Canadian establishment continues to be harassed by Snatch ransomware group

Canadian establishment continues to be harassed by Snatch ransomware group | Insurance Business Canada

Canadian establishment continues to be harassed by Snatch ransomware group

A ransomware group that launched a malware attack on a Saskatchewan airport in December continues to harass the facility and its staff by posting stolen data.

On Friday, the Snatch gang posted a “proof pack” on its dark website of the information it copied off from Saskatoon John Diefenbaker International Airport. Sources have told IT World Canada that the goal of the group appears to be to embarrass the Saskatoon Airport Authority (SAA) for being unable to pay its ransom demands.

It remains unclear if the Snatch gang encrypted SAA data on top of stealing the organization’s information.

In an email statement, SAA vice-president for business development and service quality CJ Dushinski confirmed that the ransomware gang’s latest post is related to the December 07 cyber attack incident. Dushinski also referred IT World Canada to a statement made by the SAA shortly following the attack, which said that its IT system “was targeted through sophisticated, unauthorized, means, and a number of files may have been accessed.”

SAA gave assurances in its previous statement that it had approached third-party cybersecurity experts to investigate the incident. However, SAA would not comment on how the malware attack started, or how much the ransomware gang was demanding; Dushinski told IT World Canada that since it is an ongoing investigation, the organization is unable to make further statements.

On its website, a statement from the Snatch ransomware group said that if its target victim does not choose to negotiate, it will notify the victim and present proof of the breach. The group also claimed that it would “never disrupt supply chains, work of any country, government, state and private companies by locking, encrypting or by any other means.”