AutoCanada Hit by Major Ransomware Attack from Hunters International
Incident Date:
September 17, 2024
Overview
Title
AutoCanada Hit by Major Ransomware Attack from Hunters International
Victim
AutoCanada
Attacker
Hunters International
Location
First Reported
September 17, 2024
Ransomware Attack on AutoCanada by Hunters International
AutoCanada, a prominent North American automotive dealership group headquartered in Edmonton, Alberta, has fallen victim to a ransomware attack by the group Hunters International. The attackers claim to have exfiltrated 3.9 TB of data from AutoCanada's internal IT systems, significantly impacting the company's operations.
About AutoCanada
AutoCanada is the only publicly traded automotive dealer group in Canada, listed on the Toronto Stock Exchange under the ticker symbol TSX: ACQ. The company operates 83 franchised dealerships across eight provinces in Canada and an additional group in Illinois, USA. AutoCanada offers a wide range of vehicles from 28 different brands, including Chrysler, Dodge, Jeep, Ram, Chevrolet, Ford, and Mercedes-Benz. In 2023, AutoCanada reported over $6 billion in revenue and sold more than 100,000 retail vehicles.
Attack Overview
The ransomware attack reportedly occurred in August, with the attackers setting a ransom deadline for September 20th. The breach has disrupted AutoCanada's operations, and the company is currently assessing the full extent of the damage. The exfiltrated data includes sensitive information that could have severe implications for the company's business and customer trust.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive, suggesting a shared technical lineage. Hunters International focuses on exfiltrating data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in AutoCanada's IT infrastructure. Common attack vectors include phishing emails, unpatched software, and weak network security protocols. The group's sophisticated encryption methods and tactics, inherited from Hive, make it a formidable threat to organizations with insufficient cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.