Indigo refuses to pay ransom to LockBit gang

Indigo Books & Music won’t pay the LockBit ransomware gang for data stolen last month, according to a news report.

The Globe and Mail reports that, in an internal letter emailed to staff Wednesday night, Indigo company president Andrea Limbardi said the gang may make some or all of the stolen employee data available to other crooks as soon as today.

The company’s FAQ on the Feb. 8 attack says the LockBit strain of ransomware was the malware deployed. “Although we do not know the identity of the criminals, some criminal groups using LockBit are located in or affiliated with Russian organized crime,” the website statement now says. “We are continuing to work closely with the Canadian police services and the FBI in the United States in response to the attack.”

Indigo hasn’t said how many employees are affected. It has said the names, home addresses, dates of birth, Social Insurance numbers, bank account numbers and salary deposit information are among the data now in the hands of the attackers.

Employees are being offered two years of credit monitoring and identity theft protection services at no cost.

The news service quotes Indigo spokesperson Melissa Perri saying that, because there is no assurance any ransom payment “would not end up in the hands of terrorists or others on sanctions lists”, it won’t pay any money to the attackers.

LockBit works as a ransomware-as-a-service operation, meaning affiliates do the research and initial compromise of a victim before deploying the final payload. According to researchers at BlackBerry, it was implicated in more cyberattacks in 2022 than any other ransomware.

LockBit victims pay an average ransom of approximately US$85,000, BlackBerry said, suggesting small-to-medium-sized organizations are the most targeted. However, it has also hit many big organizations, including Indigo, the California department of finance, and international consulting firm Accenture. It was also not beneath the gang to hit the Housing Authority of Los Angeles. 

The latest version of the gang’s malware is LockBit 3.0, called by some researchers LockBit Black because of similarities in the code with the BlackMatter ransomware strain. According to Trend Micro, that includes harvesting APIs.

LockBit 3.0’s deletion of shadow copies is clearly lifted from BlackMatter’s code, says Trend Micro. This is performed using Windows Management Instrumentation (WMI) through COM objects, as opposed to LockBit 2.0’s use of vssadmin.exe.

Defences against ransomware are the same as for any cyber attack:

  • follow the 3-2-1 rule for backups: Back up files in three copies in two different formats, with one copy stored off-site;
  • educate staff to watch for suspicious email, text and voice messages aimed at tricking them into clicking on links that lead to the downloading of malware;
  • keep applications and programs up to date with the latest versions and security patches.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now