Hackers threaten to leak Canpar Express data; similar extortion costs $2.3 billion yearly, experts say
MONTREAL -- Hackers are claiming that they've published information stolen from Canadian delivery company Canpar Express to the dark web.
Several types of documents, including what the hackers claim are financial information and names associated with the company’s payroll, were posted to a hackers' website on the evening of August 24, five days after Canpar Express was hit with a cyber-attack.
The hacker group, which calls itself DopplePaymer, has promised to post more documents each day.
The dark web, where they operate, is an area of the Internet only accessible through a special browser, where users are harder to track and illegal markets are easily accessed.
And this type of threat, dubbed a "ransomware attack," cost Canadian businesses and organizations up to $2.3 billion last year, according to estimates from anti-malware company Emsisoft.
“It’s the equivalent of a kidnapper sending a pinky to a victim,” Brett Callow, threat analyst at Emsisoft, told CTV.
Canpar Express posted a statement to its Facebook page Monday afternoon. It said the company's computer systems had been the target of an attack and that its sister companies had also been affected.
“At this time, we have no evidence that the attackers have obtained any customer data,” said the statement.
The hacker group also claimed to have released documents associated with two other Canadian transport companies: Transport Express Minimax and Wolverine Freight System.
“I find that hard to think of that as a coincidence,” said Callow. “I suspect they’re using the data from of these companies to 'spear-phish' other companies.”
"Spear-phishing" is the term used for a certain kind of cyber-attack in which hackers get access to one company's internal workings and use that to impersonate the company and infiltrate others.
Those two companies, Minimax and Wolverine, also had their computer systems compromised, on different days but both at around 7 a.m. They had their names added to DopplePaymer’s website within months of each other.
“They put a message on the computer saying they wanted a ransom,” said Yves Poirier, president of Transport Express Minimax.
“We were locked out,” said a representative of Wolverine Freight System. “They asked for ransom, they asked for bitcoin.”
Neither company paid ransom, and neither one had any sensitive data released to the public, they say.
Canpar Express did not respond to a request for comment on Tuesday. Last week, shortly after the attack, the company told CTV it was working on resolving the issue as quickly as possible.
As for the origin of the hacker group, Callow says it’s difficult to know anything for sure. He says they're likely from Eastern Europe or Russia, but any indications of their geographical links are unreliable.
“[Any information] could be a red herring to send law enforcement in the wrong direction,” he said.