Ransomware gang claims responsibility for attack on defence contractor

Ransomware gang claims responsibility for attack on defence contractor | Insurance Business Canada

Ransomware gang claims responsibility for attack on defence contractor

The AlphV/BlackCat ransomware gang has revealed that it had staged a malware attack on a Canadian defense contractor – the gang’s second target in recent days after it had launched another attack at a US IT company.

Earlier this month, the ransomware gang posted on its data breach leak site that it had struck Simex Defence, a military contractor based in Montreal, QC.

Founded 28 years ago, Simex is a supplier to the RCMP, NATO, and the Canadian Coast Guard. In addition to national security, the company also serves the manufacturing and energy sectors. Simex distributes digital communications equipment, parts for air force planes, light ammunition, and portable water purification systems, among other things.

IT World Canada reached out to Simex in a telephone interview earlier this week to confirm the news of the cyberattack. According to Simex's director of marketing and business development Fares Hamade, the company would not say if any documents were copied in the cyberattack but gave assurances that any ransomware affecting their systems is all gone.

“We mitigated it. There is no risk. We haven’t paid a ransom,” Hamade said.

The representative also confirmed that Simex is “putting more, stricter policies in place” following the incident, and that it has reported the attack to the police.

The AlphV/BlackCat ransomware gang operates as a “ransomware-as-a-service” operation, allowing affiliates to initially hack the victim organizations before deploying their namesake malware. An FBI report in April noted that the group had compromised at least 60 organizations around the world.

In late September, the AlphV/BlackCat ransomware gang had also revealed that it had targeted NJVC – an IT company supporting the US federal government and Department of Defense. The gang had initially threatened to leak data from the company every 12 hours since the incident, but later dropped NJVC from its list of victims, Cybernews reported.