AutoCanada Hit by Major Ransomware Attack from Hunters International

Incident Date:

September 17, 2024

World map

Overview

Title

AutoCanada Hit by Major Ransomware Attack from Hunters International

Victim

AutoCanada

Attacker

Hunters International

Location

Edmonton, Canada

, Canada

First Reported

September 17, 2024

Ransomware Attack on AutoCanada by Hunters International

AutoCanada, a prominent North American automotive dealership group headquartered in Edmonton, Alberta, has fallen victim to a ransomware attack by the group Hunters International. The attackers claim to have exfiltrated 3.9 TB of data from AutoCanada's internal IT systems, significantly impacting the company's operations.

About AutoCanada

AutoCanada is the only publicly traded automotive dealer group in Canada, listed on the Toronto Stock Exchange under the ticker symbol TSX: ACQ. The company operates 83 franchised dealerships across eight provinces in Canada and an additional group in Illinois, USA. AutoCanada offers a wide range of vehicles from 28 different brands, including Chrysler, Dodge, Jeep, Ram, Chevrolet, Ford, and Mercedes-Benz. In 2023, AutoCanada reported over $6 billion in revenue and sold more than 100,000 retail vehicles.

Attack Overview

The ransomware attack reportedly occurred in August, with the attackers setting a ransom deadline for September 20th. The breach has disrupted AutoCanada's operations, and the company is currently assessing the full extent of the damage. The exfiltrated data includes sensitive information that could have severe implications for the company's business and customer trust.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive, suggesting a shared technical lineage. Hunters International focuses on exfiltrating data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in AutoCanada's IT infrastructure. Common attack vectors include phishing emails, unpatched software, and weak network security protocols. The group's sophisticated encryption methods and tactics, inherited from Hive, make it a formidable threat to organizations with insufficient cybersecurity measures.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.