Canadian oil transmission operator Trans-Northern Pipeline, which operates pipelines in three provinces, suffered a ransomware attack, but unlike Colonial Pipeline three years ago, they did not shutdown.

Brett Callow, a B.C.-based threat researcher with Emsisoft, discovered by incident Tuesday on the X social media platform. The AlphV ransomware gang said in a report they stole 190 GB of data which is now publicly available.

In an email statement to IT World Canada, Trans-Northern said the company “experienced a cybersecurity incident in November 2023 impacting a limited number of internal computer systems. We have worked with third-party cybersecurity experts and the incident was quickly contained. We continue to safely operate our pipeline systems. We are aware of posts on the dark web claiming to contain company information, and we are investigating those claims.”

There were no interruptions of pipeline operations, said Lisa Dornan, the company’s communications team leader.

A spokesperson for the Canada Energy Regulator said the agency received notification Nov. 9, 2023.

Schneider Bold

Trans-Northern Pipelines operates two pipeline systems in Canada – a 530-mile pipeline linking Montreal to Ottawa, Ontario, and Toronto, and a 200-mile pipeline from Edmonton to Calgary, Alberta. The underground pipelines transport a combined 221,300 barrels of refined fuel daily.

Separately, AlphV also listed as a victim the Canadian electronics retail chain The Source, owned by BCE, the parent company of Bell Canada.

Government security agencies have been watch the AlphV/BlackCat ransomware gang for some time. In December, the U.S. Justice Department said it had disrupted the gang’s operations. That is when the FBI created and distributed a decryption tool to over 500 victim organizations. The U.S. also seized several websites the group operates.

AlphV is a ransomware-as-a-service operation, which means it uses affiliates who specialize in finding ways to initially break into a corporate network.

When the U.S. Colonial Pipeline was hit by ransomware in May, 2021, the unprepared company stopped all pipeline operations to contain the attack. While the attack did not affect the OT systems, it did hit the IT side to the point of where Colonial could not bill customers. The resulting shutdown caused panic on parts of the East Coast in the U.S. and it took from 5 days to a week to restore operations.

In that case Colonial paid the ransom, for which the government collected about half of the $4.5 million.


Pin It on Pinterest

Share This