lockbit2 attacks Edm Canada Inc.

Incident Date:

May 26, 2022

World map

Overview

Title

lockbit2 attacks Edm Canada Inc.

Victim

Edm Canada Inc.

Attacker

Lockbit2

Location

Toronto, Canada

Ontario, Canada

First Reported

May 26, 2022

EDM Canada Inc. Suffers Ransomware Attack by Lockbit2 Group

EDM Canada Inc., a prominent player in the construction sector, recently fell victim to a ransomware attack orchestrated by the Lockbit2 group. This incident was disclosed on the group's dark web leak site, highlighting the vulnerability of the company's digital infrastructure. EDM Canada, renowned for its specialization in interiors, facades, designer furniture, mosaics, marble, or soft stone marquetry, has contributed to numerous high-profile projects globally.

The significance of EDM Canada in the construction industry, coupled with its extensive international projects, underscores the potential risks associated with ransomware attacks. A report by Palo Alto Networks and the Angus Reid Institute indicates a worrying trend among Canadian companies, with ransom payments exceeding $1 million, particularly affecting the manufacturing, construction, and healthcare sectors. The report further notes a 102% increase in the average ransom demand, escalating to C$906,115 in 2023 from C$449,868 in 2021.

Potential vulnerabilities that could have exposed EDM Canada to such threats include the use of outdated software, inadequate password management, and a lack of comprehensive cybersecurity training for employees. The company's global operations and the sensitive nature of its projects further amplify its attractiveness as a target for ransomware groups like Lockbit2.

Lockbit2, a notorious ransomware group, has demonstrated its resilience and threat by resuming operations after a temporary disruption by law enforcement in December. The group's modus operandi involves prolonged engagement with its targets, aiming to extort substantial ransom payments before proceeding to leak stolen data.

As of now, EDM Canada Inc. has not issued any public statements regarding the ransomware attack. The full extent of the damage and the company's response strategy remain undisclosed.

Sources

  • Canadian firms paying 'significantly' more in ransomware attacks: data - Palo Alto Networks
  • Ransomware gang claims it hit Canadian oil pipeline operator - Angus Reid Institute
  • AlphV claims hit on Canada's Trans-Northern Pipelines

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.