Monday, November 29, 2021

Calgary real estate developer hit by ransomware

A Calgary real estate developer that builds and manages shopping centres, office buildings, and industrial properties in Alberta has confirmed it has been hit by ransomware.

Privately-held Ronmor Holdings, which controls Ronmor Developers, said it was hit in late September.

The confirmation by CEO Dallas Wingerak came after the REvil ransomware gang last month posted a notice on its data leak site claiming it had downloaded 755 GB of data from the company’s servers.

“I can confirm that in late September we learned that Ronmor was the victim of a ransomware attack on our systems and company network,” Wingerak said in an email on Monday. “We immediately launched a comprehensive investigation into this data breach and have retained a highly experienced group of third-party cybersecurity experts to support our efforts.

“While this investigation is still in its early stages, it currently appears that some private and confidential company data was compromised in this attack.”

“We want to sincerely apologize for any stress, anxiety and inconvenience this has caused to employees, tenants, partners and other stakeholders. We have been working around the clock to ascertain what happened, contain the impact and determine exactly what data may have been stolen. As our investigation continues, we plan to individually contact those tenants, partners and vendors whose data may have been compromised in this breach, so that we can provide further information and offer appropriate support.

“While a cyberattack like this one has certainly been distracting for any company, our business is as strong as ever. We remain fully committed to serving our stakeholders as a strong, reliable real estate partner.”

The statement was in response to a list of emailed questions about the incident. Wingerak didn’t say how the attack started, whether data copied included personally identifiable information, if the attackers were contacted and if a ransom was paid.

The company is one of the latest Canadian firms listed by ransomware groups as having recently been hit. Others that haven’t yet been confirmed include a long-haul trucking company and a junior mining firm.

These three firms are just more evidence that ransomware gangs don’t just target large companies.

Meanwhile, cybersecurity companies continue to release code that can decrypt files scrambled by a number of ransomware strains. According to ZDNet, ransomware decryptors for the BlackByte, Atom Silo, LockFile and Babuk strains were released over the last two weeks.

The story quotes BreachQuest CTO Jake Williams as noting that each of the most recent ransomware decryptors released was enabled by operational security or programming mistakes made by the threat actors.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News