hiveleak attacks CANCOM

Incident Date:

July 4, 2022

World map

Overview

Title

hiveleak attacks CANCOM

Victim

CANCOM

Attacker

Hiveleak

Location

Munich, Germany

Bavaria, Germany

First Reported

July 4, 2022

CANCOM Ransomware Attack: An Expert Analysis

The ransomware group HiveLeak has claimed responsibility for an attack on CANCOM, a telecommunications company operating in the industry. The company is known for its IPTV technology and high-speed internet services. CANCOM offers a range of services, including internet, TV, and phone bundles, and its Vilo app allows users to control their Wi-Fi network from their phone.

CANCOM is a significant player in the telecommunications sector, providing services to a wide range of locations across Canada, including major cities like Calgary, Edmonton, and Vancouver, as well as smaller towns and rural areas. The company's services are designed to cater to various needs, from basic internet connectivity to advanced IPTV technology, making it a versatile provider in the industry.

The Vulnerability of Telecommunications to Ransomware

The ransomware attack on CANCOM highlights the vulnerabilities that telecommunications companies face in the digital age. HiveLeak, the group responsible for the attack, is known for exploiting known vulnerabilities and using a living-off-the-land (LOTL) approach, which involves abusing legitimate tools like Microsoft Bitlocker and Jetico's BestCrypt to encrypt files without being detected by security systems. This technique allows the attackers to bypass traditional security measures, making it challenging for companies to protect themselves from such threats.

The attack on CANCOM has resulted in the unavailability of digital services, putting the protected health information of patients at risk, and significantly reducing the ability of the medical center to provide treatment for patients. This underscores the potential consequences of ransomware attacks on critical infrastructure, which can have far-reaching impacts on society.

The ransomware attack on CANCOM serves as a reminder of the importance of cybersecurity in the telecommunications sector. Companies must remain vigilant against such threats and invest in robust security measures to protect their networks and the sensitive information they handle.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.