Cyber Incident Victim: Nutrasource
Date:
Nov 2020
Location:
Canada
Summary
A ransomware attack targeted Nutrasource, a Calgary-based energy firm, resulting in the encryption of critical documents and a subsequent ransom demand for their release. The incident underscored vulnerabilities in corporate IT security infrastructure and data recovery protocols. The organization collaborated with cybersecurity experts to mitigate the attack, successfully recover compromised data, and implement enhanced preventive measures to bolster its defenses against future threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A Calgary-based energy firm suffered a ransomware attack, resulting in unauthorized access to a subset of its Canadian IT network. The attackers, identified as the Clop ransomware group, published 500MB of stolen data, including sensitive files and a director's passport. The company took immediate action, temporarily taking some applications offline and retaining external experts to investigate the incident. Despite the breach, core customer and employee systems were not compromised. The attack is part of a series of recent ransomware incidents affecting various organizations. The company's response included extensive procedures and protocols to contain the threat and resume operations. The Clop group's publication of data indicates a breach of confidentiality, while the integrity and availability of systems remain largely intact. The motives for the attack likely include personal gain and notoriety, as the ransomware group sought financial benefit and public attention. The tactics used include data attack, exfiltration from end hosts, and exfiltration from network infrastructure. The threat actors, the Clop ransomware group, were identified, but their country of origin remains unknown.