Nova Scotia Power has officially confirmed it fell victim to a sophisticated ransomware attack that compromised sensitive customer data belonging to approximately 280,000 individuals.
The Canadian utility disclosed on Friday that threat actors successfully infiltrated its network systems and published stolen data after the company refused to pay the demanded ransom.
The cyberattack was first detected on April 25, 2025, when Nova Scotia Power’s IT security team identified unauthorized access to certain network segments and business application servers.
.png
)
Nova Scotia Power Hit by Ransomware
However, forensic investigation later revealed that the initial system breach occurred much earlier, on or around March 19, 2025, giving attackers approximately five weeks of undetected network access.
This represents a classic example of double extortion ransomware, where cybercriminals not only encrypt victim systems but also exfiltrate sensitive data to increase leverage.
The extended dwell time allowed threat actors to conduct comprehensive network reconnaissance and data exfiltration before deploying their encryption payload.
Security experts note that modern ransomware typically employs AES-256 encryption combined with RSA public-key cryptography to ensure files remain inaccessible without the attackers’ private decryption keys.
The stolen information encompasses a broad spectrum of personally identifiable information (PII), including customer names, birthdates, phone numbers, email addresses, service addresses, and account histories.
More concerning, the breach also exposed highly sensitive financial data such as Social Insurance Numbers, driver’s license numbers, and bank account information for customers using pre-authorized payment services.
Sensitive PII & Financial Data Exposed
The attack demonstrates crypto-ransomware characteristics, specifically targeting valuable data files using sophisticated encryption algorithms.
Unlike simple locker ransomware that merely restricts system access, this attack involved systematic data exfiltration before encryption deployment.
The threat actors likely employed techniques such as lateral movement through network segments and privilege escalation to access high-value data repositories across Nova Scotia Power’s infrastructure.
Cybersecurity analysts suggest the attackers may have utilized common infiltration vectors including phishing emails, credential stuffing attacks, or exploitation of unpatched system vulnerabilities.
The sophisticated nature of the attack indicates potential involvement of an organized ransomware-as-a-service (RaaS) operation.
Nova Scotia Power explicitly stated that no ransom payment was made to the threat actors, citing “careful assessment of applicable sanctions laws and alignment with law enforcement guidance”.
This decision suggests the ransomware group may be sanctioned by Canadian or U.S. authorities, making any payment potentially illegal.
The utility has partnered with TransUnion to provide affected customers with a complimentary two-year subscription to comprehensive credit monitoring services through TransUnion myTrueIdentity®.
Customers are advised to remain vigilant against social engineering attacks and phishing attempts that may exploit the stolen data.
Importantly, the ransomware attack did not impact Nova Scotia Power’s physical infrastructure, including generation, transmission, and distribution facilities.
The utility serves approximately 550,000 customers across Nova Scotia and continues working with third-party cybersecurity experts to restore affected systems and implement additional security protections.
This incident underscores the growing threat to critical infrastructure from sophisticated ransomware operations and highlights the importance of robust cybersecurity measures in the energy sector.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
