LockBit Pwns Commission des services electriques de Montréal… But The Victim Isn’t Paying Up

On Wednesday, the LockBit ransomware gang took credit for an attack on the Commission des services electriques de Montréal (CSEM) — a 100-year-old municipal organization that manages electrical infrastructure in the city of Montreal.

The lock bit ransomware group has claimed credit (@FalconFeedsio) for an attack on the Montreal electricity supplier Commission des services electriques de Montréal (CSEM).

The company has confirmed the incident saying it was hit with ransomware on August 3rd but they refused to pay the ransom. They contacted authorities and law enforcement in Quebec and began efforts to restore its systems and claim that their IT infrastructure has been rebuilt.

“The criminal group at work in this case has made public today some of the stolen data. The CSEM denounces this illegal gesture, while specifying that the data disclosed represents a low risk for both the security of the public and for the operations carried out by the CSEM,” they said.

While public utility companies offer ransomware groups a broad target, it does seem that the attackers have not been doing their homework. The company pointed out: “It should be noted that all CSEM projects are the subject of public documents. Therefore, all these plans – engineering, construction and management – are already publicly available through the official process offices in Quebec.”

Emily Phelps, Director, Cyware had this comment:

   “Public utilities are critical to our day-to-day life, and while this attack acted as more of a warning shot, it reinforces the importance of cyber resilience for business continuity. Ransomware groups leverage their reputations to intimidate targets, and they adapt as security controls mature. Expediting threat intelligence and knowledge sharing can help mitigate the risks for enterprises. The sooner the right people get the right information about a known threat, the sooner they can adapt their defenses accordingly.”

Dave Ratner, CEO, HYAS follows with this:

   “While the risk of data disclosure from this particular attack is low, as the company has pointed out, the attack nevertheless re-enforces the need for all critical infrastructure providers to protect themselves.  

   “Attackers will continue to develop new ways to infiltrate and evade security systems; the deployment of business and operational resiliency systems, such as Protective DNS and others, is the best way to proactively ensure business continuity.”

I am happy that Commission des services electriques de Montréal didn’t pay the ransom as that only encourages these threat actors. Hopefully they take the money that they saved themselves and invest in better defensive measures so there isn’t a repeat of this.

Leave a Reply

%d bloggers like this: