The historical Municipality of Montreal, situated in Canada, has fallen victim to the LockBit Ransomware, an event that underscores the increasing menace of cyber threats. This century-old establishment faced a critical juncture as it chose not to comply with the hackers’ ransom demands, leading to the release of a teaser of pilfered information from their servers. The hackers have ominously promised a more comprehensive data dump in the upcoming week.
Montreal, the sprawling metropolis in Quebec Province, exhibited resilience by retrieving the encrypted data using its meticulously designed data continuity strategy. It is evident that the city’s administration is not inclined to negotiate with the hacking syndicate, exemplifying a strong stance against cybercriminal activities.
However, the gravity of the situation lies in the compromised data originating from the IT infrastructure of the Commission Des Services Electriques de Montreal (CSEM). The organization responsible for managing electricity distribution confirmed that the ransomware assault occurred on August 3, 2023. In response to the victim’s failure to meet their financial demands, the perpetrators opted to unveil a fraction of the stolen data as proof of their successful infiltration.
Assurances provided by CSEM indicate that the exfiltrated data holds minimal real-world threat. This is attributed to the fact that the information, originating from the engineering and management divisions, is already accessible to the public through the organization’s website. Consequently, the leaked data is deemed to pose a marginal risk to the victim.
Recent developments have highlighted the nefarious tactics employed by the LockBit gang. The Spanish National Police issued an alert regarding a surge in phishing emails originating from this group, targeting architectural firms specifically.
It’s worth noting that LockBit ransomware perpetrators demand a minimum ransom of $3 million, payable in cryptocurrencies such as BTC or Monero. LockBit, which traces its origins back to the infamous ABCD Ransomware discovered in 2019, has undergone evolution, with LockBit 3.0 emerging in 2022. This version deviates from its predecessor by appending a random nine-character file extension instead of the conventional “.lockbit” extension.
