Borderlands: CanadaBusinessCybersecurityNewsSupply ChainsTechnology

Canadian fuel distributor Parkland targeted in cyberattack

Ransomware group claims responsibility as company probes incident

Canadian fuel distributor Parkland Corp. (TSE:PKI) confirmed on Tuesday that it is investigating a recent cyberattack after a ransomware gang claimed it targeted the company.  

The Alberta-based company said it had detected the attack on Nov. 14 on a “subset of its Canadian network” and that it temporarily disabled some computer applications as a precaution. The attack failed to result in any significant operational disruptions, a company spokesperson told FreightWaves.

Parkland disclosed the cyberattack after a ransomware group called Clop made a post on the dark web claiming it had targeted the company. Clop did not provide any proof that it had breached Parkland’s systems or stolen data.

The company, meanwhile, is investigating the extent of the breach. 

“To date, while we know there has been unauthorized access to some information, our investigation has not identified evidence of access to our core customer, or employee systems,” the Parkland spokesperson said. “As the investigation continues, we will notify any stakeholder that may have been directly affected.”

Parkland is Canada’s largest gas station operator and has an extensive wholesale distribution business. The company also operates in the U.S. and the Caribbean.

While Parkland would not confirm that it was targeted by a ransomware gang, groups like Clop typically announce their attacks and begin posting stolen data after victims refuse to pay sometimes staggering ransoms.

Clop reportedly demanded over $20 million from German tech giant Software AG after stealing and then encrypting large amounts of data. The gang released troves of files including detailed financial and customer records, and personal data about employees.

Ransomware attacks proliferate in the supply chain

Ransomware groups have stepped up their attacks on companies in the supply chain in 2020 amid a larger surge across multiple industries. Victims have included Daseke, TFI International and CMA CGM.

The perpetrators seek to infiltrate company systems and disrupt operations by encrypting data. They demand money in exchange for restoring access, and increasingly for a promise not to publish the data.

Government agencies and many cybersecurity experts urge companies not to pay the ransoms, arguing the payments allow the attacks to proliferate. However, many companies, sometimes with specialized insurance policies, opt to pay quietly.

Click for more FreightWaves articles by Nate Tabak
When ransomware attacks hit, companies choose between pay and pain
Ransomware attack hits Canadian trucking company Manitoulin

The FREIGHTWAVES TOP 500 For-Hire Carriers list includes Daseke (No. 21).

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at