Trans-Northern Pipeline, a Canadian oil transportation company operating pipelines across three provinces, reportedly faces a cyberattack by the AlphV ransomware group.

The development surfaced today through a tweet on the social networking site X by Brett Callow, a security researcher affiliated with Emsisoft based in British Columbia.

According to the cybercriminal group, they recently acquired 190 GB of data, which is now claimed to be accessible to the general public.

In an email statement, Trans-Northern conveyed that “in November 2023, a cybersecurity incident occurred that affected a limited number of internal computer systems.” We collaborated with outside cybersecurity specialists, and the problem was swiftly contained. We keep running our pipeline systems in a safe manner. We are looking into posts that purport to have corporate information that we are aware of on the dark web.

According to Lisa Dornan, the head of the company’s communications team, there were no unforeseen or unexpected disruptions to pipeline operations.

In response to an email inquiry about the extent of data encryption, the amount taken, and whether any information pertaining to clients or workers, the firm did not provide a response.

Trans-Northern operates two lines: one is an oil pipeline linking Calgary and Edmonton; the other extends from Nanticoke, Ontario, passing through Toronto and reaching Montreal.

Separately, Bell Canada’s parent firm, BCE, holds ownership of the Canadian electronics retail chain The Source, which AlphV also listed as a victim.

Authorities have long targeted the AlphV/BlackCat ransomware group. In December, following the FBI’s development and distribution of a decryption tool to over 500 victim groups, the U.S. Justice Department announced its intervention in the gang’s operations. Additionally, several of the group’s websites were taken offline by the U.S. authorities.

Threat analysts disagree on whether ransomware victims are deliberately targeted or fall victim to cybercriminals exploiting program vulnerabilities or password breaches. AlphV, functioning as a ransomware-as-a-service provider, relies on affiliates with proficiency in infiltrating business networks.

Pipelines undoubtedly represent lucrative targets for extortion. Following the ransomware attack on the U.S. Colonial Pipeline in 2021, the unprepared company ceased all pipeline operations. CNN reported disruptions in Colonial’s ability to invoice customers due to the breach, compounding the need for suspension. Consequently, the incident led to temporary but extensive gasoline shortages along the U.S. east coast.

During that period, experts noted a crucial misstep in targeting critical infrastructure providers, which invited the full force of U.S. authorities. Approximately half of the $4.5 million ransom paid by Colonial to the DarkSide ransomware group was subsequently seized by the government.

During a congressional hearing, the leader of Colonial Pipeline informed U.S. senators that hackers breached the company’s IT system by obtaining a single password from an outdated Virtual Private Network (VPN) lacking multifactor authentication.

SOURCE