Weather Network refuses to pay ransomware gang | #ransomware | #cybercrime

Article content

Image by Tomas Nevesely via

The parent company of The Weather Network says it didn’t give in to the demands of a ransomware gang after the company that provides weather services to Canada and Spain had servers encrypted and data stolen and posted online last month.

Article content

“You should know that we did not yield to the ransom demands,” Pelmorex CEO Nana Banerjee said in a statement Tuesday. “Instead we relied on the enterprise and dedication of our people. as well as the understanding, patience and encouragement of our users and audiences to overcome the situation.”

Advertisement 2

Article content

“Our team of engineers are hard at work fixing some small remaining glitches and introducing exciting new features, which are to unfold over the next couple of weeks.”

Pelmorex runs the English-language The Weather Network, the French language MétéoMédia and platforms.

On September 11, the company was “impacted by a cybersecurity incident connected to a third-party software provider,” it said in a statement at the time. Later it acknowledged this was a ransomware attack. On September 22, the LockBit ransomware gang listed Pelmorex as one of its victims, claiming it had downloaded “a lot of databases.” It gave the company until September 24 to pay a ransom, or the stolen data would be released.

Karen Kheder, Pelmorex’s director of communications and administration, told The Globe and Mail that the only stolen data posted by the gang was publicly available information such as weather alerts and archived forecasts.

Organizations around the world are being hit by ransomware at a record rate this year, and often pay up because they are unprepared. According to a just-released survey of 500 Canadian managers responsible for IT security, 70 per cent of respondents whose firms were hit by ransomware in the past 12 months paid to get access back to their data.

Article content

Advertisement 3

Article content

Among the recent victims

— the Philippine Health Insurance Corporation (PhilHealth), hit on September 22. On Tuesday, a government official said the attackers have begun exposing data — including details on employees — after failing to get ransom money from the government;

Motel One, one of Europe’s largest hotel chains.

Meanwhile, Swiss cybersecurity company Prodaft warned that ransomware groups are starting to exploit a newly-discovered vulnerability in servers running JetBrains’ TeamCity, a continuous integration and deployment tool used by developers. The vulnerability, CVE-2023-42793, allows unauthenticated attackers to execute arbitrary code on the TeamCity server according to researchers at SonarSource.

The number of successful attacks in the U.S. is so concerning that last week the FBI released a Private Industry Notification urging organizations to tighten their IT security controls.

Among the new trends spotted by the agency: Multiple ransomware attacks on the same victim close to each other. During these attacks, two different ransomware variants are deployed. “This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments,” the FBI notice said. “Second ransomware attacks against an already compromised system could significantly harm victim entities.”

Advertisement 4

Article content

In the past 18 months, multiple ransomware groups have increased the use of custom data theft, wiper tools, and malware to pressure victims to negotiate, the notice adds. In some cases, new code was added to known data theft tools to prevent detection. In other cases, malware containing data wipers remained dormant in an IT system until a set time, then executed to corrupt data in alternating intervals.

The FBI urges IT teams to:

— make sure data backups are encrypted and can’t be tampered with as protection against theft;
— review the security posture of third-party suppliers;
— limit data access to only those employees who need it;
— require all accounts with password logins to have phishing-resistant multifactor authentication;
— segment networks to prevent the spread of ransomware;
— and patch applications as soon as security updates are released.

The post Weather Network refuses to pay ransomware gang first appeared on IT World Canada.

This section is powered by IT World Canada. ITWC covers the enterprise IT spectrum, providing news and information for IT professionals aiming to succeed in the Canadian market.

Article content


Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

Source link

National Cyber Security