Canadian Internet Registration Authority’s parking garage hit with ransomware
- The attack enabled anyone to park their vehicles for free without verifying the access cards.
- It is believed that the malware used in the attack belongs to the Dharma ransomware family.
A ransomware attack on the Canadian Internet Registration Authority (CIRA) has allowed outsiders to enter the parking garage without any security check. The attack enabled anyone to park their vehicles for free without verifying the access cards.
What happened - Spencer Callaghan, communications manager at CIRA, revealed that the agency’s parking garage suffered a ransomware attack on March 26, 2019, and this persisted till the next day. It is believed that the malware used in the attack belongs to the Dharma ransomware family.
Although it is unclear if the hackers have gained access to employees’ personal data, the Callaghan claims that there was no power failure, a mechanical issue or system crash due to the attack.
About the affected garage - The huge parking space is operated by a private company Precise ParkLink. One of the affected entrance to the garage is at the TD Place Stadium. The systems at the said entrance were down till Wednesday evening. The ransomware locked the systems and displayed a ransom note on the screen that points to Dharma ransomware.
According to Bleeping Computer, the email address - sqlbackup2@mail[.]fr - used in the ransom note, indicates that variant uses the extension '.eth' on the encrypted files.
The firms do not have the backup of files. This implies that it is going to cost a huge when restoring the affected systems.