Ransomware gang claims it hit Canadian oil pipeline operator

The AlphV ransomware gang claims it has hit Canadian oil transmission operator Trans-Northern Pipeline, which operates pipelines in three provinces.

Brett Callow, a B.C.-based threat researcher with Emsisoft, first broke the news earlier today in a tweet on the X social media platform.

The gang claims 190 GB of data was recently stolen, all of which is now publicly available.

In an email statement, Trans-Northern said the company “experienced a cybersecurity incident in November 2023 impacting a limited number of internal computer systems. We have worked with third-party cybersecurity experts and the incident was quickly contained. We continue to safely operate our pipeline systems. We are aware of posts on the dark web claiming to contain company information, and we are investigating those claims.”

There were no unusual or unplanned interruptions of pipeline operations, said Lisa Dornan, the company’s communications team leader.

The company didn’t answer emailed questions about how much, if any, data was stolen, how much, if any, data was encrypted and if any information involved the data of employees or customers.

UPDATE: A spokesperson for the Canada Energy Regulator said the agency was notified Nov. 9, 2023.

Trans-Northern operates two lines: An oil pipeline between Calgary and Edmonton, and a separate line that roughly runs from Nanticoke, Ont. through Toronto to Montreal.

Separately, AlphV also listed as a victim the Canadian electronics retail chain The Source, which is owned by BCE, the parent company of Bell Canada.

The AlphV/BlackCat ransomware gang has been in the crosshairs of governments for some time. In December, the U.S. Justice Department said it had disrupted the gang’s operations after the FBI created and distributed a decryption tool to over 500 victim organizations. The U.S. also seized several websites the group operates.

Threat researchers differ on whether ransomware victims are targeted, or end up being hit because crooks find application vulnerabilities or take advantage of stolen passwords. AlphV is a ransomware-as-a-service operation, which means it uses affiliates who specialize in finding ways to initially break into a corporate network.

Certainly pipelines are a juicy target for extortion. When the U.S. Colonial Pipeline was hit by ransomware in 2021, the unprepared company stopped all pipeline operations to contain the attack. According to CNN, the shutdown was also because the attack impacted Colonial’s ability to bill customers. Regardless of the reason, one result was temporary long lineups for gasoline on the east coast of the U.S..

Experts said at the time that one mistake in attacking a critical infrastructure provider was that it brought in the weight of U.S. authorities. While Colonial paid a US$4.5 million ransom to the DarkSide ransomware gang, about half was recovered by the U.S. government.

During a Congressional hearing, the head of Colonial Pipeline told U.S. senators that hackers were able to get into its IT system by stealing a single password to a legacy Virtual Private Network (VPN) that did not have multifactor authentication.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs