A Calgary real estate developer that builds and manages shopping centres, office buildings, and industrial properties in Alberta has confirmed it has been hit by ransomware.
Privately-held Ronmor Holdings, which controls Ronmor Developers, said it was hit in late September.
The confirmation by CEO Dallas Wingerak came after the REvil ransomware gang last month posted a notice on its data leak site claiming it had downloaded 755 GB of data from the company’s servers.
“I can confirm that in late September we learned that Ronmor was the victim of a ransomware attack on our systems and company network,” Wingerak said in an email on Monday. “We immediately launched a comprehensive investigation into this data breach and have retained a highly experienced group of third-party cybersecurity experts to support our efforts.
“While this investigation is still in its early stages, it currently appears that some private and confidential company data was compromised in this attack.”
“We want to sincerely apologize for any stress, anxiety and inconvenience this has caused to employees, tenants, partners and other stakeholders. We have been working around the clock to ascertain what happened, contain the impact and determine exactly what data may have been stolen. As our investigation continues, we plan to individually contact those tenants, partners and vendors whose data may have been compromised in this breach, so that we can provide further information and offer appropriate support.
“While a cyberattack like this one has certainly been distracting for any company, our business is as strong as ever. We remain fully committed to serving our stakeholders as a strong, reliable real estate partner.”
The statement was in response to a list of emailed questions about the incident. Wingerak didn’t say how the attack started, whether data copied included personally identifiable information, if the attackers were contacted and if a ransom was paid.
The company is one of the latest Canadian firms listed by ransomware groups as having recently been hit. Others that haven’t yet been confirmed include a long-haul trucking company and a junior mining firm.
These three firms are just more evidence that ransomware gangs don’t just target large companies.
Meanwhile, cybersecurity companies continue to release code that can decrypt files scrambled by a number of ransomware strains. According to ZDNet, ransomware decryptors for the BlackByte, Atom Silo, LockFile and Babuk strains were released over the last two weeks.
The story quotes BreachQuest CTO Jake Williams as noting that each of the most recent ransomware decryptors released was enabled by operational security or programming mistakes made by the threat actors.