Notorious Russian ransomware group LockBit is threatening to leak internal data from The Weather Network’s parent company on the dark web, after a cyberattack crippled operations of the Canadian company for several days last week.
Pelmorex Corp. – which is based in Oakville, Ont., and owns The Weather Network and its French-language equivalent MétéoMédia, along with El Tiempo in Spain and other services – said in a statement to The Globe and Mail on Friday that the company is “aware of web postings related to the recent cyberattack.”
However, “based on everything we know thus far, the attackers obtained limited access to publicly available information,” said Karen Kheder, director of communications and administration at Pelmorex.
As of early Friday, LockBit advertised Pelmorex’s data on the dark web, a corner of the internet known to be used for illicit purposes. LockBit claims it has “downloaded a lot of databases” from Pelmorex’s network, including codes to the company’s digital servers.
LockBit’s domain on the dark web suggests it intends to publish Pelmorex’s data on Sept. 24. Ms. Kheder would not say whether any hackers have asked for a ransom, declining to share further details about the attack. “If there is any change or update to our findings, we will notify all relevant parties in accordance with the law,” she said.
LockBit, which is both the name of a type of malicious software and the Russian criminal group that created it, operates on a specific business model, often called ransomware as a service, to make its money. This means hackers often act independently by launching their own attacks through LockBit’s technology but, at times, LockBit also shares a slice of the ransom that is derived from those breaches.
According to Canada’s intelligence agency, the Communications Security Establishment, LockBit was responsible for at least 22 per cent of all attributed ransomware attacks in the country last year, making it the most common digital threat. LockBit took responsibility for the cyberattack on the Hospital for Sick Children in Toronto during the 2022 winter holidays. This year, it was also used to infiltrate the internal systems of Indigo Books & Music Inc., wreaking havoc on that company’s systems for months and threatening to leak its employees’ personal and financial information.
Last week, Pelmorex told The Globe it had called in the RCMP to investigate the recent breach, which it said was “connected to a third-party software provider” the company worked with. Ms. Kheder would not name that provider. The RCMP declined to comment on the matter.
On Friday, Ms. Kheder said Pelmorex has “re-established most of our operations, and our apps and systems continue to be safe to use.” But she warned that users may “still encounter occasional system downtimes and glitches as we diligently work toward returning to normal operations.”
The company is urging Canadians to update their Weather Network apps and has apologized for any inconvenience caused by this incident.