Maple Leaf Foods has confirmed that it was affected by ransomware, and that it will not pay for the return of stolen data.
The Black Basta ransomware gang now lists Canadian meat processor Maple Leaf Foods as one of its victims. It’s not clear but it may be related to The cyber incident was acknowledged by the company earlier this month.
At the time of the incident, a Maple Leaf Foods spokesperson said an IT outage was causing some operational and service disruptions that varied by business unit, plant and site.
In response to a request for comment by IT World Canada After Black Basta listed its company, the company issued a statement saying, “We will not do the honor of naming criminals.”
“Unfortunately, we know that the people behind this incident were able to gain unauthorized access to some of our data, and they are threatening to release it unless we pay the ransom, which we will not do. “
“We are sorry this happened and apologize for the frustration and challenges this has caused. We have invested significant resources in the security of our systems and take the privacy and security of the information we hold very seriously. We are being cautious in our response, taking purposeful actions to do what we believe is right to minimize any disruption. We are also providing two years of credit monitoring services to our team members.
“Illegal acts that compromise and potentially compromise our systems are intolerable and our company will not pay ransom to criminals. We are asking those responsible – including those in the media – not to entertain any ‘leads’ derived from stolen or compromised data, and not to contact anyone based on illegally obtained information.
Working with experts, it has been able to quickly and safely restore its IT systems, the statement said.
According to a security industry source, the listing on the BlackBasta site appeared within the past 24 hours. It posted several screenshots of various documents allegedly copied from the company, but made no specific claims as to the exact amount of data.
Black Basta has also taken credit Recent attacks on Sobe’s supermarket chain, The two claims have David Shipley, head of New Brunswick’s Beauceron Security, wondering whether the threat group is going after the food sector. “I don’t believe in coincidences when it comes to ransomware,” he said in an email. IT World Canada, “Either this is evidence of a sector-focus, which we have seen before, or there was a link between the two attacks that we have not yet seen.”
Black Basta’s claim is the latest in a string of Canadian ransomware-related news stories this week. Westmount City, QC, admitted to being hit by ransomwarebianlian gang appeared Credit for October cyberattack on upscale menswear chain Harry Rosenand the union representing public high school teachers of Ontario In May it began notifying members whose data was stolen in a ransomware attack.
In its last quarterly financial reportMaple Leaf Foods said it posted a net loss of A$54.6 million on sales of A$1.195 billion.
It has two divisions: The Meat Protein Group produces prepared meats, ready-to-cook and ready-to-serve meals, value-added fresh pork and poultry products that are sold through retail, food service and industrial channels, and agricultural operations . Pork and poultry. The Plant Protein Group includes refrigerated plant protein products, premium grain-based proteins and vegan cheese products, which are sold to retail, food service and industrial channels.
This week in an alert, CyberSun researchers said that the Black Basta ransomware gang has recently adopted the QakBot malware to create an initial point of entry and subsequently move within an organization’s IT network. More than 10 Cybereason clients have been affected by this recent campaign over the past two weeks. Two of those attacks tricked the threat actor into deploying the ransomware and then locking the organization out of its network by disabling its DNS service, complicating recovery.
QakBot, also known as QBot or Pinkslipbot, is a banking Trojan primarily used to steal victims’ financial data, including browser information, keystrokes and credentials, the alert says. Once QakBot successfully infects an environment, the malware installs a backdoor allowing the threat actor to release additional malware.
In the attacks dissected by Cybereason, the threat actors acted very quickly, gaining domain administrator privileges in less than two hours and moving to ransomware deployment in less than 12 hours. Typically, attacks begin with an employee getting tricked by a spam/phishing email containing a malicious URL link. This led to the establishment of Kakabot. Sometimes the attacker also uses the Cobalt Strike Toolkit – or its copies – to gain remote access to the domain controller.
Illegal copies of Cobalt Strike are a favorite tool of many threat actors. In an attempt to blunt its effectiveness, This month Google released YARA rules to detect unapproved uses of Cobalt Strike.