Canadian Military Contractor Hit By Ransomware

The threat presented by ransomware continues to be evidenced in 2020 after an attack on a major Canadian defence contractor Bird Construction.

The Canadian construction firm that provides service for the Canadian military was apparently attacked by cyberattackers MAZE in December 2019, according to Infosecurity magazine.

Earlier this week cybersecurity firm FireEye warned attackers were attempting to use a recently patched critical Citrix bug to infect organisations with ransomware,

Data theft

Toronto-based Bird apparently had signed 48 contracts worth $406m with Canada’s Department of National Defense between 2006 and 2015, Infosec magazine reported.

And despite the reported theft of 60GB of data, which was said to include personal information on Bird staff, as well as data about a firm that Bird has also worked with on a number of projects, Bird claimed that the attack had no business impact.

“Bird Construction responded to a cyber incident that resulted in the encryption of company files,” it wrote in an email to the Canadian Broadcasting Corporation (CBC). “Bird continued to function with no business impact, and we worked with leading cyber security experts to restore access to the affected files.”

There is no word on whether Bird paid a ransom to the Maze attackers.

But at least one security expert highlighted that the danger of ransomware (other than crippling computer systems) is the risk of data theft.

“The ransomware attack on Bird, a Canadian construction company that services the military and government, highlights the duplicitous nature of ransomware attacks,” said Stuart Reed, VP cyber at Nominet.

“Firstly, there is the disruption to business operation as systems are taken offline and, secondly, there is the data exfiltration,” said Reed. “In this case, Bird should be commended for continuing to function with no business impact but unfortunately it did have data exposed that contained personal employee data and information relating to a partner company, Suncor Energy.”

“Above all, this latest attack demonstrates the complexity of managing the security of supply chains,” said Reed. “While it is important that businesses have a holistic approach to their own security it is also vital that they scrutinise their suppliers to ensure the same standards of security are adhered to.”

“It is also important to maintain a layered approach to cyber, utilising the network, for example, to identify potential threats and data theft as early as possible to be able to put appropriate measures in place to mitigate risk and damage,” Reed concluded.

Do you know all about security? Try our quiz!


Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Signal Shows Data Collection Adverts Facebook Rejected

Signal has had user-targetted adverts on Instagram blocked, as messaging service attempts to highlight Facebook…

5 hours ago

Oversight Board Upholds Trump’s Facebook Suspension

Bad news for Donald. Facebook's 'Supreme Court' upholds suspension of Donald Trump account, but asks…

7 hours ago

US Presses TSMC For More Chips For Car Makers

Global silicon shortage continues, as US Commerce Department presses Taiwanese chipmakers to ease the supply…

8 hours ago

Starlink Signs Up 500,000 Pre-Orders For Satellite Internet

Elon Musk space venture SpaceX has already signed 500,000 customers on pre-order for its Starlink…

10 hours ago

Apple Vs Epic Games Court Battle Continues

Second day of courtroom showdown in the US reveals Epic Games management would have accepted…

12 hours ago

Trump Launches ‘Communications’ Website

Banned from social media for instigating US Capitol riot, Trump launches 'straight from the desk'…

14 hours ago