A hacking group posted data stolen from Manitoulin Transport, one of Canada’s largest trucking companies, on Friday in the latest in a string of ransomware attacks targeting firms in the country’s supply chain.
The Ontario-based carrier became aware of the attack on July 31, when some of its personnel reported systems access issues, Manitoulin Transport President Jeff King told FreightWaves.
“Our IT group jumped all over it very quickly,” King said. “No mission-critical systems were compromised.”
King declined to detail which systems were compromised but said they were back in operation about two days later. He said no customer data or information appears to have been compromised in the attack.
Ransomware data leaks target six Canadian supply chain firms in less than a month
Manitoulin Transport is the sixth Canadian supply chain company to see its data posted by ransomware groups in less than a month. On Monday, a different hacking group posted additional leaked data from TFI International’s Canpar Express after an August ransomware attack targeted the company’s parcel and courier subsidiaries.
Since then, hackers have leaked data from carriers Fuel Transport and Indian River Express, customs broker Axxess International and Beler Holdings, a customs broker and distribution company.
“I suspect there’s a connection,” Brett Callow, threat analyst at Emsisoft, told FreightWaves. “It could be that data has been stolen from the same source” and used to compromise other companies.
Conti, the group that targeted Manitoulin Transport, also reportedly targeted Axxess International and Beler Holdings.
The Royal Canadian Mounted Police (RCMP), Canada’s federal police agency, would not comment on any specific cyberattacks targeting supply chain companies.
“The RCMP is aware of ransomware incidents across a number of sectors,” an RCMP spokesperson told FreightWaves in an email. “We are working closely with our policing partners, along with our partners in the government of Canada and in the international law enforcement community to address cybercrime.”
The spokesperson noted that the RCMP’s newly formed National Cybercrime Coordination Unit is working with the Canadian Anti-Fraud Centre on a new system for reporting incidents of cybercrime and fraud.
Why Manitoulin refused to pay hackers
Ransomware attacks typically involve hackers breaching companies’ systems and then noticing their data. They demand payment in exchange for restoring access. Increasingly, they’re attempting to hold the data for ransom, too.
The six recent attacks involving Canadian supply chain companies only represent incidents in which the hackers leaked data in response to not getting paid. Companies seldom announce when they pay hackers.
Manitoulin Transport decided not to pay after being in contact with the hackers, King said.
“We didn’t believe they had enough information that was concerning to us,” he said.
Manitoulin, a subsidiary of Manitoulin Group, has been working with an outside security firm to investigate and respond to the attack, King said.
He said the company took additional measures to tighten its internal cybersecurity since the attack.
“It has certainly elevated our vigilance,” King said.
Manitoulin Transport is Canada’s 14th-largest trucking company with 745 tractors, according to an annual ranking by Today’s Trucking. The carrier offers a mix of truckload, The carrier offers a mix of truckload, less-than-truckload and intermodal services and has more than 80 terminals across Canada.