Advertisement

Cyber gang behind N.S. breach says it erased stolen data, but experts urge caution

Click to play video: 'Global News at 6 Halifax: June 6'
Global News at 6 Halifax: June 6
Global News at 6 Halifax from June 6, 2023 – Jun 6, 2023

A hacker gang said to be in possession of sensitive personal information belonging to as many as 100,000 Nova Scotians says it has deleted the data, but cybersecurity experts say the province should be suspicious of that claim.

The Clop ransomware group says it is behind a hack on the MOVEit file-sharing system that has affected users across the globe, including the Nova Scotia government and British Airways.

The group posted a note to its website saying it deleted all the data it stole from governments, cities, and police services. It said it has “no interest to expose such information” from those public bodies. Private companies, however, have until June 14 to contact the group to negotiate a ransom, the message said.

Cybersecurity experts warn that the Nova Scotia government should remain on guard, despite Clop’s apparent act of goodwill toward public institutions.

Story continues below advertisement

“Clop’s claim to have deleted data belonging to public sector bodies should be assumed to be false,” said Brett Callow in an email. Callow is a Vancouver Island-based threat analyst with cybersecurity company Emsisoft.

“There is no reason for a criminal enterprise to simply delete information that may have value,” Callow said, adding that the data could be sold or traded, or used for phishing — a type of email scam that induces people to reveal personal data.

“And even if they did delete it, that does not undo the breach.”

Click to play video: 'Feds introduce act requiring businesses to report ransomware attacks or face penalties'
Feds introduce act requiring businesses to report ransomware attacks or face penalties

The Nova Scotia government revealed Tuesday that up to 100,000 past and present public sector workers may have had sensitive personal information stolen in the MOVEit software hack. Officials said the hack was discovered last week and that the data stolen included social insurance numbers, addresses and banking information.

Story continues below advertisement

A spokesperson for the provincial Department of Cybersecurity and Digital Solutions says the province will not be taking Clop at its word.

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

“This is a criminal organization,” Khalehla Perrault said in an email. “We don’t consider them trustworthy, and we won’t be communicating with them.”

Lawrence Abrams, owner and editor-in-chief of cybsersecurity news site bleepingcomputer.com, said extorting governments, military and health-care organizations is more likely to trigger large-scale law enforcement operations. Though there are plenty of examples of gangs targeting public bodies, some, like Clop, likely avoid them, Abrams said.

As for Clop’s claim that it erased Nova Scotia’s data, Abrams said some groups have made similar claims and then sold the information, or used it for future extortion.

“It is safer to assume that any stolen data is at risk for abuse by the cybercrime operation or other threat actors,” Abrams said in an email.

Ian L. Paterson, chief executive of the Vancouver-based cybersecurity company Plurilock, agreed that Clop is interested in the biggest payout possible, with minimal risk of getting caught. But like Abrams and Callow, he said it’s best to be suspicious about claims the data was erased.

Paterson applauded the Nova Scotia government’s communication with the public so far, and he said the Clop attack is an opportunity for everyone to take a close look at the systems they use and the data they transmit, and examine if they can better secure it.

Story continues below advertisement

“There’s just a lot of vulnerable software systems that are open to attack,” he said. “And as long as the bad guys are able to monetize them, I think we’re going to continue to see more of these attacks.”

The Nova Scotia government has said that its investigation into the data breach is ongoing and that it would contact residents whose data was stolen once they are identified. Perrault said Wednesday that anyone who thinks they might be affected should monitor their financial transactions and contact their bank to report suspicious activity. She also advised keeping an eye on the government’s dedicated website about the breach.

Click to play video: 'Cyber criminals increasingly attacking critical Canadian infrastructure'
Cyber criminals increasingly attacking critical Canadian infrastructure

This report by The Canadian Press was first published June 7, 2023.

Sponsored content

AdChoices