in an email to the Canadian Broadcasting Corporation (CBC). “Bird continued to function with no business impact, and we worked with leading cyber security experts to restore access to the affected files.”

There is no word on whether Bird paid a ransom to the Maze attackers.

But at least one security expert highlighted that the danger of ransomware (other than crippling computer systems) is the risk of data theft.

“The ransomware attack on Bird, a Canadian construction company that services the military and government, highlights the duplicitous nature of ransomware attacks,” said Stuart Reed, VP cyber at Nominet.

“Firstly, there is the disruption to business operation as systems are taken offline and, secondly, there is the data exfiltration,” said Reed. “In this case, Bird should be commended for continuing to function with no business impact but unfortunately it did have data exposed that contained personal employee data and information relating to a partner company, Suncor Energy.”

“Above all, this latest attack demonstrates the complexity of managing the security of supply chains,” said Reed. “While it is important that businesses have a holistic approach to their own security it is also vital that they scrutinise their suppliers to ensure the same standards of security are adhered to.”

“It is also important to maintain a layered approach to cyber, utilising the network, for example, to identify potential threats and data theft as early as possible to be able to put appropriate measures in place to mitigate risk and damage,” Reed concluded.

Do you know all about security? Try our quiz!

a