Quebec insurer says cybercrime may reveal personal information of current, past employees

Quebec insurer says cybercrime may reveal personal information of current, past employees

The Montreal-based insurance company website is still offline four weeks after the cyberback and is still trying to recover from the incident.

Promutuel Assurance says the attack began on 20 December and its IT systems were unavailable. In a statement yesterday, the firm said that, so far, its investigation shows no signs of compromised social insurance numbers, driver's license numbers, credit card numbers or banking information of insured members.

However, the statement may have compromised personal information of past, present and retired employees "." As a precaution, Promutuel states that it will provide them with credit monitoring and data security services.

In an email, a spokesperson for the company was asked to confirm IT World Canada if the incident was ransomware. According to a source who worked for a cyber security research firm in Canada who wished to remain anonymous, the doppelpimer ransomware gang website Pramutel lists him as a victim. It also lists file names allegedly copied in an attack. Typically, DoppelPaymer threatens to release copied files if the victim does not pay for the data decryption key.

The spokesperson referred to the publication in his official statement, which did not reveal the source of the attack.

One more attack

Meanwhile, Winnipeg-based fashion retailer Nygaard, which is in receivership, has admitted that it was affected by the ransomware attack.

Earlier this week, the Journal de Québec reported that confidential documents from the firm were published online. In a news today, the news site said that Promutuel reported that 15 of these files were recovered.

Meanwhile, late Friday night, receivers for Nygard Group companies issued an advisory to employees, customers and partners about a December 12 ransomware attack.

The court-appointed receivers of Richter Advisory Group Inc., Nygaard Holdings (USA) Ltd., Nygaard Inc. and several related companies said it has advised current and former employees, customers, suppliers and others to monitor their information. Any unusual activity, including suspicious emails or other communications that claim to be from the retailer.

Richter has been selling Nygard assets for several months after taking control of the company in March 2020. The cyberback occurred after the receiver took over the company. However, it states that the attack encrypted multiple servers, but had no effect on the data copied for forensic purposes.

On 30 December, Richter released a report to the Manitoba court on the progress of his work, which included details of the attack. It added that the Raiders of the NetWalker ransomware gang initially demanded the equivalent of $ 3.6 million in bitcoins for decryption keys or copied data. This demand has grown to the equivalent of $ 7 million.

In his statement to the court, the receiver said that the ransom would not be paid.

Richter hires security firm Sophos to work with it to restore and restore data from Nygard backups. By the end of December, the receiver could not say who could be affected by the attack. Of Nygard's 245 servers, 58 were encrypted, including five with current and former employees data, five with sales data, and eight with financial data. The report states that 54 backup servers are available, but it is not believed that the data can be trusted in part because the attack damaged Nygard's IT system.

Former company chief Peter Nygaard was taken into custody on December 15 and is awaiting extradition to the US on charges of sexual exploitation, sexual trafficking and related offenses.