Cyber Incident Victim: Qualinet

In early February 2021, the Avaddon ransomware group claimed responsibility for a cyberattack targeting Qualinet, a Quebec-based leader in post-disaster cleaning services. The attackers reported exploiting a vulnerability to gain initial access to Qualinet's systems, followed by network infiltration and data exfiltration. Avaddon alleged they had stolen 100GB of human resources-related data and threatened to publish the information unless their demands were met. They set a definitive deadline of February 7, 2021, for data release, characterizing Qualinet as uncooperative and stating the company failed to recognize the severity of the compromise. When contacted by phone, Qualinet officials denied experiencing any security intrusion or data theft, creating a direct contradiction to the attackers' claims. The situation presented a standoff between the organization's public denial and the threat actors' persistent assertions of a successful breach.

The incident's primary impact centered on the potential exposure of sensitive HR documents and the operational disruption caused by the ransomware group's threats. Avaddon framed their attack as a form of digital hostage-taking, explicitly telling Qualinet, "You are the hostages of the situation," while criticizing the company's response pace. No details emerged regarding ransom demands, payment negotiations, or internal containment measures taken by Qualinet. The attackers' announcement emphasized their intent to leverage stolen data for coercion, typical of double-extortion tactics prevalent among ransomware groups during this period. The February 7 deadline loomed as a critical juncture for verifying the validity of Avaddon's claims through potential data publication. Public reporting did not confirm subsequent data leaks or Qualinet's operational status following the deadline, leaving the final outcome unresolved in available documentation.