Thursday 30 January 2020

Hackers were paid ransom after attack on Canadian insurance firm, court documents reveal

https://twitter.com/DavidRayAmos/with_replies






Replying to @alllibertynews and 49 others
Methinks I should do my own investigation into this matter because the "Powers That Be" already know which company I suspect got caught with their pants down N'esy Pas? 


https://davidraymondamos3.blogspot.com/2020/01/hackers-were-paid-ransom-after-attack.html


 



https://www.cbc.ca/news/technology/unnamed-insurance-company-cyberattack-1.5445326





Hackers were paid ransom after attack on Canadian insurance firm, court documents reveal

Canadian company paid $950,000 US ransom through cyber insurer; extent of data breach remains unclear



Thomas Daigle · CBC News · Posted: Jan 30, 2020 4:00 AM ET




An unnamed Canadian insurance company was hit with a ransomware attack in October. The incident only recently came to light through court filings in the U.K. (Trevor Brine/CBC)

A Canadian insurance company suffered a ransomware attack last fall that saw 1,000 of its computers infected, raising questions about what sensitive data may have been accessed by hackers and whether the firm disclosed the breach to its customers. The case has only now come to light because of recent court filings in Britain.

The unnamed firm had itself purchased coverage in case of a cyberattack. The company's U.K.-based reinsurer paid $950,000 US to unlock the hijacked files and is now fighting to get the money back from criminals, according to court documents stemming from a hearing held in private.

"A hacker managed to infiltrate and bypass the firewall of [the Canadian company] and installed malware called BitPaymer," reads a Dec. 13 ruling from England's High Court in London. The document was published Jan. 17 and the case was first reported by the New Money Review.



British Justice Simon Bryan allowed the Canadian firm and its U.K.-based reinsurer to remain unnamed in public court documents. (U.K. Judicial Office)

The ruling simply refers to the Canadian firm as "the Insured Customer." Its reinsurer also goes unnamed, having asked the court for anonymity. The case does not appear related to Andrew Agencies, a Manitoba-based insurance brokerage which recently acknowledged it had fallen victim to a separate ransomware incident.

The attack on the unnamed Canadian firm became apparent on Oct. 10, 2019, when computers began locking up and displaying a ransom note — a typical occurrence during such incidents.

"Your network was hacked and encrypted," the message read, demanding a payment to release the machines and warning "no free decryption software is available on the web." The cybercriminals threatened to encrypt the company's files permanently if the episode were disclosed to the public, according to the court ruling.

The British reinsurer ultimately paid the hackers a $950,000 US ransom — negotiated down from an initial demand of $1.2 million — in the digital currency bitcoin. The Canadian company was then supplied with a digital decryption tool. It worked, but it took time.

"The information before me is that it took decryption of 20 servers of the Insured Customer five days and 10 business days for 1,000 desktop computers," Justice Simon Bryan wrote.


The case was heard by the Commercial Court, part of England's High Court of Justice, based at the Rolls Building in London. (Gordon Bell/Shutterstock)

Attacks usually stay secret 


While ransomware attacks have grown more common, disclosures remain rare. Companies tend to shy away from publicly announcing they were targeted, for fear they could be struck again, or to avoid worrying customers.


Brett Callow, a B.C.-based spokesperson for the international cybersecurity firm Emsisoft, said only 10-20 per cent of firms hit with ransomware let it be known publicly.

"What's really alarming is companies aren't disclosing these incidents, so customers, vendors and business partners aren't aware that their data has fallen into the hands of cybercriminals," Callow wrote in an email.

In the case of the insurance firm, it's unclear what data may have been accessed by hackers and whether they've held onto it since the computers were unlocked. Depending on the type of insurance the firm deals with, the machines could have been storing sensitive information on customers' homes, health or finances.
Since 2018, Canadian privacy law requires companies to report to the Office of the Privacy Commissioner (OPC) any breach of personal information that could "pose a real risk of significant harm to individuals."

On Wednesday, an OPC spokesperson declined to say whether this case had been reported, citing privacy concerns.

The Canadian company isn't alone in buying coverage specifically for cyberattacks. What makes this case unusual is that it landed in court, with the British reinsurer attempting to recoup the ransom amount. So far, it successfully obtained an injunction to freeze much of the bitcoin payment.

Chainalysis, a U.S. firm which carries out digital currency investigations, confirmed to CBC News it helped trace 96 bitcoins (more than $890,000 US as of Wednesday) to an unnamed user of a cryptocurrency exchange site.

No hacker is identified by name in the court papers and a Chainalysis spokesperson declined to provide further details.

Should victims pay the ransom?

Cybersecurity experts typically recommend paying no ransom, since there's no guarantee it will ensure any data is unlocked. What's more, it can encourage hackers to re-target victims who have been willing to pay.

The RCMP strongly suggest victims refuse to pay, but acknowledges in online guidance that "there may be legitimate reasons for paying the ransom, such as the potential harm of not having access to the data as a result of no backup."

Get in touch by email: thomas.daigle@cbc.ca.

About the Author



Thomas Daigle
Senior Technology Reporter
While in CBC's London, U.K. bureau, Thomas reported on everything from the Royal Family and European politics to terrorism. He filed stories from Quebec for several years and reported for Radio-Canada in his native New Brunswick. Thomas is now based in Toronto and focuses on technology-related news. He can be reached by email at thomas.daigle@cbc.ca.


Daigle heading to London

Thomas Daigle (CBC photo)
Thomas Daigle (CBC photo)
Not to be outdone, there’s staffing news at CBC as well. Thomas Daigle, originally from Quispamsis, N.B., but based for several years now in Montreal, will be the new CBC News correspondent in London.
Daigle, 28, worked at CJAD, Global Montreal and Radio-Canada Acadie before joining CBC Montreal. He was named the anchor for weekend newscasts when CBC Montreal added them back to its schedule, then he was moved to the National Assembly and eventually into the position of national reporter in Montreal.





281 Comments
Commenting is now closed for this story.







David Amos
Methinks our politicians should ask the RCMP what they are doing about this matter. At the very least we should be entitled to know who, what, when and where in order to make our own judgments as to how this security breach may affect our rights and interests N'esy Pas?


















David Amos
Methinks this mysterious company turns out to be Great West Life it will be quite a hoot for me because the Feds in Canada and the USA know I have been arguing their lawyers for years about a Yankee company they bought that I had blown the whistle on way back in 2003 N'esy Pas?




















David Amos
Methinks I should do my own investigation into this matter because the "Powers That Be" already know who I suspect which company got caught with their pants down N'esy Pas? 

















Joe Speed
An insurance company takes a financial hit. Poetic justice.

Maybe their insurer will deny their claim using ambiguous contractual language.  

 

David Amos
Reply to @Joe Speed: It would be a wonderful world if they did pull that legalese nonsense on each but they have the dirt on each other so methinks they will never spill the beans on such a lucrative scam Hence the secret judgement to settle a minor spit and chew between crooks N'esy Pas? 



















Matthew Zimmerman
Another day, another data breach. Time for businesses to get more than a rap on the knuckles. I've just been offered my third 'credit monitoring' service! Absurd.



 
Matthew Zimmerman
Reply to @Joseph Cluster: Millions of other Canadians have been affected by at least the Yahoo! (i.e. Rogers email) and LifeLabs data breaches. So you're correct: 'No "Pick Me" sign hanging over my personal information.

David Amos
Reply to @Matthew Zimmerman: Methinks the lawyers involved in the Yahoo class actions are very nervous about what I am up too yet only one has been ethical enough to back to me because they all love riding the gravy train N'esy Pas?



















Mo Bennett
once upon a time someone said justice is blind. now it's just plain stupid, allowing this firm to be nameless, and failing to protect it's customers information.


Gene Plichota
Reply to @mo bennett:
justice is playing catch-up, but at least playing  



Jennifer McIsaac
Reply to @mo bennett:
Easy to say they should have protected their systems, but it only takes one email and one unthinking person to let them in. 



Victor Fur 
Reply to @Jennifer McIsaac:
Agreed but my place of work provides safety training on a regular basis. They even test us and scrutinize the results individually. Seriously worth it.



Mo Bennett
Reply to @Jennifer McIsaac: delete any unrecognizable emails and decline any like phone calls. this is not rocket science.


David Amos
Reply to @mo bennett: YO MO Methinks everybody knows that justice and cyber security are myths N'esy Pas?


















Brian Gibson
Canada life I'm assuming


David Amos
Reply to @Brian Gibson: Me too 


















Bryan Atkinson
I'm retired now but last place I worked had it's own server. Company business could only be done on company computers. And company computers could only be used for company business.

There was intranet but only managers had access to outside email. And managers underwent regular security briefings and warned to be wary of phishing.


David Amos
Reply to @Bryan Atkinson: True 






















 
Michael Durant
Just a fear tactic, our institutions employ world class computer security. I would be more worried of stubbing my toe today. Canada revenue agency will no longer provide means to file income tax forms on paper in an effort to save Canada's forests.


David Amos
Reply to @Michael durant: Surely you jest 


















 
Joseph Cluster
Nameless, nothing to see here folks, but it was basically the private information that was held for ransom.
It should be law that if a company even has our email address they have to protect their servers.
Too expensive-Too Bad then-They don't have the financial means to protect-Then they don't collect any information.


David Amos
Reply to @Joseph Cluster: Methinks the have lots of money but they lack the intelligence to use it properly that's why Insurance companies need to be insured N'esy Pas?


Casey Jackson  
Content disabled 
Reply to @David Amos: Who is N'esy Pas?


Joseph Cluster
Content disabled 
Reply to @Casey Jackson:
It kind like asking "Who's on first" 



Casey Jackson 
Content disabled 
Reply to @Joseph Cluster: I suppose if it was spelled correctly as this looks more like an insult :p


David Amos
Reply to @Joseph Cluster: Methinks Upper Canadians don't comprenez Maritimers or our Chiac N'esy Pas? 
 
David Amos
Content disabled 
Reply to @Casey Jackson: Perhaps you should Google that expression or read an old file of mine?

https://www.scribd.com/doc/2718120/integrity-yea-right  



David Amos
Reply to @Casey Jackson: Methinks it too bad so sad folks can't read my reply to you N'esy Pas? 














Mike Michaels
Andrew agencies in Manitoba was hacked last October. One can safely assume this is the insurance firm in question.

David Amos
Reply to @Mike Michaels: I was thinking of somebody else based in Manitoba


Casey Jackson 
Reply to @Mike Michaels: It is too bad we can't all safely assume we are all protected as leaving the firm unnamed does nothing to reassure anyone that their personal and "private" information was not compromised.
Where are the consumers' rights to know?



Ken Paul 
Reply to @Mike Michaels: that assumption is based on what? That is a lot of equipment that was locked out. Andrews insurance is not that big.


David Amos
Reply to @Casey Jackson: Methinks you already assume too many things before judging a person harshly N'esy Pas? 





















 
Michel Lamarche
Not only is Canada fast becoming a paradise for money laundering, a lot of it in real estate, we also have absolutely minimal protection for the data of citizens. After failing for years at a consequential industrial policy, the federal government (and provincial and municipal governments) is failing against money laundering and is also failing at protecting private personal data in terms of obligations for companies with severe penalties - as is the case in the EU for example.

David Amos
Reply to @Michel Lamarche: Check out FATCA sometime 




















Valentina Tereshkova
I think we have a right to know the company's name.


Al ACrow
Reply to @Valentina Tereshkova: and we should not have to pay higher insurance premiums for their mistrals like this.

David Amos
Reply to @Al ACrow: I agree with both of you



















Matthew Stanley
Companies should be mandated to notify the entire public of these breaches.


Art Rowe
Reply to @Matthew Stanley:
The company didn't lose a dime. The people who are insured by them did, whether the company paid directly or their insurance did. Either way the client pays the bill.
Name the "unnamed" ! We deserve to know who has poor cyber security.


Aaron Watson 
Reply to @Matthew Stanley: If there was nothing actually taken and just business processes stopped, its no different than arson.

David Amos
Reply to @Art Rowe: YUP


















Evan Mulligan
Expect this to get worse before it gets better.

Companies are more interested in saving money and cutting things like IT security expenditures rather than properly investing in technologies that would keep client data safe.



Joel Whitfield
Reply to @Evan Mulligan: It's not just a question of technology, it's also education. All it takes is one employee working on a PC inside their firewall to do something stupid and they end up with ransomware.

David Amos
Reply to @Joel Whitfield: YUP






















Steve Cowell
We need to know the name of the company that allowed the breach.


Arthur Reed
Reply to @Steve Cowell:
Correct, we don't know if it's life insurance, home and car or whatever.
My data was "possibly" accessed during the LifeLabs attack and I am still waiting to find out how that will affect me.


David Amos
Reply to @Arthur Reed: I concur


















David Sampson
Someone explain this to me. Are these hackers that good or are our industries just too cheap to install adequate safeguards?


Aaron Watson
Reply to @David Sampson: Some of these attacks are backed by nation states. It's hard for my local hospital to defend against what could be the North Korean military trying to make a small fortune outside of sanctions.

David Amos
Reply to @David Sampson: Methinks it could have been simple human error that caused the breach of security but we are entitled to know who, what, when and where in case it affects our rights and interests N'esy Pas?









 
 

No comments:

Post a Comment