[BreachExchange] Canadian heavy equipment maker confirms cyber attack by Karakurt
Terrell Byrd
terrell.byrd at riskbasedsecurity.com
Wed Jan 5 15:47:16 EST 2022
https://www.itworldcanada.com/article/canadian-heavy-equipment-maker-confirms-cyber-attack-by-karakurt/469984
A Canadian manufacturer of blades, buckets and other heavy equipment that
is attached to tractors and excavators has acknowledged it suffered a
security breach by the Karakurt hacking gang.
However, Lyle Makus, IT manager of Edmonton-based Weldco-Beales
Manufacturing, said it isn’t clear if the gang copied any data.
“We have no way to prove or deny that at this point, so we’re trying to
assess that,” he said. “We don’t believe they really got any data.”
Asked to describe the incident, he said that “we had a virus and spent a
day or two getting all of the data recovered, and have tidied up and got
things locked things down as best we can from the virus.”
Asked if the company has heard from the hackers, Makus said, “They leave a
trail on the server of files, they are wanting you to get hold of them and
send them bitcoin. And they left a couple of voicemails. The voicemails, he
said, told the company “to take this seriously, you know how to contact us.”
He couldn’t recall how much was demanded in cryptocurrency.
Makus doubted the company will pay a ransom. “If you pay for these kinds of
things all we’re doing is encouraging them. We don’t believe they would
have got much for [our] data.”
Weldco-Beales specializes in making attachments for heavy equipment in the
construction, road maintenance, forestry and resource sectors. In addition
to Edmonton, it has manufacturing plants in Ontario and British Columbia,
and regional sales offices in the U.S..
The company was one of 11 Canadian and U.S. organizations the Karakurt gang
alleges it compromised in a December 29th posting. One is Montreal’s
tourism agency.
They also include a Quebec construction firm, a Quebec-based bathroom
designer, a Canadian First Nation, a Western Canadian data management firm.
ITWorldCanada.com is attempting to verify those claims. Alleged victims in
the U.S. include a credit union, a human resources firm, an asphalt
manufacturer and a digital media company.
According to Accenture, Karakurt steals data and promises to release or
sell it unless paid. It claims to have hit over 40 victims across multiple
industries between September and November alone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220105/0b245520/attachment.html>
More information about the BreachExchange
mailing list