Breaking News

Ontario Regional Government Victims of Third Party Cyber Attack

A southern Ontario regional government has confirmed that it is affected by a cyber attack.

The regional municipality of Durham, which provides regional services to eight local municipalities north of Lake Ontario, including the city of Oshawa, said in an email, "It was recently discovered about a cyber security incident that triggered a third-party software Happened to the provider, which affected the region. "

A statement from the area's communications department said that they "have contacted the relevant authorities and regulators."

“Our IT teams, working with service providers, took immediate steps to secure our systems. The incident did not affect the major IT systems in the region.

“Our experts are now investigating the matter to know the incident and to determine the impact of the incident. It is important to note that vulnerabilities related to the service provider have been addressed and our systems are protected.

“We are committed to protecting the privacy of all residents and we are taking this matter very seriously. We are sorry for the inconvenience that this may affect the affected parties.

The post, posted by Chloe Ransomware Group this week, was followed by a response on Friday to a query from IT World Canada that said there were copies of documents copied from the government.

While the Klopp group is responsible for ransomware attacks, firehair security researchers say Klopp also allows other threatened actors, who are vulnerable to using their website, to post evidence of stolen documents with victim organizations Excelian has stolen data from organizations using the FTA file transfer platform. This is usually accompanied by the release of more documents with a threat to embarrass the organization until the ransom is paid.

The region's communications department did not respond to an emailed question at press time about whether the cyber attack was the result of an acclimation FTA agreement.

The two documents posted list the names, addresses, dates of birth and healthcare numbers of Durham paramedic service patients. Another document listed the names of students, their parents and / or mothers and phone numbers.

UPDATE: Since screenshots of those first documents were posted a few days ago, the site posted 6.5GB, which is believed to be copies of all the data captured by the attacker.

Prompt disclosure is always important for potential victims of data breech, said Brett Callow, a British Columbia-based threat researcher for Amisoft, but this is an absolutely critical case involving Klopp as the group has data to go third Has a track record of using. -Party belongs to organizations. In addition, in several Exelian-related incidents, Klopp has emailed extensively to individuals whose data he was exposed to in an effort to pressure the dissolved organization - and, in some cases, the organization This was done before the breach was disclosed. This is not how one should find that their personal information has been compromised.