Toronto, Ontario — More than 300 auto recycling businesses in North America were hit by a cyberattack on August 6.
The attack targeted companies using SimpleHelp, a program that allows remote access to computer systems. Victims saw their digital databases scrambled and received ransom notes demanding payment in bitcoin in exchange for restored access.
Plazec Auto Recycling, near Hamilton, Ontario, was one of the businesses affected by the incident.
According to Marc Plazec, employees only realized something was wrong when they arrived at work to find themselves locked out of their computers — and 30 identical ransom notes waiting on the printer.
“It was as if they arrived at our front gate, locked us in and said, ‘We’ve got the only key.’ Except it was all done online.”
The ransomware, LockBit Black, was developed by LockBit, a sophisticated cybercriminal organization. The group uses a dual-threat approach: encrypting victims’ critical data while threatening to leak sensitive information if demands aren’t met — a tactic known as double extortion. First appearing on Russian forums in early 2020, LockBit has quickly become a dominant force in the global ransomware landscape.
Like other Canadian businesses caught in the attack, Plazec Auto Recycling did not respond to the demand. Plazec said paying was never an option.
“We had a similar thing happen in 2019. We spoke with our insurance company who told us not to pay. They said there would be no reason for the hackers to bother living up to their word anyway.”
Because of the previous incident, Plazec Auto Recycling’s team had set up security measures and backed up the computer system. The company was able to scrub its system of the malware and save all but a few hours worth of its records.
Other Canadian businesses known to have been affected include Miller’s Auto Recycling in Fort Erie, Ontario, and Mark’s Parts in Ottawa. Fortunately, these companies were also able to restore access to data.
Technical departments from Car-Part and Hollander also assisted other recyclers in recovery efforts. According to the Automotive Recyclers of Canada, most of the businesses affected have since regained access to their data.
The cyberattack is being seen as the first major leadership test for Wally Dingman, the newly installed executive director of the Automotive Recyclers of Canada.
In the wake of the attack, the career auto recycler-turned association chief moved swiftly and decisively to provide reassurances to the industry and the general public.
“The investigation into the attack’s origin and impact continues,” Dingman wrote in an article published on Canadianrecyclers.ca. “The OARA will provide updates as they are confirmed.”
He also described the incident as a lesson for all recyclers and outlined best practices around data safety.
These best practices included making segmented backup copies of company files, using multi-factor authentication for remote access software, investing in managed detection services and firewall appliances, regularly updating software, placing limits on internal network access and conducting audits on all remote support.
